On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds its Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity landscape and provide the latest threat intelligence. Below is the summary of their most recent briefing and here is the June recording of the briefing.
June 2023 cyber threat intelligence briefing
At a glance, this MIB covered:
1. Verizon 2023 Data Breach Investigation Report (DBIR) reveals developments in the current threat landscape
Top cybersecurity news
June 2023 cybersecurity and threat intelligence news you should know about.
- LockBit suspect Astamirov arrested and charged by U.S. authorities
- Access to military satellite operated by Maxar Technologies reportedly for sale on hacking forum
- ALPHV ransomware group demands $4.5m for 80GB Reddit haul
- Torrent site RARBG closes, citing operating costs, health issues and Ukraine war
- Kaspersky uncovers a zero-click cyberespionage campaign targeting its employees' iOS devices
The Verizon DBIR reveals developments in the current threat landscape
- The human element still dominates breaches
- Business email compromise doubles in size
- Ransomware accounts for its biggest share of breaches to date
The Verizon 2023 DBIR has been released. This year's report provides detailed insight into the threat landscape, gleaned from 16,312 incidents, of which 5,199 (32%) were confirmed data breaches. It found that external (83%) and financially motivated (95%) breaches were most common, thanks to the dominant role of organized crime. Insiders accounted for a fifth (19%), although this includes negligence as well as malicious activity.
The human factor accounted for 74% of breaches. That's not surprising considering stolen credentials (49%) and phishing (12%) were the top two techniques for gaining entry into networks, followed by vulnerability exploitation (5%). Among social engineering, business email compromise (BEC), or pretexting, is now present in more incidents than phishing. As stated on page 31 of the 2023 DBIR, cases doubled over the past year, with the average cost of an attack now $50,000. Ransomware (24%) recorded its highest-ever share of breaches, and continues to impact organizations of all sizes and in all industries.
MOVEit flaw exploited by Clop ransomware group in large supply chain attack
- Sophisticated attack began with exploitation of zero-day SQLi vulnerability
- At least 100 organizations are impacted, with Clop claiming "hundreds" of victims
- A reward of $10m has been offered by the State Department
Infamous ransomware group Clop exploited a zero-day SQLi vulnerability in popular managed file transfer software MOVEit to steal data from countless MOVEit customers. The group is currently adding victim names to its leak site as the data for ransom payment expired. It has claimed hundreds of victims, while VTRAC has counted at least 96 so far. Among these are the BBC, British Airways and the U.S. Department of Energy. It was a sophisticated, multi-stage attack, which calls to mind the Accellion File Transfer Appliance (FTA) campaign of 2021, also linked to Clop.
As well as the original zero-day (CVE-2023-34362), two more critical vulnerabilities have since been found and patched by MOVEit developer Progress Software: another SQLi flaw (CVE-2023-35036) and (CVE-2023-35708). Financial services and insurance companies appear hardest hit, with the financial and reputational impact likely to be high. The U.S. government has announced a $10 million dollar reward for information linking the attack to a nation-state.
Barracuda zero-day bug exploited by Chinese state-linked threat actor
- A zero-day vulnerability was found in the Barracuda Email Security Gateway
- Mandiant subsequently discovered the bug was being exploited by an unknown Chinese threat actor
- Organizations are being urged to continue monitoring the threat from UNC4841
In early June, Barracuda Networks took the unusual step of urging all customers of its Barracuda Email Security Gateway appliance impacted by a recent zero-day vulnerability to replace the devices immediately, regardless of patch version. That followed efforts by the cybersecurity vendor to update the appliances on May 21. The reason became clear after Mandiant released new intelligence on the case, which it was brought in to help with. An aggressive and persistent state-linked Chinese actor had been exploiting the zero-day in an espionage campaign dating back to October 2022.
The Mandiant report named the unknown group UNC4841. It said that Barracuda decided to issue the call for customers to replace their appliances after the group switched malware and deployed new persistence mechanisms, following the issuing of the Barracuda update. UNC4841 stepped up its campaign from May 22-24, with "high frequency" operations targeting victims in 16 countries. A third were government agencies, but individual victims included well-known academics in Taiwan and Hong Kong and Asian and European government officials in Southeast Asia. Mandiant warned network defenders to continue monitoring for UNC4841 activity.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.