Escalating Cyber Threats: An Unprecedented Double Surge in Menaces Detected During the Week of December 18th to 24th, 2023
Introduction
As we approach the final weeks of the year, the cybersecurity landscape is marked by dynamic shifts and emerging threats. In this edition of Foresiet's Cybersecurity Trends Report, we offer a detailed exploration of the events and patterns that unfolded from December 18 to December 24. Our commitment remains unwavering—to keep you informed, empowered, and one step ahead in the ever-evolving world of cybersecurity.
The past week has been characterized by a significant surge in cybersecurity breaches, painting a vivid picture of an intensified threat landscape on a global scale. Primary targets have experienced notable increases, and industries are grappling with unique challenges. Here's a closer look at the key observations that defined the week.
Key Observations for the Week
- Total Breaches: The total number of cybersecurity breaches during this week recorded a significant surge, with a notable 79.09% increase, underscoring the intensified threat landscape.
- Primary Targets: Primary targets remained consistent, with the United States experiencing a noteworthy 58% increase in breaches compared to the previous week. Israel saw a staggering surge of approximately 466.67%, while Canada secured a top 3 position in serious breaches.
- Industries Facing Heightened Threats: The manufacturing sector led in the number of reported incidents, followed by Wholesale, Retail, Construction, Education, and IT Services.
The Rise of New Threat Actors
- Toufan Takes the Lead: A seismic 2060% increase in threats compared to the previous week. Raises questions about potential changes in tactics or an increased focus on cyber threats.
- Lockbit3's Resilience: Maintains a formidable presence despite a decrease in threats. Demands continuous monitoring to understand and counter evolving threat strategies.
- Play and 8base Dynamics: Remain active players in the cybersecurity space despite a decrease in threats. Sustained engagement indicates ongoing strategic activities.
Shifting Landscape in Breach Patterns
This week's cybersecurity breaches have unraveled a notable shift in targeting strategies, presenting a nuanced and dynamic landscape that organizations of all sizes must navigate. The following observations shed light on the diverse impact across different employee size categories:
Smaller Entities (2 - 10 Employees):
- Number of Breaches: Smaller entities, encompassing organizations with 2 - 10 employees, encountered 15 breaches.
- Nuanced Approach: The relatively lower number of breaches indicates a nuanced approach by threat actors, potentially exploiting specific vulnerabilities unique to smaller organizational structures.
Mid-Sized Companies (11 - 50 Employees)
- Number of Breaches: A substantial 59 breaches impacted mid-sized companies during this reporting period.
- Significance: This surge in breaches among mid-sized enterprises signifies an elevated level of targeting, necessitating a reevaluation of their cybersecurity posture.
Large Enterprises (10,000+ Employees)
- Consistent Targeting: Large enterprises, with 10,000+ employees, remained consistent targets for cyber adversaries.
- Strategic Significance: The continued focus on large enterprises underscores their strategic significance in the cyber threat landscape.
Attack Surface Exposure
- This week, we identified 585 vulnerabilities, with 131 classified as critical. Out of the overall 585 vulnerabilities, 51 already have available exploits, with 26 classified as critical vulnerabilities.Worth noting that these vulnerabilities carry an EPSS score ranging from 0.04% to 1.15%, indicating a High Level of Potential Exploitation.
- Foresiet research team has identified exploites available for Opportunistic Threat actor, to target easy attack. Listing a few: CVE-2023-6977, CVE-2023-6906, CVE-2023-50965, eect.,
Sneak Peak on Darkweb Activities
- A new strain of malware, Lust Stealer, has emerged, complete with a dedicated domain, Telegram channel, and associated GitHub repositories. Notably, 'ShadowGifted' and 'blucifer1337'/'mrblue1337' are linked to its development, indicating organized efforts. It is strongly advised to exercise vigilance and closely monitor the activities associated with this threat.
- LockBIT 3.0 ransomware has successfully targeted the prominent British top 20 accountancy firm, Xeinadin, and compromised approximately 1.5 terabytes of customer data. This breach highlights the critical need for organizations, especially in the financial sector, to reinforce cybersecurity measures promptly. Immediate action is essential to mitigate the risks posed by this security threat.
- The leader of Alphv Ransomware has admitted mistakes and thanked LockBit for support, endorsing LockBit's call for unity against the FBI. This collaboration signifies a growing alliance among ransomware groups, posing an increased threat to cybersecurity. Continuous monitoring of their joint activities is essential.
- ThreatSec claims responsibility for compromising sensitive data from the Sabah State Government. The leak includes 109 extract files containing documents and Excel tables. This incident highlights a critical threat, emphasizing the immediate need for heightened security measures, especially within government entities.
- LockBit Ransomware has expanded its victim list to include Sterling Homes (Australia), Golden Coast (UK), Denford Limited (UK), Fager-McGee Construction (USA), European Higher School of Packaging (France), and Integrated Geotechnical Solutions (USA). This global reach emphasizes the urgent need for organizations in these regions to enhance their cybersecurity defenses against LockBit's ongoing threat.
- A new ransomware group, WereWolves, has emerged, primarily targeting Russia with 21 listed victims, including notable entities like Big Centers and Metalnet. Operating through weerwolven.biz and werewolves.pro, organizations are urged to bolster their cybersecurity defenses promptly against this evolving threat.
- STORMOUS ransomware intensifies its activities with reported scams on popular platforms like Telegram and the dark web. New victims, including Rajamangala University of Technology in Thailand and Trabzon Ăśniversitesi in Turkey, highlight the urgency for heightened cybersecurity measures, especially in educational institutions. Stay vigilant.
- The Russian Cyber Army is targeting Social Security and Military Support websites, emphasizing a strategic interest in critical sectors. Organizations within these domains are urged to reinforce their cybersecurity defenses promptly to mitigate potential breaches and safeguard sensitive information. Stay vigilant.
Conclusion
In a world of evolving cyber threats, staying informed is the first line of defense. The Foresiet team is dedicated to providing you with timely and insightful updates to empower your cybersecurity strategies. As we conclude this week's report, remember to stay vigilant, adapt to changing landscapes, and collaborate to build a resilient defense against the ever-evolving cyber threats.
About Foresiet!
Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization's defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.
>Protect your brand, reputation, data, and systems with Foresiet's Integrated Digital Risk Platform. 24/7/365 threat monitoring for total peace of mind.
June 7, 2024, 7:02 p.m.
May 23, 2024, 8:02 p.m.