January 12, 2024

Summary of Vulnerabilities, Actors & Attacks: December 2023

Vulnerabilities ExploitedAdversaries in ActionAttacks ExecutedTop Targeted
Countries
Top Targeted
Industries
MITRE
ATT&CK TTPs
331846Turkey
Egypt
United States
Cyprus
Israel
Government
Telecom
Healthcare
Manufacturing
Professional Services
251

Download the pdf file to learn more

Summary

In December, the cybersecurity landscape witnessed a surge in attention due to the discovery of nineteen zero-day vulnerabilities. Notably, the ‘Five Celebrity Vulnerabilities’ took center stage, featuring flaws like FOLLINA and PROXYSHELL exploited by APT28, LOG4J exploited by Lazarus, ProxyNotShell exploited by Play Ransomware, and ProxyLogon exploited by Kuiper ransomware.

During the same period, ransomware attacks experienced a noticeable uptick, with strains such as Cactus, Crucio, BlueSky, and Mallox actively targeting victims. As ransomware continues to advance in sophistication, organizations are urged to fortify their defenses by implementing robust backup and disaster recovery strategies. Additionally, employee training to recognize and thwart phishing attacks is crucial.

In parallel, eighteen adversaries were active across diverse campaigns. APT28, renowned for sophisticated phishing activities, exploited nine vulnerabilities for initial access. Their primary objectives included extracting user credentials and initiating subsequent malicious activities. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.

Download the pdf file to learn more

 

Related Events

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo