February 6, 2024

Summary of Vulnerabilities, Actors & Attacks: January 2024

Vulnerabilities ExploitedAdversaries in ActionAttacks ExecutedTop Targeted
Countries
Top Targeted
Industries
MITRE
ATT&CK TTPs
211137France
Norway
Oman
United States
United Kingdom
Government
Technology
NGOs
Media
Financial
212

Download the pdf file to learn more

Summary

In January, the cybersecurity landscape witnessed a surge in attention due to the discovery of ten zero-day vulnerabilities. Notably, two of these vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways were exploited by the UTA0178 group, a Chinese nation-state-level actor, leading to a sense of urgency among security teams to patch their systems.

During the same period, ransomware attacks experienced a noticeable uptick, with strains such as Black Basta, Kasseika, FAUST, and Medusa actively targeting victims. As ransomware continues to advance in sophistication, organizations are urged to fortify their defenses by implementing robust backup and disaster recovery strategies. Additionally, employee training to recognize and thwart phishing attacks is crucial.

In parallel, eleven adversaries were active across diverse campaigns. Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of MFA. The attackers leveraged this access to move laterally within Microsoft’s network, potentially exfiltrating data and gaining broader control. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.

Download the pdf file to learn more

Related Events

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo