Summary of Vulnerabilities, Actors & Attacks: August 2023
Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Top Targeted Countries | Top Targeted Industries | MITRE ATT&CK TTPs |
27 | 10 | 30 | Singapore Mexico Brazil Indonesia Cuba | Government Healthcare Education Technology Financial | 227 |
Download the pdf file to learn more
Summary
In August, the discovery of thirteen zero-day vulnerabilities drew significant attention from the cybersecurity community. One of these vulnerabilities was exploited by the Storm-0978 group, leading to sense of urgency among security teams to patch their systems.
The month of August saw a rise in ransomware attacks, with various strains such as Cuba, Akira, TargetCompany, Yashma, WannaCry, LOLKEK, Monti, Rhysida, and Scarab actively targeting victims. As ransomware continues to evolve and grow in sophistication, organizations must take steps to protect themselves by implementing comprehensive backup and disaster recovery strategies and training employees on how to recognize and avoid phishing attacks.
Attackers are leveraging a five year old vulnerability (CVE-2017-18368) in Zyxel P660HN-T1A router allowing the Gafgyt Botnet to execute unauthorized commands, potentially leading to complete takeover of affected devices. In addition to ransomware attacks, several malware families, including Rilide Stealer, STRRAT, Reptile, DroxiDat, PlugX, DarkMe, GuLoader, and Remcos RATwere observed widely targeting victims. These malware families are designed to steal sensitive data, disrupt systems, and evade detection by security tools.
Lastly, the CVE-2023-38831 vulnerability is a high-severity zero-day vulnerability that was found in WinRAR, allowing hackers to install malware through manipulated archives, exposing users to hidden malicious scripts and potential cyberattacks.
Download the pdf file to learn more