Summary of Vulnerabilities, Actors & Attacks: January 2024
Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Top Targeted Countries | Top Targeted Industries | MITRE ATT&CK TTPs |
21 | 11 | 37 | France Norway Oman United States United Kingdom | Government Technology NGOs Media Financial | 212 |
Download the pdf file to learn more
Summary
In January, the cybersecurity landscape witnessed a surge in attention due to the discovery of ten zero-day vulnerabilities. Notably, two of these vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways were exploited by the UTA0178 group, a Chinese nation-state-level actor, leading to a sense of urgency among security teams to patch their systems.
During the same period, ransomware attacks experienced a noticeable uptick, with strains such as Black Basta, Kasseika, FAUST, and Medusa actively targeting victims. As ransomware continues to advance in sophistication, organizations are urged to fortify their defenses by implementing robust backup and disaster recovery strategies. Additionally, employee training to recognize and thwart phishing attacks is crucial.
In parallel, eleven adversaries were active across diverse campaigns. Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of MFA. The attackers leveraged this access to move laterally within Microsoft’s network, potentially exfiltrating data and gaining broader control. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.
Download the pdf file to learn more