Summary of Vulnerabilities, Actors & Attacks: May 2024

Summary

In May, the cybersecurity arena garnered significant attention following the identification of eleven zero-day vulnerabilities. The Chief ‘Seven Celebrity Vulnerabilities,’ which included critical flaws like ZeroLogon, NoPac, PrintNightmare, and Follina, all of which were leveraged to deploy the Black Basta Ransomware and Qakbot. Additionally, the Dirty COW vulnerability was exploited to distribute the Ebury Botnet, while the novel Linguistic Lumberjack vulnerability was discovered within Fluent Bit.

During this same timeframe, there was a marked increase in ransomware attacks, with variants such as Trinity, ShrinkLocker, and FakePenny aggressively targeting victims. As ransomware tactics become increasingly sophisticated, it is imperative for organizations to bolster their defenses by implementing comprehensive backup and disaster recovery strategies. Furthermore, training employees to detect and prevent phishing attacks remains essential.

Concurrently, eleven threat actors were engaged in various campaigns. APT28, a notorious threat group, utilized compromised EdgeRouters to conduct covert cyber operations, repurposing Ubiquiti EdgeRouter devices for a spectrum of malicious activities. This group, associated with the GRU, also orchestrated a sophisticated email campaign aimed at Polish government institutions. As the cybersecurity landscape continues to evolve, it is crucial for organizations to stay vigilant and proactively address emerging threats.

Download the pdf file to learn more