Summary of Vulnerabilities, Actors & Attacks: October 2023
Summary of Vulnerabilities, Actors & Attacks: October 2023
| Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Top Targeted Countries | Top Targeted Industries | MITRE ATT&CK TTPs |
| 35 | 9 | 61 | United Arab Emirates United States Turkey Syria South Korea | Government Technology Financial Manufacturing Defence | 212 |
Download the pdf file to learn more
Summary
In October, the discovery of twenty-five zero-day vulnerabilities drew significant attention from the cybersecurity community. One of these vulnerabilities was exploited by the Storm-0062 group, leading to a sense of urgency among security teams to patch their systems.
October saw a rise in ransomware attacks, with various strains such as Ransom Knight, Clop , LostTrust, Phobos, BlackCat and AvosLocker actively targeting victims. As ransomware continues to evolve and grow in sophistication, organizations must take steps to protect themselves by implementing comprehensive backup and disaster recovery strategies and training employees on how to recognize and avoid phishing attacks.
Furthermore, nine adversaries were active and involved in various campaigns. Grayling APT’s exploited a four year old vulnerability (CVE-2019-0803) in Microsoft Win32k, targeting a government entity in the Asia-Pacific region.
Lastly, the CVE-2023-44487, a critical zero-day vulnerability exploiting within the HTTP/2 protocol and enabling remote attackers to carry out a denial of service (DoS) attack.
Download the pdf file to learn more
