Summary of Vulnerabilities, Actors & Attacks: September 2023
Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Top Targeted Countries | Top Targeted Industries | MITRE ATT&CK TTPs |
32 | 12 | 33 | Turkey Palestine Lebanon Bahrain Saudi Arabia | Technology Telecommunications Media Government Education | 171 |
Download the pdf file to learn more
Summary
In September, the cybersecurity community witnessed significant attention drawn to the discovery of eighteen zero-day vulnerabilities. Among them was the ‘Five Celebrity Vulnerability,’ which includes the ‘ThemeBleed‘ flaw in Windows 11, one exploited by Charming Kitten, and three celebrity vulnerabilities exploited by the SprySOCKS Backdoor.
September saw a rise in ransomware attacks, with various strains such as FreeWorld, Akira, 3AM, and Snatch actively targeting victims. As ransomware continues to evolve and grow in sophistication, organizations must take steps to protect themselves by implementing comprehensive backup and disaster recovery strategies and by training employees to recognize and avoid phishing attacks.
Finally, twelve adversaries were active and involved in various campaigns. Earth Lusca APT’s ‘Sneaky Moves’ exploited nine vulnerabilities to unleash the new Linux SprySOCKS Backdoor.
Download the pdf file to learn more