Summary of Vulnerabilities & Threats: June 2023
Summary of Vulnerabilities & Threats: June 2023
| Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Top Targeted Countries | Top Targeted Industries | MITRE ATT&CK TTPs |
| 44 | 11 | 31 | United States Mexico Honduras Paraguay Nicaragua | Government Financial Technology Healthcare Cryptocurrency | 176 |
Download the pdf file to learn more
Summary
In June, the discovery of seven zero-day vulnerabilities drew significant attention from the cybersecurity community. One of these vulnerabilities was exploited by the Clop Ransomware group, leading to a heightened sense of urgency among security teams to patch their systems.
During the month of June, there was a resurgence of ransomware attacks, with strains like Clop and
LockBit actively targeting victims. As ransomware continues to evolve and grow in sophistication,
organizations must take steps to protect themselves by implementing comprehensive backup and
disaster recovery strategies and training employees on how to recognize and avoid phishing attacks.
Attackers are leveraging a specific vulnerability (CVE-2023-27997) in FortiOS and FortiProxy SSL-VPN,
enabling remote attackers to execute arbitrary code. In addition to ransomware attacks, several malware families, including Horabot, WhisperGate, NODEBOT, AHKBOT, SunSeed, and Mirai Botnet were
observed widely targeting victims. These malware families are designed to steal sensitive data, disrupt
systems, and evade detection by security tools.
Lastly, the CVE-2023-3079 vulnerability is a high-severity zero-day vulnerability that was exploited in
attacks. It could allow attackers to execute arbitrary code, potentially leading to data theft, system
compromise, and other malicious activities.
Download the pdf file to learn more
