Summary of Vulnerabilities & Threats: May 2023
Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Top Targeted Countries | Top Targeted Industries | MITRE ATT&CK TTPs |
21 | 20 | 47 | Philippines | Government Manufacturing Education Financial Healthcare | 219 |
Download the pdf file to learn more
Summary
In May, the cybersecurity community witnessed significant attention drawn to the discovery of nine zero-day vulnerabilities. Among them was the Celebrity Vulnerability, exploited by GoldenJackal APT and MEME#4CHAN phishing campaign deploy Xworm, which heightened the sense of urgency among security teams to patch their systems.
The month of May saw a rise in ransomware attacks, with various strains such as CACTUS, Rancoz, CryptNet, MichaelKors, Buhti, BianLian, and Bl00dy actively targeting victims. As ransomware continues to evolve and grow in sophistication, organizations must take steps to protect themselves by implementing comprehensive backup and disaster recovery strategies and training employees on how to recognize and avoid phishing attacks.
Finally, the unpatched vulnerabilities, CVE-2023-29552, which can lead to a Denial-of-Service Attack and result in potential losses of up to $120,000, and CVE-2018-5713, exploited by Earth Longzhi APT, have been actively utilized in attacks.
Download the pdf file to learn more