☠️ Dare to keep up with the threat landscape? Our Q3 Ransomware Report is live.
We put together the scariest short story possible to encapsulate both the spirit of Halloween 👻 and Cybersecurity Awareness Month:
“Ransomware is up 95.1% from last year.” ❗
Not scared yet?
“Q3 2023 has the most ransomware victims ever.” ❗❗
And this is all based on a true story (AKA our threat intel data).
A shameless plug — now that’ll scare you! For more on what goes (digitally) bump in the night, keep reading:
Threat Intel Corner
Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz
Our Q3 Ransomware Report is live. On top of the alarming stats mentioned above, we found that if attacks continue at their current rate, 2023 could be the first year with over 4,000 listed ransomware victims.
And that total only counts victims on leak sites (who typically don’t pay or delay paying a ransom) — which means the actual number is considerably higher (between 5,500 - 7,000) if we account for the organizations that quickly pay threat actors’ demands.
In the report, we’ll also cover:
- Which industries are being hit the hardest
- The impact of CLOP’s MOVEit exploit
- An unusually short summer slowdown
It’s not all dark and stormy nights here.
We have good news, too. Our Threat Intel and Risk Advisory team collaborated on our most recent webinar to cover the top four ways organizations can prepare for the future of cyber threats (in honor of Cyber Awareness Month Cyberattack Prevention Month).
🎥 Watch the webinar here — and get started on meaningful security improvements.
Risk Advisory Tips
Security tips and service updates from Global Head of Risk Advisory, Lauren Winchester
Threat actors capitalize on our emotions to line their pockets. In the past, cybercriminals have launched phishing attacks that play on newsworthy events like COVID-19 and Russia’s invasion of Ukraine. Now, they’ve turned their attention to the ongoing conflict between Israel and Hamas.
The threat intelligence community has observed an increase in ideological and political hacktivist activity. U.S. companies face lower risk than Israel-based organizations, but can (and should) expect conflict-related phishing attacks.
So far, hacktivist activity includes:
- Phishing attacks playing on conflict-related, emotionally charged headlines and messaging.
- Distributed Denial of Service (DDoS) attacks against public-facing government, utility and financial institution websites.
- API vulnerability exploitation to take over Israel’s rocket alert app, RedAlert.
- Website defacement.
To mitigate against potential attack, we recommend the following:
- Review the advice CISA provides on its Shields Up website.
- Alert employees to the likelihood of conflict-related phishing attacks so they are exercising extra caution before clicking.
- If you are working with Israeli vendors, consider segmenting network access, and ensure any critical data located on Israel-based systems is backed up.
What to watch for this month.
The Corvus Scan is a powerful asset that enables us to identify which policyholders may be at greater risk for vulnerabilities. In response, we send tailored, time-sensitive notifications with direct guidance for remediation. We’ve gathered a monthly round-up of our alerts and threat intel updates below:
F5 BIG-IP Vulnerability Advisory
Technology company F5 released patches for a critical remote code execution vulnerability, CVE-2023-46747, affecting its BIG-IP family of products. This includes load balancer devices and related software. The critical vulnerability allows threat actors with network access to take over BIG-IP systems which can allow for them to execute commands, create or delete files or disable services. You can learn more in our article here.
Citrix Vulnerability Advisory
Citrix released an advisory detailing a critical security flaw in NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC (formerly Citrix Application Delivery Controller). NetScaler Gateway is commonly used as a remote access solution and NetScaler ADC is a networking appliance for web applications. The security flaw (CVE-2023-4966) allows a remote, unauthenticated attacker to see sensitive information from the device. A security patch has been released and should be applied as soon as possible. You can learn more in our article here.
Cisco IOS XE Software Web UI Feature Advisory
Threat actors have exploited two previously unknown issues within the web UI feature in Cisco IOS XE Software (CVE-2023-20198 and CVE-2023-20273). Cisco's IOS XE Web UI is a system management tool for IOS XE, which is a network operating system for use on various Cisco products. These vulnerabilities could allow threat actors to access control over an entire device. You can find CISA’s guidance here.