After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively high, but in sharp decrease compared to the 384 events of the previous month, indicating that the disclosure trend of new victims of the CVE-2023-34362 MOVEit vulnerability is decreasing.
As usual, Cyber Crime led the Motivations chart and its percentage goes back to values lower than 80% (78.6% vs. 83.3% of July). Operations driven by Cyber Espionage are steady at 8.9% a slight increase compared to July (8.3%). Hacktivism jumped to 8.3% from 2.3%, while Cyber Warfare is also steady to 1.8% from 1.6%.
The Attack Techniques is led by malware back to the top with 35.7% from 28.1%, while attacks carried out through vulnerabilities rank at place number two, plummeting to 17.6% from 41.7% (but bear always in mind that the exploitation of vulnerabilities normally ends up with the installation of malware.) The third place among the known techniques is taken by Account Takeovers down to 9.5% from 12% of July.
The Target Distribution is led again by Multiple Organizations up to 22.9% from 14.3%, ahead of Public Admins, Defense and Social Security with 11.9%, and organizations in the Technical and Professional sectors with 9.8%.
Check out the interactive charts and the statistics, also available as an infographic. And as always, please support my work, sharing the content, and of course follow @paulsparrows on Twitter, or even connect on Linkedin, or Mastodon for the latest updates for the latest updates.