This report was created in tandem between Scot Terban and the ICEBREAKER INTEL ANALYST created and trained by Scot Terban.
CAVEAT: Please take these reports and use them as a source to create your own CTI reporting in your format and in your manner of briefing your executives. The report below is the more technical report that you can pull from and collect your links etc to send tactical information to your consumers.
In the case of the executive report, do the same, pull from it what you will, these are complex issues and all orgs have varying levels of threats and problems. This is not a tailored solution, but instead, a generalist TLP WHITE report set of what is being seen today online.
This report provides a comprehensive overview of the current cybersecurity threat landscape, highlighting significant attacks, breaches, vulnerabilities, and emerging threats observed up to March 4, 2024. It synthesizes data from multiple sources to offer insights into the tactics, techniques, and procedures (TTPs) used by threat actors and recommends actionable steps for organizations to mitigate these risks.
The recent surge in data breaches and cyber attacks has had a significant impact across various sectors, with a noticeable increase in incidents within the financial sector and notable attacks on major entities. Here’s a summary of the key findings from recent reports:
This report aggregates and analyzes critical vulnerabilities and patches announced up to March 4, 2024, with a focus on the government and education sectors. The vulnerabilities are ordered from high to low based on their Common Vulnerability Scoring System (CVSS) scores.
Microsoft Exchange Server and Outlook Vulnerabilities:
Oracle Retail Applications Vulnerabilities:
Moby BuildKit and OCI runc Vulnerabilities:
Microsoft Dynamics Business Central/NAV Vulnerability:
Google Chrome Vulnerabilities:
SAP Vulnerabilities:
Oracle MySQL Server Vulnerabilities:
The evolving cyber threat landscape of 2024, as detailed by leading cybersecurity firms like CrowdStrike, Microsoft, Mandiant, and NCC Group, underscores a pivotal shift towards more sophisticated and covert cyber operations. The emergence of 34 new adversaries, alongside a notable 75% increase in cloud intrusions as reported by CrowdStrike, highlights the expanding battleground of cyber warfare, particularly within cloud environments. Microsoft’s principled approach towards managing AI-related cybersecurity risks reflects an industry-wide acknowledgment of the growing threat posed by AI-powered attacks, including those orchestrated by nation-state actors and cybercriminal syndicates. Mandiant’s emphasis on continuous vigilance and NCC Group’s identification of January 2024 as an exceptionally active period for ransomware attacks further illustrate the dynamic nature of cyber threats. Together, these reports reveal a cyber realm increasingly dominated by stealthy, identity-based attacks and the exploitation of digital supply chains, compelling organizations to adapt rapidly to this changing environment with enhanced detection, response capabilities, and a collaborative approach to cybersecurity.
The landscape of top malware campaigns in 2024 reveals an alarming trend of sophistication and diversification in cyber threats, targeting both individual users and organizations. Here’s a summary based on the latest findings:
In 2023, loaders, stealers, and RATs (Remote Access Trojans) were identified as the dominant malware types, with a forecast for their continued prevalence in 2024. Loaders, facilitating the download and installation of further malicious payloads, along with stealers and RATs, which enable remote access and control over infected devices, are particularly noted for their increasing sophistication and adaptability to evade detection mechanisms.
The landscape of Ransomware as a Service (RaaS) groups in early 2024 continues to be dominated by several key players, despite law enforcement efforts to disrupt their activities. The most active groups, based on leak site data and law enforcement actions, are as follows:
LockBit: Continues to be the most prolific RaaS group, representing a significant portion of ransomware activities. LockBit’s operations have been notable for their widespread impact across various sectors, leveraging multiple ransomware variants to infect both Linux and Windows operating systems. The group’s adaptability and the availability of tools like “StealBit” have facilitated its affiliates’ ransomware operations, making LockBit a preferred choice for many threat actors.
ALPHV (BlackCat): Despite facing significant setbacks from law enforcement actions, including an FBI operation that disrupted its operations, ALPHV has been fighting back against these disruptions. However, the group’s future remains uncertain as it struggles to maintain its reputation among criminal affiliates. There’s speculation that ALPHV could potentially shut down and rebrand under a new identity.
Clop: Known for utilizing zero-day exploits of critical vulnerabilities, Clop’s activities have highlighted the disparities between reported impacts on its leak site and the real-world implications of its attacks. Clop has heavily focused on North American targets, with significant attention also on Europe and the Asia-Pacific region.
The disruption efforts by the U.S. and U.K. against the LockBit group have been a notable development, marking a significant blow against one of the world’s most prolific ransomware gangs. These actions have included the unsealing of indictments against key LockBit operators, the disruption of U.S.-based servers used by LockBit members, and the provision of decryption keys to unlock victim data. This collaborative international effort underscores the commitment of law enforcement agencies to combat cybercrime and protect against ransomware threats.
For businesses and organizations, the prevailing ransomware threat landscape underscores the importance of implementing robust cybersecurity measures. This includes enabling multifactor authentication, maintaining regular backups, keeping systems up-to-date, verifying emails to prevent phishing attacks, and following established security frameworks like those from the Center of Internet Security (CIS) and the National Institute of Standards and Technology (NIST). These strategies can help mitigate the risk of ransomware attacks and reduce the potential impact on operations.
In conclusion, while the threat from ransomware groups remains significant, ongoing law enforcement actions and adherence to cybersecurity best practices offer a path forward in combating these cyber threats. Organizations must remain vigilant and proactive in their security measures to navigate the evolving ransomware landscape.
The NodeStealer malware campaign has been highlighted as a new threat, exploiting Facebook ads to distribute malware. This campaign underscores the increasing use of social media networks by cybercriminals to launch sophisticated malvertising attacks, targeting a vast user base and compromising their privacy and security.
Recent reports have also shed light on exploited vulnerabilities, including those in Cisco products (CVE-2024-20253) and VMware’s vCenter systems (CVE-2023-34048), exploited by espionage groups. Citrix NetScaler appliances were found vulnerable to two zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549), stressing the need for immediate application of patches to mitigate risks.
Emerging malware statistics reveal that Domain Generation Algorithms (DGAs) continue to hamper malware mitigation efforts, with over 40 malware families employing DGAs to generate numerous domain names, complicating the shutdown of botnets. Additionally, the frequency and impact of malware, including ransomware and IoT malware, have been noted to increase, with new malware variants detected daily, emphasizing the continuous evolution of cyber threats.
These insights highlight the dynamic and evolving nature of cyber threats in 2024, underscoring the critical need for robust cybersecurity measures, including regular software updates, enhanced security protocols, and increased awareness of emerging threats.
The landscape of phishing campaigns in 2024 demonstrates a sophisticated evolution in tactics that exploit human vulnerabilities across a broad spectrum of digital interactions. Spear phishing, despite constituting only a small fraction of email-based attacks, is responsible for a majority of breaches, underscoring its effectiveness in targeting specific individuals within organizations. This method, along with whaling attacks that deceive high-ranking officials, has seen significant growth, particularly with the shift to remote work environments.
The threat landscape has been further complicated by the integration of advanced technologies such as generative AI, which has been employed to create more convincing disinformation and phishing attempts. Election security, for instance, faces challenges from phishing and disinformation, with officials expressing concerns over their preparedness to tackle these sophisticated threats.
In a detailed examination of phishing attack statistics, notable incidents like the Russia/Ukraine digital confrontations, the Lapsus$ extortion spree, and the Conti group’s attack on Costa Rica highlight the global and impactful nature of phishing campaigns. These incidents not only demonstrate the broad targets, from governments to corporations, but also the substantial financial and operational damages inflicted.
Phishing emails have been increasingly weaponized with malicious attachments, including executables and script files, posing significant risks to individuals and organizations alike. Brand impersonation remains a prevalent tactic, with companies such as Yahoo and DHL being among the most mimicked in phishing attempts, exploiting their familiarity and trust with users.
Looking ahead, phishing campaigns are expected to leverage IoT vulnerabilities, utilize social media platforms as phishing grounds, and employ sophisticated ransomware attacks. The emergence of deepfake technology in phishing scams and the targeting of small businesses due to their limited cybersecurity resources mark a notable shift towards more personalized and technologically advanced phishing methods.
These trends and incidents highlight the critical need for heightened awareness, robust cybersecurity measures, and ongoing education to mitigate the risks posed by evolving phishing campaigns.
EXECUTIVE REPORT DOWNLOAD: