Cybersecurity Digest #81: 22/08/2023 – 05/09/2023

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • Critical Insight Releases H1 2023 Report: Record 40 Million Individuals Exposed in Healthcare Cyber Breaches Despite Overall Decline. Hacking/IT incidents were the primary cause, accounting for 73% of breaches. Hackers have shifted their tactics towards targeting network vulnerabilities. Network server breaches are responsible for a staggering 97% of individual records affected, while only 2% can be attributed to email breaches.
  • Security researchers from Shadow Stack RE have reverse-engineered the Linux/ESXi encryptor of Abyss (or Abyss Locker). The Abyss RaaS launched earlier this year, in May.
  • The latest research from Mandiant on generative AI reveals threat actors are interested in generative AI, but usage remains limited. Mandiant predicts that generative AI tools will accelerate the integration of AI into both information operations and intrusion activities.
  • Statistics from Sophos show that in the first half of the year the hackers’ median dwell time dropped to five days from nine in 2022. The company notes that ransomware attacks accounted for 68.75% of all cyberattacks recorded by Sophos this year. Median dwell time for non-ransomware incidents increased from 11 to 13 days this year. This suggests that while ransomware threat actors move quicker, other cybercriminals carrying out network intrusions “tend to linger” and wait for an opportunity.
  • According RecordedFuture in the first half of 2023, ransomware attacks surged, with attackers increasingly relying on exploiting vulnerabilities for rapid compromise. Prominent campaigns targeted organizations using vulnerability exploits, such as the VMware ESXi hypervisor breach. Prominent malware variants in H1 2023 included LockBit, ALPHA, Royal, ESXiArgs, and Pegasus.
  • Security firm Trustwave says it saw a noticeable increase in BEC activity at the start of 2023. The company says that half of the BEC lures it saw in the first half of the year were payroll diversion attacks, a tactic where attackers pretend to be employees of the targeted company and try to redirect the payroll to their own bank account. Trustwave says this tactic is extremely efficient because it’s not uncommon for workers to change their bank account information for legitimate reasons.
  • Elastic security team analyzes the latest version of the BLISTER loader. New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments.

Major Cyber Incidents