CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.19.May.24

Hope you had a great Star Wars weekend!💫

PreviousCCTR.20.MAY.24NextCCTR.18.April.24

Last updated 11 months ago

According to Verizon 2024 Data Breach Investigations Report (DBIR), there was a significant 180% increase in exploiting vulnerabilities for initial access to organisations between 2022 and 2023, making up 14% of breach methods. 📍Stolen credentials, accounting for 38%, remained the primary method of initial access in a cyber-attack. 📍Notably, 68% of breaches globally involved non-malicious human factors, often due to social engineering or human error. 📍In the Asia-Pacific region, out of 2,130 incidents, the top breach patterns were System Intrusion, Social Engineering, and Basic Web Application Attacks, accounting for 95% of breaches. 📍External threat actors were responsible for the majority (98%) of cyber-attacks, mainly motivated by financial gain (75%). Ref According to the Sophos State of Ransomware 2024 report, exploited vulnerabilities are the most common initial access point for ransomware incidents, with data theft occurring in 32% of cases, enabling attackers to extend their extortion tactics. 📍More than half (56%) of impacted organisations admitted to paying the ransom for data retrieval. 📍Although backup usage has slightly decreased (68% vs. 70%), alternative methods such as involving law enforcement or using public decryption keys have risen (26%). Only 24% paid the original demand, with 44% paying less than the original demand. 📍Insurance providers play a significant role in ransom payments, contributing to 83% of attacks. Ref Siemens has fixed a critical remote code execution vulnerability (CVE-2022-23450, CVSS 10.0) in its SIMATIC Energy Manager (EnMPro) product, utilised in industrial plants for managing energy flow and energy planning within plant operations. This vulnerability, present in all versions before EnMPro V7.3 Update 1, could enable attackers to execute arbitrary code and gain full control of affected servers. Ref Team82 - Claroty 🔹FortiGuard Labs discovered a new botnet named Goldoon targeting a decade-old D-Link vulnerability, CVE-2015-2051. This vulnerability, with low attack complexity, allows attackers to enlist compromised devices into their botnet for launching subsequent attacks. This highlights the ongoing evolution and exploitation of botnets across various devices. If you have D-Link edge devices, it might be a good idea to conduct a quick threat hunt. Ref

https://www.verizon.com/business/resources/Tddf/reports/2024-dbir-data-breach-investigations-report.pdf
https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf
https://claroty.com/team82/research/exploiting-a-classic-deserialization-vulnerability-in-siemens-simatic-energy-manager
https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices
This is the Way!