A Busy Cybersecurity News Cycle with High-Impact Events: Monthly Threat Report by Hornetsecurity

Hornetsecurity is a cloud-based security company that provides security-based cloud services for email, and data protection.

Each month they release a monthly security report, where you'll find latest finding about current vulnerabilities and why they need to be addressed as soon as possible. There are also the latest findings about brand impersonation (DHL has a lead) and the latest phishing campaigns that are doing the most damage.

For example, in their January 2024 security report they talk about Cache Warp or Reptar vulnerabilities that are not OS based vulnerabilities, but rather CPU/Cache based vulnerabilities, so if you're running virtualized environment, you may want to check this out.

From Intel: CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to “allow escalation of privilege and/or information disclosure and/or denial of service via local access.”

Successful exploitation of the vulnerability could also permit a bypass of the CPU’s security boundaries.

You'll also find the latest trends and latest security attacks that has been discovered or happened to be serious.

The report highlights:

• A slight increase in spam messages, a slight decrease in threats and advanced threats, and a high level of email security risks in the industry.
• It analyzes the use of PDF files to deliver malicious payloads via email, which has risen over the last month, and attributes it to post-QakBot botnets such as DarkGate.
• The report identifies the research industry as the most targeted industry over the data period, followed by the mining and entertainment industries.
• There is also an increase in brand impersonation attempts over the last month, especially for shipping and finance brands, and predicts that this trend will continue.
• The report also comments on some current events in the cybersecurity space, such as Microsoft’s logging changes in response to the Storm-0558 attack, the CitrixBleed vulnerability in Citrix NetScalers, and the SEC charges against SolarWinds and their CISO.

Another type of attacks that are very dangerous are phishing attacks. The report talks about phishing campaigns through Instagram and Twitter (now X) where if you're using Twitter, you should be careful, because the newly changed status ID where the username portion of Twitter's URL can be replaced with any string, and the post can still be opened by the victim and it does not matter of the username change in the URL.

Quote:

 The goal for threat actors here is to gain access to the target user’s crypto wallet and drain it of assets. This is just another area where your average Joe user needs to be trained to make sure the page (or X profile) they’ve ended up at is indeed the legit profile they expect it to be.

March 2024 Security Report

Latest security report from the beginning of march – March 2024 Security Report , main file types such as, PDF, HTML, and Archive files were the top three most used file types in email for the delivery of malicious payloads. The most targeted industries were Mining, Manufacturing, and Media.

The pirates and cyber criminals also try to impersonate popular brands such as Fedex, DHL, orFacebook and get your sensitive information.

There was a critical CVSS 10 vulnerability in Connectwise’s ScreenConnect that has been exploited, with an urgent patch available.

Also, there was a ransomware attack on Optum/Change Healthcare which significantly impacted patient healthcare services in the US.

The report also highlights the need for backup in Microsoft 365 and effective permission management.

For me, this is one of the key elements to consider because without solid and reliable backups, your company’s data are vulnerable.

As Multi-Factor Authentication (MFA) becomes more common, attackers are adapting with sophisticated techniques to bypass it.

You should know that there are some ways for attackers to bypass the MFA. They may use an account takeover method that wouldn't trigger an MFA request. Or, as is the case in recent attacks, they’ll use social engineering tactics to convince the user to authenticate their login attempt.

Predictions and Recommendations

The report also says that the use of AI in cyberattacks and defense, MFA bypass techniques, supply chain attacks, and risks associated with 5G network slicing are predicted to rise.

Building a cyber resilient culture, practicing good cyber hygiene, and adopting a zero-trust mindset are recommended for improving security posture.

How not get caught off guard?

Couple of months back I have blogged about security awareness training where your co-workers from within your company can be trained via a special training that is fully automated, where you can see the progress of each of your employee. The employees get into a situation where they face different levels of difficulty and sophistication of the simulated spear phishing attacks.

On one side we have the infrastructure that we can secure as much as we can, by applying the latest patches. But on the other side we have to deal with the human factor.

Final words

As you can see, it's always wise to check the latest reports and see the trends and latest security attacks. Unfortunately, the situation will not get any better and we must prepare to face the worst.

It seems that in the future we’ll see the use of AI in cyberattacks which looks like the never-ending process.

Admins that are not prepared, who does not patch their systems early enough are risking unwisely their user's data. Unfortunately, we'll still be facing zero-day exploits and vulnerabilities that will be discovered in the future.

We can see that a whole governments and big companies are getting hit by ransomware, phishing, or DDOS attacks. In France, recently a distributed denial of service (DDoS) attack on French government network infrastructure was conducted taking down the majority of governmental websites and their services. Security of user’s data is N°1 priority nowadays in many countries around the world.

Source: Hornetsecurity March 2024 security report

Also from Hornetsecurity:

• Hornetsecurity Cyber Security Report 2024: What to Expect in the Microsoft 365 Threat Landscape
• How 365 Permission Manager from Hornetsecurity builds a game-winning strategy for M365 Compliance
• Hornetsecurity VM Backup V9 for VMware vSphere and Microsoft Hyper-V – Product Review

More posts from ESX Virtualization:

• Nutanix Community Edition
• Another VMware Alternative – Verge.IO
• How to install and run Xen Orchestra Lite
• XCP-NG Virtualization Platform with management by Xen Orchestra
• Best VMware Alternatives – ESXi FREE is DEAD
• vSphere 8 U2 Identity Federation with Entra ID/Azure AD – vSphere never sees the users credentials
• VMware vCenter Server Converter 6.4 Released
• VMware vSphere 8.0 U2 Released – ESXi 8.0 U2 and VCSA 8.0 U2 How to update
• What’s the purpose of those 17 virtual hard disks within VMware vCenter Server Appliance (VCSA) 8.0?
• VMware vSphere 8 Update 2 New Upgrade Process for vCenter Server details
• VMware vSAN 8 Update 2 with many enhancements announced during VMware Explore
• What’s New in VMware Virtual Hardware v21 and vSphere 8 Update 2?
• Homelab v 8.0 
  • NXJ6412 Maxtang EHL30 TPM Alert in vCenter Server 8.0 BIOS Config
  • vSphere 8 Lab with Cohesity and VMware vExpert gift – Maxtang’s NX 6412 NUC
  • VMware Cohesity vExpert Gift VMware EXPLORE 2022 Barcelona
• vSphere 8.0 Page
• Veeam Bare Metal Recovery Without using USB Stick (TIP)
• ESXi 7.x to 8.x upgrade scenarios
• A really FREE VPN that doesn’t suck
• Patch your ESXi 7.x again
• VMware vCenter Server 7.03 U3g – Download and patch
• Upgrade VMware ESXi to 7.0 U3 via command line
• VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
• What is The Difference between VMware vSphere, ESXi and vCenter
• How to Configure VMware High Availability (HA) Cluster

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)