Cyber Threat Report | July 2023

July reviewed some interesting insights as to the cybersecurity space. In the last three years, the cost of data breaches has increased by 15% – companies could now potentially pay up to $4.5 million; an IBM Security report revealed.

A Cloudflare report discloses an upward trend in DDoS attacks – surging by 15% compared with Q1 of 2023. The volume of the attacks between April and June 2023 reached 5.4 trillion.

In other news, a cross-Atlantic collaboration agreed upon the new EU-U.S. Data Privacy Framework. The framework is set to safeguard the personal data transferred between the EU to US companies. EU President Ursula von der Leyen noted:

 “Today we take an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the US, and at the same time to reaffirm our shared values. It shows that by working together, we can address the most complex issues.” 

The framework will come into effect as of December 2023 and is subject to periodic reviews by the European Commission, European data protection authorities, and US authorities.

Discover more about the latest threats in the cybersecurity environment in our monthly newsletter.

Cybercrime Breaking News

China-based hackers, Storm-0558, breached the email accounts of about 25 organizations, including the US and Western European government agencies. One of the victims includes the US State and Commerce Departments. The vulnerability is now patched.

Microsoft disclosed an actively exploited zero-day vulnerability that allows hackers to gain access to systems by spreading malicious Office documents. The vulnerability, CVE-2023-36884, was exploited in attacks targeting organizations that attended the NATO Summit.

Hackers exploit a zero-day vulnerability in (mobile endpoint management software) Ivanti to compromise Norwegian government agencies. Even though this first vulnerability was patched, Ivanti issued an advisory about a second vulnerability, with a “limited number of customers” being impacted.

The number of victims, who were affected by the MOVEit vulnerability, may surpass 350 – with Radisson Hotels, DHL, and TJ MAXX being added to the list of victims. At the end of the month, Maximus, a US government services contractor, revealed that the personal data of between 8 and 11 million people may have been stolen by hackers.

Three months after their domain was seized by the FBI, Genesis Market posts ads to sell the platform on the dark web. The cybercriminal group behind the platform claim to have sold it to an ‘unidentified’ buyer.

GitHub releases information about low-volume social engineering campaigns targeting technology firm employees. Many of the targeted accounts are said to be linked to the blockchain, cryptocurrency, or online gambling. The attack is believed to be carried out by North Korean actors.

Estée Lauder took down some of the company’s systems due to a cybersecurity attack. Clop and BlackCat, ransomware gangs, both have added the company to their lists of victims.

Yamaha Corporation, the world’s largest music equipment producer, confirms a cyberattack took place, that led to stolen data. The company noted, “In response, we swiftly implemented measures to contain the attack and collaborated with external specialists and our IT team to prevent significant damage or malware infiltration into our network.”

18-year-old Lapsus$ gang member is said to be behind the hack of Uber, Revolut, and Rockstar Games (Grand Theft Auto developers, which took place in September 2022.

Cyberwar between Russia and Ukraine: Updates

Cisco Talos researchers reveal how campaigns to steal sensitive data and gain constant remote access were aimed at Ukraine and Poland. From April 2022 to July 2023, government entities, military organizations, and civilian users have been targeted by the campaign that uses PicassoLoader – a downloader malware.

Ukraine’s Cyber Police dismantled a bot farm, said to have been spreading pro-Russian propaganda across social media.

CERT-UA analysis of how Armageddon, a Russian hacking group, continues to be one of the most dangerous threats to Ukraine. The group is infamous for conducting cyberespionage operations but has also participated in cyberattacks infecting government computers.

Cybertatack takes down for several hours the Russian state-owned railway company RZD’s website and mobile app. IT Army – Ukrainian hacktivist group claimed responsibility.

​​Hackers, who remain anonymous, took down Dozor-Teleport, a Russian satellite communications provider, used by energy organizations and Russia’s defense and security services.

Cybersecurity and AI

The email security company, SlashNext, pinpoints how cybercriminals use WormGPT software to generate more accurate content for business email compromise (BEC) scams.

Cybersecurity Justice

Microsoft is expanding its cloud logging services for “deeper security visibility” in response to the rise and evolution of nation-state cyber threats. In an official statement, the company noted, “Today we are expanding Microsoft’s cloud logging accessibility and flexibility even further. Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost.” Microsoft is working on the service expansion with the Cybersecurity and Infrastructure Agency (CISA) and government and commercial customers. 

Interpol’s Operation Nervone arrests a supposed key member of OPERA1ER – the criminal organization that uses malware, phishing, and BEC schemes to target financial institutions and mobile banking services.

Former BreachForum administrator pleads guilty to three separate charges and faces a maximum of a 30-year sentence.

A senior adviser to the Silk Road (a former online black marketplace) operator is sentenced to 20 years in jail.

The Justice Department arrested a cybersecurity professional, who is believed to have hacked a cryptocurrency platform and stolen $9 million.

Researchers released an Akria decryptor at the beginning of the month.

FinTech Updates

Multichain, a crypto platform, suspends its services after $125 million was stolen by hackers.

Poly Network, a decentralized finance (DeFi) platform, suspended its service after a malicious actor used 57 crypto assets on 10 blockchains. Assets were withdrawn from an account that is said to have had $43 billion, but the amount stolen is yet to be confirmed.

North Korean Lazarus group is believed to be behind the attack on Alphapo, a centralized cryptocurrency payment provider, where almost $60 million were stolen.

Cybersecurity News Across The Globe

Discover more about the legal implications of data privacy and the future of AI:

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top