Cyber Threat Report | November 2023

As we’ve reached almost the end of the year, our November newsletter focuses on the cyber landscape with the latest threats and attacks; and financial and cyber justice updates from across the globe.

Cyber experts have been warning about ‘Citrix Bleed’ – a zero-day vulnerability that has been on the rise in recent months.

As well, discover more about:

  • China’s biggest bank is hit by a ransomware attack;
  • The sanctions on Binance;
  • IPStorm malware botnet take down.

AMATAS’s November 2023 newsletter also looks at the future ahead with key events that are set to take place in December 2023 where cyber professionals get the opportunity to learn about the latest technological innovations and insights.

The future of cyber resilience is all about balance, as Boris Goncharov, Chief Strategy Officer at AMATAS, notes. Engaging with AI and technology should be to enhance the human experience, not the other way around.

Cybercrime Breaking News

The Cybersecurity and Infrastructure Security Agency (CISA) added two zero-day bugs to its list of exploited vulnerabilities. The vulnerabilities are said to have affected Apache ActiveMQ and Citrix via NetScaler ADC and NetScaler Gateway. The second vulnerability has become more popular as ‘Citrix Bleed’ and is said to be exploited by both nation-state hackers and cybercriminal gangs, like LockBit. 

Microsoft officials warn that the Clop Ransomware gang (also known as Lance Tempest) is exploiting a new vulnerability in SysAid IT support software. Microsoft noted: “Organizations using SysAid should apply the patch and look for any signs of exploitation before patching, as Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware.”

Atlassian confirms that a vulnerability affecting their Confluence Data Center and Confluence Server products is being exploited by hackers, who have been using Cerber ransomware.

The FBI and CISA published an advisory about how the hacking group Scattered Spider has been infiltrating attacks. Just a reminder that Scattered Spider is the group believed to have been behind the recent attacks on MGM Resorts and Caesars Entertainment.

The FBI and CISA believe that the Royal ransomware gang may rebrand or have a spinoff as ‘BlackSuit’. In an updated advisory, it is noted that the BlackSuit and Royal ransomware share several similar coding characteristics.

New York Attorney General announces that US Radiology, the country’s largest private radiology company, will pay a fine of $450,000. US Radiology failed to patch a vulnerability that led to the exposure of sensitive data of 200,000 patients, during a 2021 ransomware attack. 

FinTech Updates

The Industrial and Commercial Bank of China (ICBC), China’s biggest bank, with $214.7 billion in revenue in 2022, was hit by a ransomware attack. The LockBit ransomware gang are said to be behind the attack.

Canada’s largest payment processor and a joint venture between Royal Bank of Canada and Bank of Montreal, Moneris stops a cyberattack right in its tracks. Moneris spokesperson noted, “We employ a dedicated team to manage and respond to cyber risks and their swift actions ensured Moneris and its customers were not impacted.” The Medusa ransomware gang are believed to be behind the attack.

Binance, the world’s largest cryptocurrency exchange platform, will pay over $4 billion in settlements after investigations uncovered that many cyber criminals have been using the platform to launder funds. Also, Binance’s CEO pleaded guilty to several federal charges and said he will be stepping down as CEO.

MeridianLink, a financial software organization, was targeted by a ransomware attack. AlphV/Black Cat, who is believed to have perpetrated the attack, went so far as to file a notice with the Securities and Exchange Commission (SEC) as they claim MeridianLink didn’t inform the regulators about the incident. This brings attention to the latest legislation, which will become effective as of this month, that states organizations must file a report to the SEC, within four days, after detecting a “material” cyber event.

Fidelity National Financial — a Fortune 500 provider of title insurance for property sales – is targeted by a cyberattack, accredited to the AlphV/Black Cat ransomware gang.

Cybersecurity researchers disclose how a North Korean government-supported group, ‘BlueNoroff’ APT, has been targeting cryptocurrency exchanges, venture capital companies, and banks. The hackers, which are considered to be linked with Lazarus, are exploiting malware that targets macOS and their motive is said to be financial.

The U.S. Treasury Department sanctioned Sinbad.io, a cryptocurrency mixer, which is said to have been used by North Korean-government-associated hackers to launder stolen funds. 

Cybersecurity Justice

The FBI dismantled the IPStorm malware botnet proxy network and its infrastructure, which is said to have infected thousands of devices across Asia, Europe, North America and South America. Earlier in September, the person, who is believed to have developed and deployed the malware between June 2019 and December 2022, pleaded guilty in front of the U.S. Justice Department.

Europol, Eurojust, and authorities from seven countries join forces to apprehend key figures (including the ringleader) behind “a series of high-profile ransomware attacks against organizations in 71 countries”.

Ransomed.vs, the gang behind attacks on Sony and supplier to Colonial Pipelines, announced that it is closing down after six of its affiliates were arrested.

Cybersecurity News Across The Globe

AMATAS News

RED ALERT: Cybersecurity and Data Protection Forum 2023

Boris Goncharov, Chief Strategy Officer at AMATAS, posed a crucial query during the CyberSecurity Forum 2023: How should we handle technology that is entirely unfamiliar to us? This question was raised during the Capital event on November 16 at Sofia Tech Park, with AMATAS as a strategic partner and Boris Goncharov delivering a keynote and facilitating discussions among industry experts on the future of cybersecurity. The event predominantly centered on the ever-evolving relationship between AI and cybersecurity. 

CyberChristmas 2023

This December 5th, AMATAS is sponsoring and participating in the CyberCLUB, ISACA – Sofia Chapter, Cyber Security Talks Bulgaria (CSTB) и ХАКЕР.BG organized Cyber Christmas ’23. The +300 attendee event is dedicated to current and future cybersecurity experts, who want to gain new insights into technology and innovations. Boris Goncharov, Chief Strategy Officer at AMATAS, will participate in the panel discussions, while members of the AMATAS team will be on site. We’re happy to be sharing know-how and meeting with you on the day.

DORA event: The new requirements for the operational sustainability of digital technologies with a focus on the insurance and reinsurance sector

Together with EY (Ernst and Young), AMATAS has organized two events for financial and insurance professionals. The events will also be addressing the DORA (Digital Operational Resilience Act) regulation, which intends to improve the information and communication technology (ICT) security of financial enterprises in the European Union (EU). Should you have any DORA related questions or doubts, feel free to contact the AMATAS team.

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report, and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website, www.amatas.com or by e-mailing office@amatas.com.

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top