Threat Briefing: July 21, 2023

The fallout of the cybercriminal group Cl0P exploiting a vulnerability in the MOVEit software continues to be felt as more victims and organizations are identified, and also reflects a trend in ransomware attacks increasing in frequency and costs. Patching vulnerabilities and updating software is increasingly important as cyber actors continue to rely on exploiting vulnerabilities to gain access to victim’s systems, as Cl0P waited almost two years to exploit a vulnerability to launch its attack against the MOVEit software.

Over 380 Organizations Victim of Data Theft Due to Cl0p Exploit of MOVEit Vulnerability, Impacting Approximately 20 Million Individuals based on data reported to the SEC, public disclosures, state breach notifications and announcements on Cl0p’s website. Cl0P’s attack impacted 70 educational institutions in the U.S., as well as the National Student Clearinghouse, which supports over 3,500 colleges and universities. Emisoft

Cyber Actors Have Made Approximately $449 Million from Ransomware Attacks in the First Half of 2023, an Increase From 2022, while other forms of cryptocurrency-related crime, particularly cryptocurrency-related scams, have decreased in 2023 compared to 2022. The average ransom demand against both smaller organizations and larger organizations have increased in 2023. Additionally, cyber actors likely focused their efforts on cyber espionage in support of the Russia-Ukraine war and have shifted back to ransomware attack in 2023. Chainalysis

Distributed Denial-of-Service (DDoS) Attacks Increased by 15% in Second Quarter of 2023, But Are Lower Than Second Half of 2022 – The second quarter of 2023 saw 5.4 trillion DDoS requests. Cryptocurrency companies saw a 600% increase in the number of DDoS attacks during that time frame. Pro-Russian hacktivists have utilized DDoS attacks against Western companies in response to the Russia-Ukraine war. The Record

Genesis Market Sold to Unknown Cyber Actor Despite Seizure of Clear Web Domains by Law Enforcement – The new owners of the market will have access to the source codes, server infrastructure, scripts and some client base details. In April 2023, the U.S. Treasury Department sanctioned the marketplace and an international law enforcement operation seized the clear web domains, however, its dark web infrastructure was hosted in an “inaccessible jurisdiction.” The Record

Nigerian Cybercriminal Sentenced for Role in Business Email Compromise Campaign Resulting in $8 Million Fraud – The individual was sentenced to eight years in prison for defrauding victims in Illinois, Iowa, Kansas, and Michigan by directing them to wire money to bank accounts opened by money mules. U.S. Attorney’s Office, Northern District of Illinois

University Students Targeted with Fraudulent Job Offers in Bioscience and Health Fields as Part of Advance Fee Fraud Scheme – The campaign occurred during May and June 2023, and spoofed domains for real companies and impersonated real employees of those companies to carry out the attacks. Victims of the attack were likely offered a job and provided a list of hardware and software they would be directed to purchase or receive reimbursement by the company. Proofpoint

U.S. Government Release Implementation Plan for National Cybersecurity Strategy, Containing 65 Cybersecurity Initiatives to Improve the U.S.’s Cybersecurity Posture – The initiatives supports the strategies five pillars and will be updated as needed. The overall strategy and its initiatives are designed to help the government be more resilient and defensible while also enhancing public and private sector engagement on cybersecurity. CyberScoop

Sanctions and Export Control Restrictions on Technology Disrupting Russian Government Communication Surveillance Capabilities – Following Russia’s invasion of Ukraine, the Russian government has been limited in its ability to acquire hardware and software used to support its surveillance of telephone and internet traffic in Russia. Western companies have withdrawn business operations in Russia, also impacting Russia’s ability to deploy 5G technology throughout Russia. The Record

U.S. Government Announces Cyber Trust Mark Labeling Program to Enhance Cybersecurity – The program supports internet and Bluetooth-enabled devices and devices meeting Cyber Trust Mark standards will have a label indicating they meet the standard. While the criteria to evaluate devices is still being determined, it is scheduled to launch in late 2024. NextGov