Cybersecurity Trends September 2023: Threat Intelligence Report
Cybersecurity trends that marked September 2023
In our September 2023 report, we take a closer look at the cybersecurity trends that marked September 2023 including the massive ransomware attack on MGM and Caesars Entertainment, the Exela Stealer threat to our social media security and more.
Phishing and Malware trends and statistics
Newly registered domains
Confirmed new phishing domains
New potential similar domains
During the month of September, FYEO discovered a total of 2.6 (Million) newly registered top level domains of which 14,797 were considered similar domains that are likely squatting domains (e.g when someone registers a domain name that is similar to a well-known brand or organization with the intention of using it for malicious purposes such as phishing attacks).
A further 2789 domains out of the newly registered domain were identified as actively serving fake websites and content related to phishing and 3.3K (Thousand) were identified as serving malware related files and content.
Data leaks and credentials statistics
Reported leaked credentials
Reported leak sources
FYEO indexed sources
FYEO indexed credentials
September also saw 15 security incidents that resulted in the compromise of more than 15.1M (Million) records. The massive ransomware attacks on MGM and Caesars Entertainment clearly dominated all conversation about cybersecurity in September 2023. MGM Resorts and Caesars Entertainment both grappled with cyber incidents, reflecting the ongoing ransomware threat. MGM faced system disruptions, while Caesars suffered a data breach. The Alphv ransomware group was linked to MGM's attack, with reports of Caesars paying part of a $30 million ransom. These cases highlight the need for better cybersecurity measures and proactive investments to protect sensitive data. They also serve as reminders to institutions and policymakers about the significance of cybersecurity risks and data safeguarding.
During the month, FYEO indexed and gathered a total of 84 (Million) leaked credentials from a total of 23 sources that were gathered through open sources and public releases.
In regards to FYEO’s collection statistics it's worth noting that there is in general a large delay in the time in which the hacked data gets published. Therefore the data collected by FYEO is most likely not the same sources that were reported hacked for the month.
Beware: Exela Stealer Poses Threat to Your Social Media Security
Cyble Research and Intelligence Labs (CRIL) recently uncovered a new cybersecurity threat known as "Exela." This Python-based open-source data-stealing tool has raised concerns due to its versatile capabilities and potential for malicious activities. Exela is particularly noteworthy for its extensive range of anti-debugging and anti-virtual machine techniques, making it a formidable weapon in the hands of cyber threat actors.
One of the most concerning aspects of Exela is its primary target: Discord users. The tool is designed to compromise Windows Discord clients and steal sensitive information such as login credentials, personal data, and even financial information. Beyond Discord, Exela is equipped to target various web browsers and can access and exfiltrate data from a wide range of applications, including popular social media and gaming platforms.
What sets Exela apart is its method of data exfiltration, which exclusively relies on Discord webhook URLs. This demonstrates the adaptability of threat actors who leverage legitimate platforms like Discord for malicious purposes, underscoring the evolving tactics in cyberattacks.
The rise of open-source data stealers like Exela highlights the dual nature of open-source repositories. While they promote collaboration and transparency in software development, they also expose vulnerabilities that malicious actors can exploit. Given Exela's availability as open-source, there's a higher likelihood that it could be distributed through various channels, such as phishing websites or free software download platforms.
To mitigate the risks associated with Exela and similar threats, it's crucial to emphasize the importance of downloading software exclusively from reputable and well-established sources. Additionally, monitoring network communication to block data exfiltration by this stealer is advisable. Employing reputable antivirus and internet security software across all connected devices, including PCs, laptops, and mobile devices, is essential to safeguard against such emerging threats.
Airbus Data Breach Raises Concerns: What You Need to Know
In December 2022, a cybercriminal known as "USDoD" infiltrated the FBI's information sharing network InfraGard and exposed the contact information of its 80,000 members. The FBI responded by verifying members and seizing the cybercrime forum where the data was being sold. However, on September 11, 2023, USDoD resurfaced, leaking sensitive employee data stolen from Airbus and hinting at targeting top U.S. defense contractors. Interestingly, USDoD, which once used the U.S. Department of Defense seal as its avatar, now uses a kitten image. USDoD leaked information on about 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. They claimed to obtain this data by using passwords stolen from a Turkish airline employee who had access to Airbus' systems. The leaked data release coincided with the 22nd anniversary of the 9/11 attacks, featuring an aircraft-themed message that threatened defense contractors like Lockheed Martin and Raytheon. The breach at Airbus occurred when a Turkish airline employee inadvertently infected their computer with an info-stealing trojan called RedLine. Such info-stealers are often deployed through malicious emails and bundled with cracked software available online. They steal credentials and authentication tokens, leading to security breaches. The rise of info-stealers like RedLine has become a primary initial attack vector for cybercriminals, enabling ransomware attacks, data breaches, account takeovers, and corporate espionage. Cybersecurity experts warn against downloading pirated software and emphasize the importance of verifying the source of software downloads, as malicious actors have manipulated search engine results to impersonate legitimate software vendors. The FBI has been actively combating these threats, seizing cybercrime stores like Genesis Market in April 2023 and apprehending the alleged administrator of BreachForums in March 2023. Nevertheless, the evolving tactics of cybercriminals underscore the need for vigilance and caution when engaging with digital content, particularly when downloading software or handling unsolicited emails. Sources: