Top cybersecurity threats for August 2023

Author: Phil Muncaster

On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds a Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity threat landscape. Below is the summary of their most recent briefing and here is the August recording of the briefing.

Listen now

Condition based maintenance icon


1. Ivanti released patches for a zero-day vulnerability and other bugs used in an attack on the Norwegian government

Security alert


2. Researchers warned of a malicious campaign exploiting Citrix NetScaler zero-day

laptop hackers


3. MOVEit organization victim count rose to over 1,100 with 56 million individuals impacted as Deloitte joined the list of affected firms



Top cybersecurity news


August 2023 cybersecurity and threat intelligence news you should know about.


Like what you're reading?

If you’d like to receive new articles, solutions briefs, whitepapers and more—just let us know.
 

Suscríbete

The information provided will be used in accordance with terms set out in our Privacy Policy.



Ivanti patches zero-day vulnerability and other bugs used in an attack on the Norwegian government


Top takeaways:

  • The Norwegian National Cyber Security Centre announced a state-sponsored threat actor exploited an Ivanti zero-day vulnerability in an attack on the Norwegian government
  • Researchers at Ivanti and Rapid7 discovered two more Ivanti vulnerabilities, and warned that the three could be chained in attacks
  • The VTRAC has no intelligence about other victims of the zero-day bug

According to SecurityWeek.com, the Norwegian government announced that a zero-day vulnerability in cybersecurity vendor Ivanti's Endpoint Manager (EPMM) product (also known as MobileIron Core) enabled threat actors to compromise 12 government departments. The Cybersecurity and Infrastructure Security Agency (CISA) said the campaign, revealed in late July, dated as far back as April at least, with possible chaining observed between the zero-day (CVE-2023-35078) and another Ivanti vulnerability (CVE-2023-35081). The former allowed remote attackers to obtain Personally Identifiable Information (PII), add an administrative account, and change the configuration because of an authentication bypass. The latter enabled actors with EPMM administrator privileges to write arbitrary files with the operating system privileges of the EPMM web application server. Both have been patched.

Ivanti and Rapid7 labeled the chained vulnerability CVE-2023-35082 and —described it as a remote unauthenticated API access vulnerability in MobileIron Core 11.1 and older. Researchers warned that it could allow an attacker to write malicious webshell files to the appliance, which could then be executed by an attacker. Some affected products are now out of support so no new patches will be released.  The VTRAC has not identified additional victims of the original zero-day attack.

Researchers warn of malicious campaign exploiting Citrix NetScaler zero-day


Top takeaways:

  • NCC Group claimed over 1,900 Citrix appliances have been backdoored in a new campaign
  • The campaign exploits the former zero-day vulnerability CVE-2023-3519

Security researchers at NCC Group revealed that over 1,900 Citrix appliances were compromised in a new campaign exploiting the former zero-day vulnerability CVE-2023-3519. Citrix posted an advisory about the critical bug—which enables unauthenticated remote code execution—and two others on July 18. It impacts NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

NCC Group said that 31,000 devices were vulnerable to the zero-day at the time of the campaign. An automated process placed webshells on vulnerable NetScalers to gain persistent access and allow for execution of arbitrary commands. It's unclear what the end goal of the attackers is, but 1,828 appliances remained backdoored as of August 14. Of those, 1,248 are actually patched for CVE-2023-3519. NCC Group warned a patched appliance can still contain a backdoor.

MOVEit organization victim count rose to over 1,100 with 56 million individuals impacted as Deloitte joined the list of affected firms


Top takeaways:

  • The MOVEit campaign has now impacted over 56 million individuals
  • Deloitte, a large global auditing and accounting firm, became the third of the "Big Four" accounting firms to be caught out by the campaign
  • This brings the total of known corporate victims close to 1,100

The Verizon Threat Research Advisory Center (VTRAC) estimates that over 56 million individuals around the world have been impacted by the MOVEit data theft campaign. That means their Protected Health Information (PHI) or PII could have been taken in the large-scale attack, which targeted the popular MOVEit managed file transfer software with a zero-day exploit. VTRAC assesses the number of organizations caught in the campaign at 1,100, as of the end of July. This includes Deloitte, the third of the Big Four accounting firms to be impacted, although Deloitte has made claims to have seen no evidence of an impact on client data.

According to Verizon’s experts, these figures brought the total number of organizations known to have been victimized by ransomware this year to 2,776, including 472 in July. That makes July the worst month this year. This count is based on victims that appear on leak sites and/or publicly disclose themselves, so the real figure is likely to be even higher.

Related briefings

Learn more about the ever-evolving nature of security threats and complex risk environments.


Related products

Verizon Business Internet Security

Qualified Verizon Business Internet customers have access to powerful internet security solutions designed to help protect your business from cyber threats.

Verizon Mobile Device Management (MDM)

MDM provides powerful resources to mitigate mobile risk and help protect against cyberattacks that target corporate, education and business data and personal information.

Mobile Threat Defense (MTD)

Safeguard the data used by your remote workforce with advanced mobile security from Verizon and our partners.

Managed Detection and Response

Take your security program to the next level by quickly identifying and responding to security incidents.

Managed Security Information and Event Management

Get a tailored operational model that integrates Verizon security and intelligence capabilities with your own SIEM solution.

Advanced Security Operations Center (SOC)

To help detect and contain sophisticated threats and help prevent them from spreading.

Rapid Response Retainer


To help accelerate response to serious attacks.

Cyber Risk Programs


Identify security risks and threats before they can seriously harm
your organization


  • Descubre más

Let's get started.