Summary of Vulnerabilities, Actors & Attacks: March 2024
Summary of Vulnerabilities, Actors & Attacks: March 2024
| Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Targeted Countries | Targeted Industries | MITRE ATT&CK TTPs |
| 32 | 13 | 44 | 260 | 31 | 252 |
Download the pdf file to learn more
Summary
In March, the cybersecurity landscape witnessed a surge in attention due to the discovery of ten zero-day vulnerabilities. The GhostSec and Stormous ransomware factions have launched a sophisticated campaign, introducing the GhostLocker 2.0 ransomware and the STMX_GhostLocker ransomware-as-a-service (RaaS) initiative, posing a significant threat to businesses primarily in the Middle East.
During the same period, ransomware attacks experienced a noticeable uptick, with strains such as GhostLocker, Stormous, Jasmin, Agenda, and Evil Ant actively targeting victims. As ransomware continues to advance in sophistication, organizations are urged to fortify their defenses by implementing robust backup and disaster recovery strategies. Additionally, employee training to recognize and thwart phishing attacks is crucial.
In parallel, thirteen adversaries were active across diverse campaigns. Magnet Goblin, characterized by its financial incentives, strategically exploits zero-day vulnerabilities within publicly accessible services by employing sophisticated malware sourced from the Nerbian family. Their primary objectives included extracting user credentials and initiating subsequent malicious activities. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.
Download the pdf file to learn more
