The first cyber attack timeline of September 2023 brings with it a new record in terms of events per day (13.93) abruptly inverting the apparent break and the decreasing trend of the past two fortnights (11.40 and 10.69 respectively in the first and second week of August).

Ransomware continues to be a big issue, and as a consequence, malware attacks continue to dominate the threat landscape with 39.7% (83 out of 209 events) up from 34.5% of the previous timeline. The impact of vulnerabilities is equally quite important (17.2% the echoes of the massive MOVEit attack are not over yet), despite the percentage seems to be headed to a decreasing trend (it was 22.6% in the second half of August). Ransomware was directly or indirectly involved in 38.65% of events (80 out of 209),  an important increase compared to 31.6% of the previous timeline.

The fintech continues to be under pressure, most of all because of the continued operations of the North Korean Lazarus Group, who allegedly hit CoinEX ($53 million worth of crypto assets stolen) and Stake.com (over $40 million in crypto reportedly stolen.) Additionally a cyber attack to the cloud provider Retool cost a lot to Fortress Trust, which lost close to $15 million as a consequence of the hack.

Instead the list of the organizations victims of mega breaches include Freecycle (7 million records), Pizza Hut Australia (more than one million) and Traderie (2.6 million.)

Threat actors driven by cyber espionage were equally quite active in this fortnight with multiple operations carried out by attackers originating from China, Russia, Iran, an North Korea; known threat groups such as APT28, Charming Kitten, Winnti Group, or APT33, but also previously undisclosed state-sponsored groups.

In terms of hacktivism: the pro-Russia hacktivists from Anonymous Sudan and NoName057(16) were particularly active against targets, with the first claiming to have taken down Telegram for in retaliation for the decision of suspending their account.

Of course, my final suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community.

And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, or Mastodon for the latest updates.