DigitalXRAID

Threat Pulse – November 2024

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats. 

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available. 

November 2024 witnessed significant cyberattacks and emerging trends, signalling the growing sophistication of threat actors. Key developments included: 

Attack on French ISP “Free” 

A major data breach targeted Free, France’s second largest ISP. Attackers gained access to an internal management tool, stealing personal data from millions of subscribers.  

The breach demonstrated the ongoing vulnerability of large scale infrastructure providers to internal system exploitation. 

Ransomware with AI  

A new trend was observed in ransomware operations with the use of artificial intelligence. Smaller ransomware groups adopted Ransomware-as-a-Service (RaaS) tools enhanced by AI, using it for spear phishing campaigns and evading security measures, marking a shift towards more automated and sophisticated attacks. 

Token Exploitation at the Internet Archive 

Attackers exploited vulnerabilities in token management systems at the Internet Archive, leading to the theft of authentication tokens.  

This breach highlighted risks in long-term token storage and reinforced the need for better management of access credentials 

UK Council DDoS Attacks 

Several UK councils and associated services, including websites of local government offices and a football club, were rendered offline by distributed denial-of-service (DDoS) attacks.  

These incidents demonstrated the persistent threat of DDoS to public services. 

Zero-Day Exploitation in Google Chrome  

A zero-day vulnerability in Google Chrome’s JavaScript engine was actively exploited by the Lazarus Group.

The attack chain included memory corruption leading to remote code execution, highlighting the importance of timely browser updates to mitigate such threats. 

Fortinet Zero-Day CVE-2024-47575  

A critical vulnerability in Fortinet’s FortiManager, assigned CVE 2024-47575, was exploited in the wild.  

It allowed attackers to bypass authentication and execute arbitrary commands, providing administrative access to network configurations. This case underscored the need for proactive patch management and monitoring in enterprise environments. 

Fileless Malware Targeting Businesses  

A sharp increase in fileless malware was observed in November, particularly affecting UK businesses.  

This type of malware leverages trusted processes to execute malicious code without requiring traditional files, making detection difficult. Common entry points included malicious Word and PDF documents. Such techniques are particularly dangerous for small and medium-sized enterprises (SMEs) that lack advanced cybersecurity defences. 

Industrial Control System (ICS) Vulnerabilities  

Several vulnerabilities in ICS components, including Siemens SIMATIC products and Delta Electronics DOPSoft, were disclosed.  

These vulnerabilities could allow attackers to disrupt operational technologies, particularly in energy and manufacturing sectors. Older vulnerabilities, such as CVE-2007-5846, resurfaced due to inadequate patch management, highlighting the ongoing challenges of securing legacy systems in industrial settings. 

Rise of AI-Enabled Cyberattacks  

Attackers increasingly employed artificial intelligence to automate sophisticated phishing and malware attacks.  

Generative AI tools were used to craft highly personalised phishing emails and create adaptive ransomware. This shift underscores the growing need for organisations to invest in AI-driven defences to counter these evolving threats. 

Cloud Security Exploits  

Cloud infrastructure misconfigurations and weak access controls were exploited by attackers, leading to data breaches in several enterprises migrating to the cloud.  

The fragmented approach to managing hybrid IT systems—on-premise and cloud based—exacerbated vulnerabilities. This trend signals a critical need for unified cloud security and management solutions. 

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.    

Talk to the team to see how you can start protecting your business against cyberattacks today. 

Previous Article

The Importance of Cyber Incident Playbooks

Next Article

DigitalXRAID Achieves Prestigious Microsoft Security Solutions Partner Designation

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

cybersecurity experts
x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]