@BushidoToken Threat Intel

Introduction 2023 was packed with a multitude of significant events that caused many to rethink their entire security strategies, especially their vendors and their team size. Unfortunately, we saw thousands of layoffs in the technology sector, including cybersecurity teams. This is despite the unrelenting and omnipresent threat of an ever growing number of cyber adversaries. The Top 10 Cyber Threats of the year that I believe are worth focusing on in this blog revolve around several common themes, like the use of zero-day exploits, supply chain attacks, targeting identity providers, as well as intentionally disruptive campaigns. #1 CL0P mass exploitation campaigns Since 2020, a professional cybercrime syndicate known as CL0P shifted from targeted big game hunting ransomware campaigns to mass data-theft-extortion attacks, minus the deployment of ransomware. Around 27 May 2023, the CL0P group exploited a zero-day vulnerability in the MOVEit file transfer server, tracked as CVE-2

I recently heard about a wave of scams exploiting Booking.com  users. So I went and researched it for myself. I came across a post on the r/travel subreddit about such an incident. [1] The user received a seemingly authentic message with a URL via Booking.com 's app. They provided their credit card information and said that “within mere minutes of this, an attempt was made to use [their] credit card for an online purchase.” As others pointed out on Reddit, the most likely scenario here is that the hotel's account with Booking.com  has been compromised, or the hotel's own email account was compromised. I then looked up the phishing site sent via the Booking.com  in-app messaging system in VirusTotal to find the IP address and checked that in URLscan. As I imagined, the offending IP address had a bunch of other Booking.com  phishing domains that resolved to it. This revealed a widespread campaign. [2, 3] Further research on this topic led me to a recent Secureworks blog about