Cato Networks has recently released the Q2 2024 Cato CTRL SASE Threat Report, shedding light on the evolving threat landscape across several critical areas: hacking communities and the dark web, enterprise security, and network security. This report draws its insights from the analysis of 1.38 trillion network flows, spanning more than 2,500 customers globally between April and June 2024.
“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker. He is aggressive in selling data and source code from major brands, including tech companies like AMD, Apple, Facebook and Microsoft,” said Etay Maor, Chief Security Strategist at Cato Networks and founding member of Cato CTRL. “Amazon is another brand that we’re seeing impacted by cybersquatting, which is a popular technique for threat actors to conduct phishing attacks.”
IntelBroker has been identified as a highly active figure within hacking communities, notably serving as a moderator on BreachForums. IntelBroker’s illicit operations include a broad array of cybercriminal activities. Recently, IntelBroker has been implicated in selling data and source code from major entities, including AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile, and the U.S. Army Aviation and Missile Command.
In terms of brand spoofing, Amazon has been found to be the most frequently targeted, primarily due to cybersquatting. Cybersquatting entails the use of domain names that exploit established trademarks to deceive users, often leading to credential theft via malware or phishing schemes. In Q2 2024, Cato CTRL noted that 66% of spoofed domains targeted Amazon, far outpacing Google, which was spoofed in 7% of cases. Given Amazon’s widespread use, there is a heightened risk of users encountering fraudulent websites seeking sensitive information, which could jeopardise both personal and organisational security.
Log4j, a vulnerability identified in 2021, continues to be widely exploited by threat actors. From Q1 to Q2 2024, Cato CTRL reported a 61% rise in attempts to exploit Log4j in inbound traffic, and a 79% increase in WANbound traffic. Similarly, the Oracle WebLogic vulnerability, first identified in 2020, has seen a 114% surge in exploitation attempts in WANbound traffic during the same period.
Inbound traffic refers to data entering the network from external sources, whereas WANbound traffic pertains to data within a WAN environment. These distinct traffic types represent different opportunities for threat actors to breach organisational defences and execute attacks.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.