Welcome to the Threat Landscape Update Report for February 2024.

February report covers

• Mass exploitation incidents involving Ivanti ConnectSecure and ConnectWise ScreenConnect vulnerabilities.
• Ransomware attacks and varying statistics and opinions on the state of the ransomware sector.
• Use of Machine Learning and LLMs for malicious activities like fraud and autonomous hacking.
• Significant increases in phishing/maldoc exploits targeting client software.
• Exploit data highlighting vulnerabilities such as CVE-2023-21716, CVE-2023-38831, CVE-2023-23376, and CVE-2023-23397.
• Lazarus Group exploiting a Windows driver zero-day vulnerability (CVE-2024-21338) to disable security tools.
• Newly exploited vulnerabilities added to CISA's Known Exploited Vulnerabilities catalogue, including CVE-2023-4762 affecting Google Chromium V8.

Here is more information on the key problems included in the February 2024 Threat Landscape Update report:

1. Mass Exploitation Incidents: ongoing mass exploitation incidents involving vulnerabilities in Ivanti ConnectSecure and ConnectWise ScreenConnect, emphasizing the critical need for organizations to patch these vulnerabilities promptly to prevent widespread compromise.
2. Ransomware Attacks: the continuation of ransomware attacks in February, with varying opinions and statistics on the state of the ransomware sector. This indicates the persistent threat posed by ransomware actors and the importance of robust cybersecurity measures to mitigate such attacks.
3. Machine Learning and LLMs for Malicious Activities: Machine Learning and Large Language Models (LLMs) for malicious activities such as fraud and autonomous hacking. This highlights the evolving tactics used by threat actors and the need for advanced detection and mitigation strategies in cybersecurity defenses.
4. Phishing/Maldoc Exploits: significant increases in phishing/maldoc exploits targeting client software are noted in the report. Specific vulnerabilities such as CVE-2023-21716, CVE-2023-38831, CVE-2023-23376, and CVE-2023-23397 are highlighted, indicating the prevalence of these exploit techniques and the importance of timely detection and prevention measures.
5. Lazarus Group Exploiting Windows Driver Zero-Day: the report mentions the Lazarus Group exploiting a Windows driver zero-day vulnerability (CVE-2024-21338) to disable security tools. This underscores the threat posed by sophisticated threat actors and the need for organizations to stay vigilant against such targeted attacks.