August 6th Weekly Attack Surface Attribution Intelligence
This week there were seven (7) distinct vulnerabilities, affecting five (5) products, being discussed across the dark web. Out of these vulnerabilities, one product was associated with techniques used by attack groups contained within Mitre’s ATT&CK framework.
Out of the five products being affected by these vulnerabilities, one product – Microsoft Office was the primary vendor of interest across the dark web.
CVE-2015-2545 affects Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1. The affected products allow remote attackers to execute arbitrary code via a crafted EPS image, aka “Microsoft Office Malformed EPS File Vulnerability.”
In analyzing the TTPs used by the threat actors in the ATT&CK framework, we uncovered 48 specific Advanced Persistent Threat (APT) groups which leverage various TTPs impacting these vulnerabilities.
For many of these threat actors, the country of origin is unknown; however, this week the top countries of origin that could be identified are China, Iran and Russia.
Cybeta is a cybersecurity data science firm focused on developing advanced analytics for early indications and warning of potential or emerging cyber-attacks. Our flagship product, Threat BetaTM, has been independently verified and validated to provide accurate forecasting of future breach exposure.
Cybeta works with various data providers as well as through our own deployment of network sensors to provide a continuous stream of near-real time data for our analytics and prediction engine. By providing corporate executives and government officials with advanced insights into future attack potential, we are enabling organizations to make the shift towards an active defense cybersecurity strategy.
About Our Newsletter
In an effort to further our mission of enabling organizations to take on an active defense cybersecurity strategy, our newsletter is the result of our analytic work which culls through dark web forums; collects, aggregates and analyzes internet infrastructure data, vulnerabilities, weaknesses and exploits deployed around the world.
Each week our newsletter will present our findings of which vulnerabilities and exploits were being discussed by hackers, nation states, cyber criminals and information security researchers across the dark web. We map this data to the tactics, techniques and procedures (TTPs) we see in the Mitre ATT&CK framework datasets.
Where and when it is available, we will also present where we have uncovered these specific vulnerabilities, while not drawing attention to the specific organization owning the vulnerable infrastructure.