Cato's quarterly threat report also reveals top spoofed
brands for cybersquatting
TEL
AVIV, Israel, Aug. 13,
2024 /PRNewswire/ -- Cato Networks, the creator of
SASE, today published the Q2 2024 Cato CTRL SASE Threat Report,
which provides insights into the threat landscape across several
key areas: hacking communities and the dark web, enterprise
security and network security. The insights are collected from Cato
CTRL's analysis of 1.38 trillion network flows across more than
2,500 customers globally between April and June 2024.
"With the Q2 2024 Cato CTRL SASE Threat Report, we are putting
the spotlight on a notorious threat actor named IntelBroker. He is
aggressive in selling data and source code from major brands,
including tech companies like AMD, Apple, Facebook and Microsoft,"
said Etay Maor, chief security
strategist at Cato Networks and founding member of Cato CTRL.
"Amazon is another brand that we're seeing impacted by
cybersquatting, which is a popular technique for threat actors to
conduct phishing attacks."
IntelBroker is a highly active threat actor selling data and
source code
In its investigation of hacking communities and the dark web,
Cato CTRL came across a threat actor named IntelBroker, who is a
prominent figure and moderator in the BreachForums hacking
community.
IntelBroker's illicit activities encompass a wide range of
cybercriminal tactics. In recent months, IntelBroker has offered to
sell data and source code from AMD, Apple, Facebook, KrypC,
Microsoft, Space-Eyes, T-Mobile and U.S. Army Aviation and Missile
Command.
Amazon is the top spoofed brand—thanks to
cybersquatting
Cybersquatting involves using a domain name with the intent to
profit off another brand's registered trademark. Threat actors
leverage cybersquatting to harvest user credentials through various
techniques, including malware distribution or phishing attacks.
In Q2 2024, Cato CTRL observed that Amazon was the top spoofed
brand by a significant margin (66% of domains), with Google ranked
second at 7%. Given the popularity of Amazon, users should be wary
of threat actors creating counterfeit websites that ask to submit
sensitive information. Users could be putting themselves or their
organizations at risk.
Log4j remains a popular vulnerability that threat actors
attempt to exploit
Three years after its discovery in 2021, Log4j remains one of
the most used vulnerabilities leveraged by threat actors. From Q1
2024 to Q2 2024, Cato CTRL observed a 61% increase in the attempted
use of Log4j in inbound traffic and a 79% increase in the attempted
use of Log4j in WANbound traffic.
The Oracle WebLogic vulnerability, which originated in 2020, is
another popular exploit leveraged by threat actors. From Q1 2024 to
Q2 2024, Cato CTRL observed a 114% increase in the attempted use of
the Oracle WebLogic vulnerability in WANbound traffic.
Inbound traffic is traffic that doesn't originate from within
the network, while WANbound traffic resides within a WAN
environment. For threat actors, these are different potential entry
points to infiltrate organizations and conduct attacks.
Resources
- Download the Q2 2024 Cato CTRL SASE Threat Report.
- Read the blog from Etay Maor, founding member of Cato
CTRL.
- Visit the Cato CTRL page to learn more about
Cato's threat intelligence team.
Methodology
The Q2 2024 Cato CTRL SASE Threat Report summarizes findings
from Cato CTRL's analysis of 1.38 trillion network flows across
more than 2,500 customers globally between April and June 2024.
About Cato CTRL
Cato CTRL (Cyber Threats Research Lab) is the world's first CTI
group to fuse threat intelligence with granular network insight
made possible by Cato's global SASE platform. By bringing together
dozens of former military intelligence analysts, researchers, data
scientists, academics and industry-recognized security
professionals, Cato CTRL utilizes network data, security stack
data, hundreds of security feeds, human intelligence operations, AI
(Artificial Intelligence), and ML (Machine Learning) to shed light
on the latest cyber threats and threat actors.
About Cato Networks
Cato Networks delivers enterprise security and networking in a
single cloud platform. With Cato, organizations replace costly and
rigid legacy infrastructure with an open and modular SASE
architecture based on SD-WAN, a purpose-built global cloud network,
and an embedded cloud-native security stack.
Want to learn why thousands of organizations secure their future
with Cato? Visit us at www.catonetworks.com.
Contact
Cato Communications
press@catonetworks.com
View original
content:https://www.prnewswire.com/news-releases/new-threat-report-from-cato-networks-uncovers-threat-actor-selling-data-and-source-code-from-major-brands-302221317.html
SOURCE Cato Networks