Welcome to the June 2024 Threat Highlight Report.

June report covers

• Kaspersky software banned from US due to national security concerns.
• New MoveIT SFTP vulnerability under active exploitation within hours of being disclosed.
• Snowflake data warehousing customers targeted in data theft campaign.
• A Chinese APT compromised more than 20,000 Fortinet infrastructure devices in a wide ranging zero-day campaign.
• Ransomware incident at US SaaS supplier CDK heavily impacts more than 15,000 car dealerships.
• Notable AI cybersecurity stories.

The key findings in the June 2024 Threat Highlight Report include:
 

1. US bans Kaspersky: The US Department of Commerce banned Kaspersky from providing cybersecurity products/services in the US due to national security risks and ties with Russian military and intelligence. Updates allowed until September 2024. Speculation is that the ban aims to limit financial and technical support to Russia’s high-tech sector.
2. MOVEit vulnerability: Progress Software disclosed CVE-2024-5806, with WatchTowr revealing an IPWorks SSH vulnerability, raising severity to 9.1. Exploitation attempts followed. MOVEit patched, but no patch has been announced for IPWorks SSH, posing supply chain risks.
3. Snowflake customers breached: Around 150 customers compromised, with many experiencing significant data thefts, with terabytes of data and PII stolen. Old credentials stolen through infostealer infections were leveraged due to the lack of required MFA.
4. New information about Fortinet firewall exploit: A Chinese APT espionage campaign exploited a Fortinet zero-day for months, compromising around 20 000 infrastructure devices. Rootkit like malware was deployed which researchers believe cannot be removed or even detected.
5. CDK ransomware attack: US based SaaS supplier CDK and its customers had their operations halted by BlackSuit ransomware. This incident has paralyzed around 85% of US car dealerships, significantly impacting the economy for over two weeks.
6. AI Security: Compromised secrets, prompt injection vulnerabilities, distributed infostealers and more of the latest AI cybersecurity stories.
   
7. Statistics and Summaries: Positive change in ransomware numbers. Lockbit victim numbers fall sharply, while 8Base, INC Ransom and RansomHouse also decline.