Threat Research: Findings and Analysis
BSIDESSF 2022: FROM THE GROUND UP
June 4 – 5, 2022
Cyber Effects | Russo-Ukrainian Conflict
The Ukrainian region has suffered a string of cyber-attacks against government agencies, the banking community, and defense industries. On 24 February 2022, the situation escalated when Russia employed both physical and cyber force against Ukraine.
This attack may have far-reaching consequences both within and beyond the region. The cybersecurity community – especially critical infrastructure network defenders – must adopt a heightened state of awareness and to conduct proactive threat hunting. Every organization must be prepared to respond to disruptive cyber activity.
Fidelis Cybersecurity is dedicated to helping our customers defend their networks against these escalating attacks and emerge stronger and more secure. We are in this together.
April 2022 Threat Intelligence Summary
On the heels of Log4Shell, Java continued to be plagued by impactful vulnerabilities in April – namely Spring4Shell. The conditions for exploitation of Spring4Shell are not as commonly found, but third-party observations of active exploitation from these threat actors, underscore the threat actor interest and efficacy of this recent vulnerability.
The Russo-Ukraine conflict continues. With it, interest from other nation-states and cybercriminal actors seeking to exploit the relevant theme in their intrusion campaigns – IcedID/Bokbot, Lyceum, Machete, SideWinder. Additionally, Russian and Chinese state-sponsored threats (SandWorm and HAFNIUM, respectively) continue to be an issue.
In response, Fidelis Cybersecurity enhanced our alerting and detection capabilities against Russian and Chinese threats as well as capabilities against cybercriminals operating malware such as Emotet, SolarMarker, PYSA ransomware, and BlackGuard info stealer.