Threat Research: Findings and Analysis

Fidelis Cybersecurity
The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is then fed directly into our platforms, products and services to help our customers detect, neutralize and eliminate threats before they can harm production systems.

BSIDESSF 2022: FROM THE GROUND UP

June 4 – 5, 2022

Cyber Effects | Russo-Ukrainian Conflict

The Ukrainian region has suffered a string of cyber-attacks against government agencies, the banking community, and defense industries. On 24 February 2022, the situation escalated when Russia employed both physical and cyber force against Ukraine.

This attack may have far-reaching consequences both within and beyond the region. The cybersecurity community – especially critical infrastructure network defenders – must adopt a heightened state of awareness and to conduct proactive threat hunting. Every organization must be prepared to respond to disruptive cyber activity.  

Fidelis Cybersecurity is dedicated to helping our customers defend their networks against these escalating attacks and emerge stronger and more secure. We are in this together.

April 2022 Threat Intelligence Summary

On the heels of Log4Shell, Java continued to be plagued by impactful vulnerabilities in April – namely Spring4Shell. The conditions for exploitation of Spring4Shell are not as commonly found, but third-party observations of active exploitation from these threat actors, underscore the threat actor interest and efficacy of this recent vulnerability.

The Russo-Ukraine conflict continues. With it, interest from other nation-states and cybercriminal actors seeking to exploit the relevant theme in their intrusion campaigns – IcedID/Bokbot, Lyceum, Machete, SideWinder. Additionally, Russian and Chinese state-sponsored threats (SandWorm and HAFNIUM, respectively) continue to be an issue.

In response, Fidelis Cybersecurity enhanced our alerting and detection capabilities against Russian and Chinese threats as well as capabilities against cybercriminals operating malware such as Emotet, SolarMarker, PYSA ransomware, and BlackGuard info stealer.

Learn More

Workshop

Taking Down Nation-State Botnets