Threat Research: Findings and Analysis

Fidelis Cybersecurity
The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is then fed directly into our platforms, products and services to help our customers detect, neutralize and eliminate threats before they can harm production systems.

The Latest Cybersecurity Threats

Apache Log4j 
  • CVE-2021-44228 
  • CVE-2021-45046 
  • CVE-2021-45105 

Overview | 2021

The global shift to remote work has all but disintegrated the concept of the traditional network perimeter, and advanced threat actors continue to capitalize on the expanded opportunities provided through remote access. We are seeing the following trends: 

  • Exploit privileged user credentials and model a rogue system administrator.  
  • Adept at using living-off-the-land binaries.
  • Ransomware dominates the cybercrime landscape
  • Rapidly adopting exploitation techniques showcased by nation-states 
  • Increasingly complex threat landscape with blurred lines between geopolitics and transnational cybercrime  
  • An ideological clash between the old guard who claim adherence to a thief’s code, and a newer nihilist mindset of all bets being off—as the next generation of enterprising cybercriminals begin to take the reins. 

2021 Threat Intelligence Recap

The year 2021 introduced 20,141 new vulnerabilities, which is about a 10% increase over what we saw in 2020. (2020 had 5% more new vulnerabilities than 2019.) A staggering 1125 of the 2021 vulnerabilities ranked with a Common Vulnerability Scoring System (CVSS) score of 9 out of 10. While the CVSS scoring mechanism holds value, our Threat Research team also applies expert analysis to identify the most critical issues so you can better prioritize your efforts.

The ‘rate of increase’ in vulnerabilities doubled in 2021 as compared to the increase in the previous year.

Just the rate of increase or CVSS scores do not tell the whole story. Our Real-Time Vulnerability Alerting Engine cuts through the noise by harnessing public data and applying proprietary data analytics to get real-time alerts for highly seismic vulnerability exposures and misconfigurations—making vulnerability fatigue a thing of the past.

Since its first launch at BSidesSF, we have continually improved our real-time vulnerability alerting engine, allowing us to provide this quarterly vulnerability and trends report to keep you ahead of the most pressing threats. Here is the most recent vulnerability report, including the top Common Vulnerabilities and Exposures (CVE) list for the entire year of 2021.

December Threat Intelligence Summary

Log4j dominated headlines and SOC team priorities in December 2021.

Fidelis Cybersecurity enabled clients to detect and respond to more than 184K+ Log4j (Log4j2) events (including active exploitation attempts and vulnerability scanning).

Log4Shell events were largely consolidated (60%) to the Healthcare/Pharmaceutical sector.

Fidelis enabled clients to defend their networks from 17M+ instances of malicious software traversing the Internet.

Prior Threat Research Reports

  • November 2021 Threat Intelligence Summary
  • Fidelis CloudPassage Vulnerability and Trends Report Q3 2021
  • Fidelis CloudPassage Vulnerability and Trends Report Q2 2021
  • Top CVE List for Q1 2021
  • Fidelis Threat Intelligence Report Feb/Mar 2021  
  • Fidelis Threat Intelligence Report Jan 2021 
  • Fidelis Threat Research on Solar Winds

Learn More

Workshop

Taking Down Nation-State Botnets