March 2022 Threat Research Team Report
Fidelis Security’s March 2022 Threat Intelligence Report gives a detailed review of the top cybersecurity threats and trends identified during that period.
The report focuses on the emergence of the CaddyWiper malware, which targeted Ukrainian networks by overwriting user files and deleting the Master Boot Record. Fidelis Security’s research of CaddyWiper’s techniques indicates various options for detection and mitigation via their proprietary YARA implementation.
The study also discusses ongoing DDoS attacks on Ukrainian government websites, as well as phishing attempts targeting Ukrainian and Polish institutions by state-sponsored actors in Russia (APT28) and Belarus (UNC1151).
In terms of malware telemetry, Fidelis allowed clients to protect against over 186,000 high-severity malware threats, including H-worm, Andromeda, Chanitor, Fareit, and TrickBot.
The report also discusses trending malware identified by various intelligence sources, including Dridex, Quakbot, and AgentTesla.
In addition to that, Fidelis telemetry identified over 6,000 major vulnerability exploitation attempts, with CVE-2021-26858 (Microsoft Exchange RCE) contributing for over 70% of the observed activity. The research also highlights new vulnerability concerns, including CVE-2022-1096 (Chromium RCE) and CVE-2022-0847 (Linux Kernel LPE).