Adam has over 12 years of collective intelligence experience – with 8 years in Cyber Threat Intelligence (CTI) distributed across various disciplines which include: incident response, malware analysis,... Read More
May 10, 2022
April 2022 Threat Intelligence Summary
The Fidelis Cybersecurity Threat Research Team’s latest report provides continued coverage and vigilance on the most menacing threats and vulnerabilities. This month, you’ll see how Russian and Chinese state-sponsored threats and cybercriminals continue to launch intrusion campaigns, taking advantage of the chaotic conditions created by the continuing Russo-Ukraine conflict. You’ll also learn about impactful vulnerabilities in Java—namely Sprin4Shell—that allow threat actors to find alternative methods for exploitation similar to the infamous Log4Shell.
Spring4Shell is the community name given to CVE-2022-22965, a Remote Code Execution (RCE) vulnerability discovered in the Spring web framework (e.g., Spring MVC, Spring Webflux) running with JDK9+ (Java Development Kit) as a Java WAR (Web Application Archive) on an instance of Apache Tomcat. While the conditions for this exploit are not as common as its predecessor, Log4Shell, we recommend determining the systems in your environment that could be vulnerable and patching the vulnerability as quickly time allows.
Read the full report to see the conditions for the exploitation of Spring4Shell and active exploitation attempts for this and other active cyber threats. You’ll also learn how you can use Fidelis Deception 9.5 to stand up a Spring4Shell decoy system to quickly discover and eradicate active exploit attempts in your environment.
Cyber Threat Analysis Highlights
Each month presents a new set of challenges for cybersecurity defenders, as adversaries adapt existing threats and create new tactics and techniques. In April 2022, Fidelis Cybersecurity enabled clients to defend their networks and clouds from more than 170K malware threats of high severity, including ransomware, trojans, backdoors, exploit kits, loaders, and droppers. Additionally, Fidelis Cybersecurity helped customers fend off over 4,000 exploitation attempts across 14 distinct vulnerabilities.
Most Active Vulnerabilities
Older vulnerabilities in user software captured most of the exploitation activity—97% of all observed activity in April. This demonstrates how threat actors continue taking advantage of opportunities in unpatched systems and the continued importance of hardening your perimeter posture to ensure that these exploits don’t present footholds into your systems.
Open-source intelligence feeds observe and report trending malware submissions, but their lists don’t always match. This month demonstrated that contrast, with AbuseCH and Maldatabase reporting significantly differing views of the threat landscape. The Fidelis Cybersecurity team breaks down each of these lists for April and provides expert analysis and details around the most pressing threats from each list.
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete April 2022 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
See Fidelis platforms in action. Learn how our fast, scalable Fidelis Elevate and Fidelis CloudPassage Halo platforms provide deep insights into the SOC to help security teams worldwide protect, detect, respond, and neutralize even the most advanced cyber adversaries.