Fidelis Blog
Author

Amol Sarwate

Amol Sarwate heads Fidelis and CloudPassage worldwide threat and security research lab responsible for Network, Endpoint and Cloud. He has devoted his career to protecting, securing, and educating... Read More

Comments

July 2022 Threat Intelligence Summary

The Latest Insights from the Fidelis Threat Research Team

The Fidelis Cybersecurity Threat Research Team’s latest report shows a shifting threat landscape that includes the resurgence of familiar threats, alongside new, widespread vulnerabilities in leading internet browsers that affected billions of users worldwide. Fidelis Cybersecurity provides continued coverage and vigilance on the most menacing threats and vulnerabilities, to keep your organization protected against current threats and allow you to stay ahead of whatever comes next.

Read the July 2022 Threat Intelligence Summary

 

A Zero-day Exploit Poses Threat to Billions Worldwide

CVE-2022-2294 marked the fourth zero-day hack against the Google Chrome browser in 2022. This high severity vulnerability has been exploited by malicious actors, targeting organizations with sophisticated spyware. While the exploit primarily targeted Chrome users, Microsoft and Apple patched the same flaw in their Edge and Safari browsers, respectively. Users of all three browsers are also urged to update their systems.

Read the full Threat Intelligence Summary to find details on CVE-2022-2294, including how to patch your affected systems.

 

Additional Key Findings

The month of July also introduced high-profile vulnerabilities affecting organizations, including:

  • CVE-2022-33980: New threats to the Apache Commons configuration software library
  • CVE-2022-230190: Remote code execution vulnerabilities in the Microsoft Support Diagnostic Tool (MSDT)
  • CVE-2022-22047: A new vulnerability that leads to elevation of privileges in Windows client-server runtime subsystem (CSRSS)

The Threat Intelligence Summary contains details on these and other vulnerabilities that are trending in the wild.

Read the report >

 

July Metrics

Each month presents a new set of challenges for cybersecurity defenders, as adversaries adapt existing threats and create new tactics and techniques. In July 2022, Fidelis Cybersecurity enabled clients to defend their networks and clouds from more than 276,155 high-severity malware threats, including ransomware, trojans, backdoors, exploit kits, loaders, and droppers. Additionally, Fidelis Cybersecurity helped customers fend off over 438 exploitation attempts across 20 distinct high-profile vulnerabilities.

 

Most Active Vulnerabilities

As usual, we see a lot of older vulnerabilities in our telemetry. This month, the predominant vulnerability tracked through our telemetry was a Remote Code Execution (RCE) vulnerability pertaining to Apache Struts (CVE-2018-11776). This vulnerability exists in the Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. Other notable CVEs identified in Fidelis telemetry included CVE-2017-0199, which allows for arbitrary code execution on older, unpatched Windows Office and Server versions, and CVE-2021-44228, which is a continued Log4j2 issue. Exploits of these long-standing CVEs highlight the importance of real-time alerting and continual patching.

Trending Malware

This month’s trending malware saw a resurgence of existing threats, including the vobfus family of worms, XoDdos and Gafgyd distributed denial of service (DDoS) malwares, and the Prometei multi-stage cryptocurrency botnet. While these are all older malware, they pose a high level of threat and can do significant damage to affected organizations. Be sure you have the latest information on how to detect and respond quickly so you can stay ahead of cyber adversaries.

Read the report >

 

About the Fidelis Cybersecurity Threat Research Team

The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.

Visit the Fidelis Cybersecurity Threat Research page to read the complete July 2022 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.

Stay up to date on all things security

Subscribe to the Threat Geek Blog