Fidelis Blog
Author

Threat Research Team

The Fidelis Threat Research team is comprised of expert security researchers whose sole focus is generating accurate and actionable intelligence to better secure customers. Together, they represent over... Read More

Comments

May 2022 Threat Intelligence Summary

Threat Intelligence May 2022

The Latest Insights from the Fidelis Threat Research Team

The Fidelis Cybersecurity Threat Research Team’s latest report shows a shifting threat landscape that includes the resurgence of familiar adversaries, alongside new state-sponsored attacks, high severity malware, and critical vulnerability exploitation attempts. Fidelis Cybersecurity provides continued coverage and vigilance on the most menacing threats and vulnerabilities so you protect against current threats and stay ahead of whatever comes next.

Read the May 2022 Threat Intelligence Summary

The Resurgence of REvil

REvil ransomware operators retreated after take-down efforts from Russian authorities, however, there is now evidence that the cybercrime syndicate still remains at large. The most recent, observed payloads show that REvil command line parameters, keys, and execution parameters have changed. While REvil presents a significant threat, these findings provide an excellent pivot point and a unique opportunity for discovery and mitigation.

Read the full report to see the how REvil payloads have changed, how you can spot them, and how you can leverage tools like YARA to track these campaign iterations at scale.

Additional Key Findings

Fidelis Cybersecurity continually incorporates network and file-based indicators to provide clients with alerting and detection capabilities for emerging threats. This month, we have added such indicators for key threats, including Chinese state-sponsored Override Panda, Russian state-sponsored APT29, AvosLocker ransomware, illicit commodity remote access tool DarkCrystal, and more.

In this month’s TRT report, you will learn how each of these threats could affect your organization, and you’ll get analyst insights and notes to help you find and eradicate instances withing your networks and endpoints.

May Metrics

Each month presents a new set of challenges for cybersecurity defenders, as adversaries adapt existing threats and create new tactics and techniques. In May 2022, Fidelis Cybersecurity enabled clients to defend their networks and clouds from more than 174K high-severity malware threats, including ransomware, trojans, backdoors, exploit kits, loaders, and droppers. Additionally, Fidelis Cybersecurity helped customers fend off over 900 exploitation attempts across 13 distinct vulnerabilities.

Most Active Vulnerabilities

Following upon April’s trend, older vulnerabilities continued to capture most of the exploitation activity observed activity in May. CVE-2017-11882, aka. “Equation Editor,” accounted for 87% of observed exploit attempts last month. The rampant attempts to exploit this 5-year-old vulnerability highlight the inherent risk of legacy code libraries. Threat actors continue taking advantage of opportunities in unpatched systems, showing just how important it is to harden your perimeter.

Trending Malware

Open-source intelligence feeds once again demonstrated contrasting views of trending malware for May, with AbuseCH and Maldatabase reporting significantly differing lists. The Fidelis Cybersecurity team breaks down each of these lists for May and provides expert analysis and details around the most pressing threats from each list.

Read the report >

About the Fidelis Cybersecurity Threat Research Team

The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.

Visit the Fidelis Cybersecurity Threat Research page to read the complete May 2022 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.

Stay up to date on all things security

Subscribe to the Threat Geek Blog