The Fidelis Threat Research team is comprised of expert security researchers whose sole focus is generating accurate and actionable intelligence to better secure customers. Together, they represent over... Read More
May 31, 2022
May 2022 Threat Intelligence Summary
The Latest Insights from the Fidelis Threat Research Team
The Fidelis Cybersecurity Threat Research Team’s latest report shows a shifting threat landscape that includes the resurgence of familiar adversaries, alongside new state-sponsored attacks, high severity malware, and critical vulnerability exploitation attempts. Fidelis Cybersecurity provides continued coverage and vigilance on the most menacing threats and vulnerabilities so you protect against current threats and stay ahead of whatever comes next.
REvil ransomware operators retreated after take-down efforts from Russian authorities, however, there is now evidence that the cybercrime syndicate still remains at large. The most recent, observed payloads show that REvil command line parameters, keys, and execution parameters have changed. While REvil presents a significant threat, these findings provide an excellent pivot point and a unique opportunity for discovery and mitigation.
Read the full report to see the how REvil payloads have changed, how you can spot them, and how you can leverage tools like YARA to track these campaign iterations at scale.
Additional Key Findings
Fidelis Cybersecurity continually incorporates network and file-based indicators to provide clients with alerting and detection capabilities for emerging threats. This month, we have added such indicators for key threats, including Chinese state-sponsored Override Panda, Russian state-sponsored APT29, AvosLocker ransomware, illicit commodity remote access tool DarkCrystal, and more.
In this month’s TRT report, you will learn how each of these threats could affect your organization, and you’ll get analyst insights and notes to help you find and eradicate instances withing your networks and endpoints.
Each month presents a new set of challenges for cybersecurity defenders, as adversaries adapt existing threats and create new tactics and techniques. In May 2022, Fidelis Cybersecurity enabled clients to defend their networks and clouds from more than 174K high-severity malware threats, including ransomware, trojans, backdoors, exploit kits, loaders, and droppers. Additionally, Fidelis Cybersecurity helped customers fend off over 900 exploitation attempts across 13 distinct vulnerabilities.
Most Active Vulnerabilities
Following upon April’s trend, older vulnerabilities continued to capture most of the exploitation activity observed activity in May. CVE-2017-11882, aka. “Equation Editor,” accounted for 87% of observed exploit attempts last month. The rampant attempts to exploit this 5-year-old vulnerability highlight the inherent risk of legacy code libraries. Threat actors continue taking advantage of opportunities in unpatched systems, showing just how important it is to harden your perimeter.
Open-source intelligence feeds once again demonstrated contrasting views of trending malware for May, with AbuseCH and Maldatabase reporting significantly differing lists. The Fidelis Cybersecurity team breaks down each of these lists for May and provides expert analysis and details around the most pressing threats from each list.
About the Fidelis Cybersecurity Threat Research Team
The Threat Research team (TRT) at Fidelis Cybersecurity researches and analyzes the latest threats and issues. The intelligence we gather from multiple open-source and proprietary sources about our cyber adversaries’ tactics, techniques, and procedures (TTPs) is fed directly into our platforms, products, and services to help our customers detect, neutralize, and eliminate threats before they can harm production systems.
Visit the Fidelis Cybersecurity Threat Research page to read the complete May 2022 Threat Intelligence Summary, along with information on critical threats and resources to help you better prepare for the next attack.
See Fidelis platforms in action. Learn how our fast, scalable Fidelis Elevate and Fidelis CloudPassage Halo platforms provide deep insights into the SOC to help security teams worldwide protect, detect, respond, and neutralize even the most advanced cyber adversaries.