Cybersecurity Digest #43: 7/02/2022 – 18/02/2022

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • ESET published Threat Report T3 2021. ProxyLogon, the vulnerability chain at the bottom of these attacks, ended up being the second most frequent external attack vector in 2021 according to ESET telemetry, right after password-guessing attacks. As you’ll read in the ESET Threat Report T3 2021, Microsoft Exchange servers ended up under siege again in August 2021, with ProxyLogon’s “younger sibling”, named ProxyShell, exploited worldwide by several threat groups. The report also contains comments on trends observed throughout the year, as well as forecasts for 2022 made by researchers and specialists in detecting ESET malware.
  • Veracode released the 12th version of the State of Software Security report, leveraged the full historical data from Veracode services and customers. Key takeaways from the report: scan cadence has grown 20x over the past decade; the number of apps tested per quarter has more than tripled; combined use of static, dynamic, and software composition analysis scans grew by 31% from 2018 to 2021; on average, organizations with Veracode Security Labs training have decreased their time to fix 50% of flaws by 35%.
  • ESET industry report on retail has revealed that retail evolves even under pressure from threats and technology adoption. This report will aim to show how cybercriminals have evolved to better position themselves in the new retail landscape.
  • (ISC)² released Cybersecurity Workforce Study 2021. While the pandemic has brought its share of stresses, most cybersecurity professionals report that their personal morale during the pandemic has been above average 29% or excellent 26%. Globally, 51% of respondents also described their teams’ morale as above average 31% or excellent 20%, and only 12% say that their personal morale has been below average or worse.
  • The Malwarebytes Labs blog provides an overview of the latest Patchwork APT campaign. Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). What is interesting among victims of this latest campaign, is that the actor has for the first time targeted several faculty members whose research focus is on molecular medicine and biological science.
  • Google published Vulnerability Reward Program: 2021 Year in Review. Last year was another record setter for Vulnerability Reward Programs (VRPs). Throughout 2021, company partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep users and the internet safe. Company awarded a record breaking $8,700,000 in vulnerability rewards – with researchers donating over $300,000 of their rewards to a charity of their choice.
  • According to a recent Software Supply Chaim Survey from Anchore, asked 428 executives, directors, and managers in IT, security, development, and DevOps functions about their security practices and concerns and use of technologies for securing containerized applications. The survey revealed that almost 30% of the respondents’ companies were significantly or moderately affected by the attack on the software supply chain in the past year.
  • Google Project Zero specialists posted a report according to which, last year, organizations needed less time to eliminate 0-day vulnerabilities discovered by experts. In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.
  • According to Proofpoint, the TA2541 hacker group from Nigeria has been attacking the aviation industry around the world for years. Her activities have been documented in previous separate campaigns. The TA2541 consistently use remote access trojan (Rat) that can be used to remotely control compromised machines.
  • Sophos published Rapid Response: The Squirrelwaffle Incident Guide. This guide shows Security Operations Center and Incident Response Teams how to detect and respond to the presence of Squirrelwaffle on the network – a malicious dropper or loader used to deliver other malware onto target systems.
  • Splunk published the report Accelerating Forward: The State of Cloud-Driven Transformation. This year’s research reveals how organizations are now optimizing their cloud transformations to continue unlocking innovation. The report provides a comprehensive overview of the challenges, opportunities and strategies associated with cloud transformation today.
  • The annual vulnerability report surveys the threat landscape of 2021, produced by Recorded Future’s threat research team, Insikt Group. According to data from the US National Institute of Standards and Technology, National Vulnerability Database, 21,957 vulnerabilities were published to the NVD in 2021. Comparing the increase in new disclosures since 2017, 2021 showed a threefold increase in the margin of difference from 2019 to 2020. However, of the 16,473 newly disclosed vulnerabilities with a CVE designator of 2021 listed in the NVD database, only 119 of these vulnerabilities are known to have been actively exploited (per the CISA Known Exploited Vulnerabilities Catalog).

Major Cyber Incidents