Cyber threats of the past 30 days as seen by Gatewatcher's CTI analysts
Identified Indicators of Compromise (IOCs)
Identified compromise reports (IoCs cluster)
Highlight of the month
Despite being only a small part (1.48% of our Top CVE), it is the first of a series of critical vulnerabilities affecting the log4j library. The danger posed by CVE-2021-44228 lies in its ability to allow an attacker to arbitrarily execute code remotely by submitting data to an application using the journalization of the vulnerable library.
The exploitation of this vulnerability has already been performed by many cybercriminal groups in order to propagate several malware and offensive tools such as Kinsing, Conti, Dridex or Cobalt Strike, as well as Mirai variants, …
LastInfoSec’s CTI analyst team has observed that the vulnerability is currently still being exploited in the wild. We therefore advise companies and organizations to continue without delay to deploy available patches and update the existing tools in place to detect this vulnerability.
In a nutshell, the rapid exploitation by many malicious actors of a vulnerability with this level of risk and the potentially strong impact it can have on all users is a useful reminder at the beginning of this year of the importance of maintaining an active monitoring policy of emerging threats and reinforcing the patching strategies in place.
common vulnerabilities & exposures
Definition of the month
IoCs allow the organization affected by the compromise to detect it promptly in order to implement the appropriate incident response actions. A malicious file condensate, a phishing site’s URL or a Command & Control server domain are a few examples of possible IoC sources.
About the cyber threats barometer
Malware, zero-day vulnerabilities, advanced persistent threats, industries and sectors particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected in the previous month by LastInfoSec, Gatewatcher’s Cyber Threat Intelligence (CTI) platform.
LastInfoSec’s automated collection, analysis and correlation engines are continuously fed by more than three thousand data sources from multiple channels: social networks, specialized sites, darknet and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident response times.