Source: recordedfuture.com
Data was assembled from the Recorded Future® Platform, open-source intelligence (OSINT), and public reporting on NVD data. This report will assist threat hunters and security operations center (SOC) teams in strengthening their security posture by prioritizing hunting techniques and detection methods based on this research and data along with vulnerability teams looking for ways to prioritize patching and identify trends in vulnerability targeting.
Malware development and vulnerability exploitation in H12022 were defined by tenacity along several aspects, including criminal services, exploit targets, infrastructure maintenance, and operational longevity. The malware categories that were at the forefront of public and criminal attention were wipers, such as were observed targeting Ukraine, infostealers, with some popular variants resurging after an initial disappearance, and ransomware, which continues to victimize all sectors worldwide.
The vulnerability most in defenders’ sights at the beginning of the year was Log4Shell, while by the end of June, the Follina vulnerability (which can be exploited via a malicious document without using macros) indicated a future potential direction for zero-day exploits for the rest of the year.
The top referenced malware variants associated with cyberattacks in H1 2022 were Cobalt Strike, Conti ransomware, Pegasus, DeadBolt ransomware, and Emotet. References to Cobalt Strike were sharply higher than for the others, demonstrating its continued prevalence across many types of cyberattack campaigns. The top referenced vulnerabilities associated with cyberattacks in H1 2022 affected Apache’s Log4J (Log4Shell), Microsoft Windows (Follina), Microsoft Exchange Server (ProxyShell), Atlassian’s Confluence, and the Java Spring Framework. This landscape reflects both zero-day exploitation and continued targeting of known vulnerabilities, and Log4Shell exploitation was observed up to the end of June.
Our outlook for the rest of 2022 based on H1 2022 is that ransomware remains a major threat (although a decline is
overdue), more widespread multi-factor authentication (MFA) will reshape many areas of the criminal landscape, and Russia’s war against Ukraine is likely to result in yet more novel malware from that region.
Download Report
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more