DXC Security Threat Intelligence Report

Stay up to date on the latest threats, vulnerabilities and nation-state activities.

Mark Hughes, president of Security, DXC

New threats and widespread vulnerabilities

There’s plenty to keep security organizations awake at night these days including geopolitical threats, new malware, key vulnerabilities and mobile device threats.

THREAT UPDATE

Top 10 threats of 2022 — for now

Here’s a look at 10 major threats and vulnerabilities so far in 2022.

NATION STATE

AcidRain wiper linked to communications outage

This new malware is designed to disable modems to disrupt satellite communication by exploiting a misconfiguration in a VPN appliance to gain remote access.

VULNERABILITY

Spring by VMware addresses Spring4Shell vulnerabilities

Java application vendor Spring has issued releases to address separate RCE vulnerabilities in Spring Framework and Cloud Function.

By the numbers

105%
rise in ransomware attacks, to 623.3 million in 2021
5.4 billion
malware attacks in 2021
77%
of business leaders say phishing attacks are their number one concern
135,000
fake tax refund websites in 2022
15% growth rate
year over year in cybercrime costs for companies worldwide by 2025, up from $3 trillion in 2015 to $10.5 trillion by 2025

VULNERABILITY

CISA adds 32 known exploited vulnerabilities to catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added 32 new vulnerabilities of significant risk to its catalog.

VULNERABILITY

Apple issues patches for 2 actively exploited zero days

Apple has issued patches for two out-of-bounds vulnerabilities for MacOS Monterey.

THREAT UPDATE

Don’t fall for MFA prompt bombing

Both Lapsus$ and APT29 used MFA bombing to bypass multifactor authentication at their respective targets: Microsoft and SolarWinds.

How to harden Kubernetes clusters against cybercrime

Kubernetes clusters are a prime target for data theft, computational power theft and DoS attacks. Here are some tips for preventing attacks.

Subscribe for the latest threat updates.

THREAT UPDATE

Lapsus$ claims responsibility for Globant Breach

The LAPSUS$ data extortion group claims to have siphoned 70Gb of data including customer source code from the software services company.

NATION STATE

Malspam disguised as a PDF file hits South Korea

Malicious emails attributed to North Korean Kimsuky APT group strike South Korean industries, nuclear power plants and government organizations.

THREAT UPDATE

IcedID phishing campaign uses compromised Exchange servers

New IcedID malspam campaign exploits the trusted sender vector by using compromised internal servers.

What’s next for enterprise security? Look to public cloud

The latest integrated security tools from leading cloud providers could be a catalyst to simplify and modernize IT environments. DXC's cloud and security experts share insights on how to simplify complex environments, increase speed and flexibility, and control costs.

Other news

Germany takes down Russian Hydra marketplace

Germany’s Federal Criminal Police Office shut down the world's largest illegal darknet marketplace and seized $25 million in bitcoin.

MailChimp breach targets crypto customers

Hackers accessed the email marketing firm’s internal customer support and account management tools to steal Trezor owners’ data and launch phishing attacks.

New Android spyware linked to Turla

A spyware application using a C2 server linked to Turla hackers poses as a process manager service to siphon sensitive information from infected devices.

APT groups use Ukraine war as a lure

At least three different advanced persistent threat (APT) groups launched spear-phishing campaigns using documents and other decoys about the conflict. 

New RAT controls victim’s mouse and more

Borat, a new hidden remote access trojan (RAT), allows complete control of a victim’s mouse, keyboard, access files and network points.

Windows 11 to beef up security protection

Microsoft says a future Windows 11 release will enhance phishing protection and encryption and block malicious apps and drivers. 

Former Block employee downloads customer data

A former worker illegally downloaded reports from the financial services and digital payments company’s Cash App Investing offering.

VMware Carbon Black patches vulnerabilities

VMware has issued updates for multiple vulnerabilities in its popular Carbon Black endpoint security software.

 

 

DXC Security Threat Intelligence Report

Get the latest threat updates

Protect your enterprise. Subscribe to DXC's monthly report on the latest threats, breaches, cybercrimes and nation-state activities.