DXC’s cyber threat intelligence team has identified 10 major threats and vulnerabilities so far in 2022. A major concern is the large number of threats associated with widespread and high-risk vulnerabilities that can impact all industries, with growing attacks on mobile devices. On April 20, five cyber security agencies issued a warning of potential Russian state-sponsored threats of malicious cyber activity. Here are the top 10 threats from the first quarter of 2022.
Exploitation of high-risk and high-prevalence vulnerabilities
- An exploit against VMware Horizon servers is circulating on the internet against a vulnerability in Apache Log4j, a widely used Java-based logging utility/ library. The critical and easy-to-exploit vulnerability allows an unauthenticated remote actor to take full control of an affected system or server.
- An easy-to-exploit, remote unauthenticated HTTP(S) vulnerability in SAP NetWeaver Application Server, Content Server, Web Dispatcher and the ABAP Platform, CVE-2022-22536, allows an unauthenticated attacker to impersonate the victim or poison intermediary Web caches, potentially compromising the system’s confidentiality, integrity and availability.
- Russia-linked Cyclops Blink malware is indiscriminately and widely attacking multiple models of Taiwan-made ASUS routers. A specialized module gathers information about files, executables, data and libraries from the flash memory and then establishes permanent residence.
- As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can steal sensitive user data and participate in DDoS attacks. Attacks include TrickBot malware using MikroTik routers as proxy servers for its C2 servers.
Geopolitical threats
- State-sponsored Wiper malware attacks against infrastructure, government and businesses could threaten companies from around the globe and begin wiping out drives and data to create chaos or send a message. Some of the wiper technology is particularly pernicious, penetrating Active Directory Group Policy Objects (GPOs) to operate from inside an organization to impersonate employees and “live off the land,” encrypting or wiping out whatever they want, wherever they want.
- The U.S. Justice Department’s National Security Division secretly removed malware from computer networks around the world in March to pre-empt Russian cyberattacks. The malware was designed to infect firewalls and make compromised networks part of an advanced botnet called Cyclops Blink (see above). Botnets are typically used for large-scale DDoS attacks, to send spam and to compromise sensitive information.
- In January and early February, Russian intelligence agencies announced they had arrested members of three high-profile cybercrime groups, but it is difficult to decipher if those arrests were signs of genuine reform, propaganda or militarization of the criminal groups. In related research, a report from the cybersecurity firm Analyst1 details why it believes Russian intelligence services worked with prominent ransomware gangs to develop and deploy custom malware targeting U.S. government and government-affiliated organizations, including companies serving U.S. military clients.
- The Russia-based ransomware group Conti has vowed to strike the critical infrastructures of anyone who organizes cyberattacks or war activities against Russia. At the same time, Anonymous hacktivists have taken credit for various attacks and threatened to target corporations that refuse to pull their business from Russia.
Exploitation and abuse of mobile devices
- Zero-click attacks allow hackers to break into a phone or computer even if its user doesn't open a malicious link or attachment. Hackers instead exploit a series of security flaws in Apple iOS or Google Android operating systems. Once inside, they can install spyware that can steal data, listen in on calls and track the user’s location.
- Numerous Trojans targeting the Android platform have increased in frequency over recent months and provide an active threat towards mobile and remote global workforces. While they have primarily targeted financial and banking organizations, the information-stealing and weaponizing possibilities provide reasons for more widespread concern. One Android banking trojan with over 50,000 installations has been observed on the official Google Play Store.
While no defense is iron-clad, up-to-date cyber defense and security risk management strategies and services can help harden end-to-end cyber security capabilities and minimize risk. For a more secured infrastructure, ensure tight integration among perimeter, network, endpoint and advanced protection solutions.