We at Infoblox are pleased to publish this edition of our Quarterly Cyber Threat Intelligence Report. The Q1 2022 report includes our publicly released threat intelligence reports from January 1 to March 31, 2022. This quarter, we also share important alerts, advisories, and reports that CISA, the Federal Bureau of Investigation, and National Security Agency/Central Security Service published during this quarter.
We put a special spotlight on using MITRE ATT&CK to clarify the DNS attack surface and how DNS security can address these threats directly.
We also spotlight the state of cyber security within South Asia. We have recently seen an attack upon Air India; the number of cyber attacks against the government and businesses in India has doubled in the past three years. We present a recent case study of the implementation of DNS security by an e-commerce leader in India.
What’s in the Report
This publication supplements our original research and insight into threats we observed leading up to and including this period of time. Our report includes a detailed analysis of advanced malware campaigns and of recent significant attacks. In some cases, we share and expand on original research published by other security firms, industry experts, and university researchers. We feel that timely information on cyber threats is vital to protecting the community at large.
Usually, we report on specific threats and related data, customer impacts, analysis of campaign execution and attack chains, as well as vulnerabilities and mitigation steps. We also share background information on the attack groups likely responsible for the threats under review.
Here is the link to download your copy of the Q1 2022 Cyber Threat Intelligence Report:
During Q1 2022, the Infoblox Threat Intelligence Group published the following reports which included extensive research on Ukrainian-themed campaigns:
- Cyber Threat Advisory: Formbook Deploys New Evasive Techniques
- Cyber Threat Advisory: Ukrainian Support Fraud
- Ukraine-Themed Malspam Drops Agent Tesla
- “Ukraine war” Malspam Delivers Remcos
- Ukraine Scam Campaigns
Increase SecOps efficiency with comprehensive threat intelligence
Our Q1 2022 Cyber Threat Intelligence report shares research on many dangerous malware threats. Your security effectiveness depends on timely, up-to-date threat intelligence. Using tools included in Infoblox BloxOne® Threat Defense, security teams can collect, normalize and distribute highly accurate, multi-sourced threat intelligence to strengthen the entire security stack. Additional capabilities can help SecOps to accelerate threat investigation and response by up to two-thirds.
Automation plays a key role in all capabilities in BloxOne Threat Defense, accelerating remediation and eliminating management overhead. Automated responses can be triggered throughout the security ecosystem. Investigation and remediation are accelerated further with access to all relevant threat and network data available in context.
Curated, multi-sourced threat intelligence
BloxOne Threat Defense provides you with access to approximately 27 different threat feeds. Curation by the Infoblox Cyber Intelligence Unit (CIU) drives accuracy while minimizing false positives and enables you to customize the mix based on your needs. BloxOne Threat Defense collects, curates and aggregates threat information from Infoblox, your other commercial tools and third-party government sources. A normalized “super-feed” can then be shared across the security stack, potentially increasing the effectiveness of every defense.
Efficiency tools for analysts
The Dossier™ feature of BloxOne Threat Defense provides a purpose-built threat research tool. It presents an organized and simpler way to investigate a current threat, determine an effective response or to simply research the top threats to your organization or the world in general.
Integrated third-party intelligence sources
A broad set of REST APIs enable you to ingest additional threat intelligence from third-party premium, public or private threat feeds, further enhancing your core threat intelligence. This capability is particularly powerful for those participating in threat intelligence exchange programs.
Please download the Infoblox complementary report here: https://info.infoblox.com/resources-whitepapers-infoblox-q1-2022-cyberthreat-intelligence-report
For more information about our paid threat intelligence services and products please go to https://www.infoblox.com/products/threat-intelligence/ or reach out directly to our sales team via https://www.infoblox.com/company/contact/.