We at Infoblox are pleased to publish this edition of our Quarterly Cyber Threat Intelligence Report. The Q3 2021 report includes our 30+ publicly released threat intelligence reports from July 1, 2021, to September 30, 2021. This quarter, we share a preview of our research into a healthcare data breach; cover the execution of the cybersecurity sprints being conducted by the United States Department of Homeland Security; discuss the rapid and important evolution of the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model; and summarize important IC3 industry alerts, advisories, and reports that the Federal Bureau of Investigation, National Security Agency, and Central Security Service published during this quarter.
This publication supplements our original research and insight into threats we observed leading up to and including this period of time. Our report includes a detailed analysis of advanced malware campaigns and of recent significant attacks. In some cases, we share and expand on original research published by other security firms, industry experts, and university researchers. We feel that timely information on cyber threats is vital to protecting the community at large.
Usually, we report on specific threats and related data, customer impacts, analysis of campaign execution and attack chains, as well as vulnerabilities and mitigation steps. We also share background information on the attack groups likely responsible for the threats under review.
Here is the link to download your copy of the Q3 2021 Cyber Threat Intelligence Report:
During Q3 2021, the Infoblox Cyber Intelligence Unit (CIU) published the following reports on campaigns that delivered malware:
- Reply-Chain Threadjacking Campaign Delivers Squirrelwaffle Loader and Cobalt Strike
- Likely FIN7 Recon Campaign
- Fake Delivery Emails Deliver AsyncRAT
- XpertRAT Returns
- Hancitor Adds Second Redirect
- GuLoader Delivers Remcos RAT
- New Malware: Capturador Hijacker
- Hive Ransomware
- Fake Shipping Emails Deliver Ratty RAT
- OnePercent Group Ransomware Campaign
- “Urgent Report” Spam Drops Danabot Banking Trojan
- Update on the Attack on the Italian Regional Data Center
- Transfer-Themed Malspam Drops STRRAT
- New Spam Actor: EggshellCheetah
- Swift Payment-Themed Malspam Delivers Oski Stealer
- LemonDuck Trojan Delivers Cryptominers and Other Malware
- Cyber Threat Advisory: Attack on Italian Regional Data Center
- Infoblox Identifies New Threat Actor: WhiteSawShark and New Malware—HadLoader
- Purchase Order Malspam Delivers Snake Keylogger
- Cyber Threat Advisory: APT31 Targeting France
- Adult-Themed Mimail Worm Campaign Steals Victim Information
- Cyber Threat Advisory: U.S. Oil Pipeline Intrusion
- Cyber Threat Advisory: APT40 TTPs and Trends
- Spoofed Kazakh Malspam Delivers Neshta Infostealer
- Cyber Threat Advisory: SonicWall Vulnerability
- Fake Kaseya Patch Malspam Campaign
- Cyber Threat Advisory: Kaseya Ransomware Attack Update: Patch Available
- Cyber Threat Advisory: DarkSide Ransomware Variant
- Malspam RTF Files Drop Formbook Infostealer
- Cyber Threat Advisory: Kaseya REvil Ransomware Attack
- Fancy Bear Brute Force Attacks
Increase SecOps efficiency with comprehensive threat intelligence
Our Q3 2021 Cyber Threat Intelligence report shares research on many dangerous malware threats. Your security effectiveness depends on timely, up-to-date threat intelligence. Using tools included in Infoblox BloxOne® Threat Defense, security teams can collect, normalize and distribute highly accurate, multi-sourced threat intelligence to strengthen the entire security stack and secure DNS. Additional capabilities can help SecOps to accelerate threat investigation and response by up to two-thirds.
Automation plays a key role in all capabilities in BloxOne Threat Defense, accelerating remediation and eliminating management overhead. Automated responses can be triggered throughout the security ecosystem. Investigation and remediation are accelerated further with access to all relevant threat and network data available in context.
Curated, multi-sourced threat intelligence
BloxOne Threat Defense provides you with access to approximately 27 different threat feeds. Curation by the Infoblox Cyber Intelligence Unit (CIU) drives accuracy while minimizing false positives and enables you to customize the mix based on your needs. BloxOne Threat Defense collects, curates and aggregates threat information from Infoblox, your other commercial tools and third-party government sources. A normalized “super-feed” can then be shared across the security stack, potentially increasing the effectiveness of every defense.
Efficiency tools for analysts
The Dossier™ feature of BloxOne Threat Defense provides a purpose-built threat research tool. It presents an organized and simpler way to investigate a current threat, determine an effective response or to simply research the top threats to your organization or the world in general.
Integrated third-party intelligence sources
A broad set of REST APIs enable you to ingest additional threat intelligence from third-party premium, public or private threat feeds, further enhancing your core threat intelligence. This capability is particularly powerful for those participating in threat intelligence exchange programs.
Please download the Infoblox complementary Q3 2021 Cyber Threat Intelligence report. For more information about our paid threat intelligence services and products please go to https://www.infoblox.com/products/threat-intelligence/ or reach out directly to our sales team via https://www.infoblox.com/company/contact/.