We at Infoblox are pleased to publish this edition of our Quarterly Cyber Threat Intelligence Report. The Q4 2021 report includes our publicly released threat intelligence reports from October 1, 2021, to December 31, 2021. This quarter, we also share important alerts, advisories, and reports that CISA, the Federal Bureau of Investigation, and National Security Agency/Central Security Service published during this quarter.
We’ll also include expanded coverage of Log4j as data has become available into early January, 2022. Much of the world’s security industry has been busy defending against and investigating log4shell attacks based on the recently disclosed vulnerability in the Apache library log4j. As we collectively move from responding to threats from actors who were quick to take advantage of the weakness we can begin reflecting on what happened. It will be some time before thorough analyses are complete and widely available, but some clear patterns have emerged. In this report we’ll share some of the early results of analysis.
What’s in the Report
This publication supplements our original research and insight into threats we observed leading up to and including this period of time. Our report includes a detailed analysis of advanced malware campaigns and of recent significant attacks. In some cases, we share and expand on original research published by other security firms, industry experts, and university researchers. We feel that timely information on cyber threats is vital to protecting the community at large.
Usually, we report on specific threats and related data, customer impacts, analysis of campaign execution and attack chains, as well as vulnerabilities and mitigation steps. We also share background information on the attack groups likely responsible for the threats under review.
Here is the link to download your copy of the Q4 2021 Cyber Threat Intelligence Report:
During Q4 2021, the Infoblox Cyber Intelligence Unit (CIU) published the following reports on campaigns that delivered malware:
- Fake Delivery Spam Email Drops Ave Maria RAT Published October 12, 2021
- Malspam Campaign Delivers Dark Crystal RAT (dcRAT) Published October 12, 2021
- DDoS Extortion and Mitigation Published October 18, 2021
- BlackMatter Ransomware Published October 20, 2021
- SWIFT-Themed Malspam Delivers Vidar Infostealer Published October 25, 2021
- New Malspam Campaign Delivers Adwind RAT Published November 1, 2021
- New Threat Actor: PINK BOA Published November 2, 2021
- Log4j Exploit Harvesting Published December 13, 2021
Increase SecOps efficiency with comprehensive threat intelligence
Our Q4 2021 Cyber Threat Intelligence report shares research on many dangerous malware threats. Your security effectiveness depends on timely, up-to-date threat intelligence. Using tools included in Infoblox BloxOne® Threat Defense, security teams can collect, normalize and distribute highly accurate, multi-sourced threat intelligence to strengthen the entire security stack and secure DNS. Additional capabilities can help SecOps to accelerate threat investigation and response by up to two-thirds.
Automation plays a key role in all capabilities in BloxOne Threat Defense, accelerating remediation and eliminating management overhead. Automated responses can be triggered throughout the security ecosystem. Investigation and remediation are accelerated further with access to all relevant threat and network data available in context.
Curated, multi-sourced threat intelligence
BloxOne Threat Defense provides you with access to approximately 27 different threat feeds. Curation by the Infoblox Cyber Intelligence Unit (CIU) drives accuracy while minimizing false positives and enables you to customize the mix based on your needs. BloxOne Threat Defense collects, curates and aggregates threat information from Infoblox, your other commercial tools and third-party government sources. A normalized “super-feed” can then be shared across the security stack, potentially increasing the effectiveness of every defense.
Efficiency tools for analysts
The Dossier™ feature of BloxOne Threat Defense provides a purpose-built threat research tool. It presents an organized and simpler way to investigate a current threat, determine an effective response or to simply research the top threats to your organization or the world in general.
Integrated third-party intelligence sources
A broad set of REST APIs enable you to ingest additional threat intelligence from third-party premium, public or private threat feeds, further enhancing your core threat intelligence. This capability is particularly powerful for those participating in threat intelligence exchange programs.
Please download the Infoblox complementary report here: https://info.infoblox.com/resources-whitepapers-infoblox-q4-2021-cyberthreat-intelligence-report.
For more information about our paid threat intelligence services and products please go to https://www.infoblox.com/products/threat-intelligence/ or reach out directly to our sales team via https://www.infoblox.com/company/contact/.