The Uptycs threat research team regularly monitors the TTPs (tactics, techniques and procedures) of the latest malware using our threat intelligence sources and systems. Organizations can use this bulletin as a tool to evaluate and form a more robust detection and protection posture against the latest cyber security threats in Windows, Linux and macOS platforms.
The threat bulletin covers several aspects, such as:
- Techniques used by the malware samples in our threat intel sources
- Commonly abused commands and utilities in Windows, Linux and macOS platforms
- Top prevalent malware families in the wild for Windows, Linux and macOS platforms
- Uptycs Threat Research articles published by the threat research team
- Threat actors observed for the quarter
- Malware/targeted attacks for the quarter
- Vulnerabilities/exploits in Windows, Linux and macOS platforms
- General recommendations based on our observations
The key highlights of our recently published Q1'2022 threat bulletin are:
- As a result of the ongoing Russian invasion of Ukraine, there have been many cyber attacks on Ukraine from the Russian threat actors, including destructive Wipers such as HermeticWiper, IsaacWiper and WhisperGate.
- In this quarter, we have observed the following prevalent malware
- Emotet and RedLine Stealer are the prevalent malware in Q1 2022 for Windows platforms, taking that spot from Formbook and IcedID in Q4 2021.
- Mirai and Prometei were seen in large numbers in Q1 2022 on the Linux platform.
- Shlayer continues to be evergreen in action on macOS.
- Rundll32.exe is the most abused utility for Windows and openssl has taken the top spot in abused utilities in Linux.
- Lapsus$ has disclosed numerous cyberattacks against large companies, with confirmed attacks against NVIDIA, Okta, Samsung, Vodafone, Ubisoft, and Mercado Libre.
- Threat actor activity from Primitive Bear APT, MuddyWater, Lazarus, APT27, APT41, OceanLotus, FIN7 has been reported.
- A new Linux kernel vulnerability (CVE 2022-0847) has been discovered affecting Linux kernel versions since 5.8 allowing attackers to escalate privilege.
- Two Google Chrome zero-day vulnerabilities (CVE-2022-0609 and CVE-2022-1096) were reported to be exploited in the wild.
An excerpt of the Commonly abused commands and utilities in Windows, Linux and macOS platforms (during January 2022 - March 2022) is shown below.