Cyber Intel Brief for March 1, 2022

Critical

CVE-2022-22536- SAP vulnerability- SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

https://nvd.nist.gov/vuln/detail/cve-2022-22536

Cyber / MSP / MSSP	A joint advisory from the NSA, CISA, FBI, and UK NCSC warns MSP's that a malicious Russian GRU cyber actor known as Sandworm or Voodoo Bear is using a new malware called Cyclops Blink. These threat actors are using this malware to exploit network devices, including SOHO routers and network attached storage devices. https://www.cisa.gov/uscert/sites/default/files/publications/AA22-054A%20New%20Sandworm%20Malware%20Cyclops%20Blink%20Replaces%20VPN%20Filter.pdf
Healthcare	Administrators who use and oversee Microsoft SQL Server databases are being warned to lock down those servers. This warning comes after security researchers at ASEC discovered a threat actor is targeting SQL Servers to install the Cobalt Strike beacon. https://www.itworldcanada.com/article/cyber-security-today-feb-23-2022-warning-to-sql-server-admins-logistics-company-hit-by-cyber-attack-and-more/474190
SaaS Providers	NOTHING OF NOTE THIS WEEK
Financial Services	Ukrainian banks became inaccessable yesterday as they were taken offline by a denial of service attack that also targeted their government websites. At the same time a new "wiper" attack, which destroys data on affected machines, was discovered being used against Ukrainian banks and organizations. https://finance.yahoo.com/news/cyber-attacks-bring-down-many-194347122.html
Biotech / Pharma	The Internal Revenue Service announces it will abandon the of adoption of facial recognition tools in response to the bipartisan criticism of its $86 million contract with identity verification company ID.me. https://www.cfr.org/blog/cyber-week-review-february-11-2022
Government	Ukranian Cyber Attack- Several Ukrainian government websites were offline on Wednesday as a result of a mass distributed denial of service attack, a Ukrainian official said. This attack is a part of a larger agenda involving Russia's attempt at a hostile take over of Ukraine. https://www.cnbc.com/2022/02/23/cyberattack-hits-ukrainian-banks-and-government-websites.html

The following are curated from our network of honeypots which are exposed to Internet traffic. Legion Cyberworks uses our network of honeypots to understand threat actor activities and observe trends. This information is used to enhance our security awareness and the services we deliver to our customers.

Suricata Top 10 CVEs