Skip to content

DXC Security Threat Intelligence Report

Stay up to date on the latest threats, vulnerabilities and nation-state activities.

Mark Hughes, president of Security, DXC

Ransomware still top of mind

Ransomware is still a major concern for most companies. Here’s why, and what you can do about the insidious Royal ransomware.

THREAT UPDATE

Royal ransomware — how it works and what to look for

Royal ransomware is good at evading detection. Here’s what you need to know.

By the numbers

26,448
software security flaws reported by CISA in 2022
80%
of businesses experienced a cloud security incident in 2022
~1 million
more people join the internet every day
33B
account breaches expected in 2023, with a hacker attack every 39 seconds

THREAT UPDATE

TrafficStealer monetizes network traffic

TrafficStealer malware uses open container APIs to generate revenue from high-traffic websites via fake clicks on ads.

THREAT UPDATE

Low-profile Linux backdoor now even stealthier

Chinese-affiliated BPFDoor malware bypasses firewall restrictions to remain undetected for extended periods.

THREAT UPDATE

Legion credential harvester updates capabilities

An emerging cloud-focused hack tool called “Legion” harvests credentials from misconfigured web servers and uses them to hijack emails.

By the numbers

~95%
of all digital breaches come from human error
90%
of data breaches result from phishing attacks
90%
of security breaches use servers as an attack surface
52%
of malware can use USB drives to bypass network security

THREAT UPDATE

Indonesian group targets AWS for crypto-mining

A threat actor called GUI-vil is targeting Amazon Web Services Elastic Compute Cloud (EC2) instances for crypto-mining operations.

THREAT UPDATE

RTM Locker now targets Linux ESXi hosts

RTM Locker ransomware now uses a Linux encryptor to target virtual machines on compromised VMware ESXi hosts.

Subscribe for the latest threat updates.

 

 

DXC Security Threat Intelligence Report

Get the latest threat updates

Protect your enterprise. Subscribe to DXC's monthly report on the latest threats, breaches, cybercrimes and nation-state activities.

By the numbers

52%
of malware can use USB drives to bypass network security
59%
increase in critical vulnerabilities (CVEs) in 2022
61%
of organizations experienced 25%+ jump in cyber threats or alerts since the start of COVID-19

Other news

U.S. releases interagency ransomware guide

The U.S. CISA, FBI, NSA and MS-ISAC have jointly updated #StopRansomware Guide with best practices to detect, prevent, respond and recover from ransomware attacks.

macOS bug lets hackers bypass SIP root restrictions

Apple has addressed a vulnerability found by Microsoft researchers that lets attackers install “undeletable” malware and circumvent security checks to access a victim’s private data.

“Terminator” antivirus killer tool may be a BYOVD attack

A tool promoted by threat actor Spyboy on a Russian-speaking hacking forum claims to terminate any antivirus, XDR or EDR platform, but it may be just a bring-your-own-vulnerable-driver attack. 

Hackers silently attacking Western Asia governments for years

GoldenJackal, a relatively unknown advanced persistent threat (APT) group, has been carrying out long-term espionage operations since 2019, notably in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan and Turkey.

New for-purchase Google internet domains may be risky

Researchers warn that eight new top-level Google domains now for sale for hosting websites or email addresses could be used for phishing attacks and malware delivery.

Lazarus drops espionage malware on ISS servers

The infamous North Korean Lazarus group is targeting vulnerable Microsoft Internet Information Services (IIS) servers with malicious DLLs that deploy espionage malware.

Critical vulnerabilities found in NETGEAR RAX30 routers

Linking five vulnerabilities in NETGEAR Nighthawk RAX30 routers allows attackers to manipulate connected smart devices and expose users to malware, remote attacks and surveillance.