May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
The curtain has fallen on the third quarter (Q3) of 2022, and it’s time to report the trends and highlights gleaned from Digital Shadows (now ReliaQuest)’ vulnerability intelligence. Q3 was characterized by dozens of zero-day vulnerabilities, including the continued exploitation of the high-profile Follina vulnerability (CVE-2022-30190) that debuted in the second quarter of 2022. For more on this, check out our blog Q2 Vulnerability Roundup. But, back to this blog for now, where we’re going to discuss events and trends that materialized in Q3 2022.
Remote code execution (RCE) vulnerabilities were the most commonly observed exploited vulnerability in Q3 2022, representing 48 percent of incidents reported by Digital Shadows (now ReliaQuest). Local privilege escalation (LPE), denial of service (DoS), and SQL injection vulnerabilities followed with 31 percent collectively. RCE flaws enable attackers to remotely execute malicious code on a system and are attractive to opportunistic threat actors who can exploit them to gain initial access to enterprise environments.
RCE vulnerabilities tend to be categorized as critical with high CVSS scores, so typically attract more attention than other types of vulnerabilities that have lower severity scores. There’s an added amount of pressure to patch critical vulnerabilities and it can quickly become overwhelming for vulnerability and patch management teams. Vulnerability intelligence can provide organizations with valuable context beyond CVSS scores to help determine more accurate severity. With this information, you can make timely, threat-informed decisions during the vulnerability management process.
Q3 revealed that new vulnerabilities are not always the most talked-about vulnerabilities. It takes time to research and create exploits for newer vulnerabilities, whereas older ones have a higher chance of established exploits being available. Older vulnerabilities are also more likely to be embedded in penetration-testing tools. A flaw found in Microsoft Office 2007 (tracked as CVE-2017-11882) was the most discussed vulnerability in Q3 across a wide range of sources, including tweets, pastes, blogs, webpages, Internet Relay Chats (IRC), and GitHub.
CVE-2017-11882 caught the attention of researchers at Fortinet in a recent report series where they identified a malicious Microsoft Excel spreadsheet that was distributing several pieces of malware, including the information-stealing malware “Formbook” and “Redline”. There’s a patch available for CVE-2017-11882, but enterprise environments are very heterogeneous with their own dependencies, which means many vulnerabilities remain unpatched. This is why cybercriminals are able to exploit flaws for years after a patch is released.
The Follina vulnerability was not far behind in terms of references this quarter, as well as a high-severity zero-day vulnerability in Google Chrome, tracked as CVE-2022-2294. This is a heap-based buffer-overflow flaw in the Web Real-Time Communications (WebRTC) component of the Google Chrome browser. A heap-based buffer overflow occurs when the buffer that can be overwritten is allocated in the heap portion of memory.
Although the issue was addressed in a patch released on 04 Jul 2022, the vulnerability was reportedly used in a campaign against several journalists in the Middle East. The flaw was exploited to deploy the “DevilsTongue” spyware, developed by the controversial Tel Aviv-based technology company Candiru. The Chrome exploit was chained together with a sandbox escape exploit within the campaign.
On 30 Sep 2022, Microsoft published a blog analyzing attacks using two Microsoft Exchange vulnerabilities, tracked as CVE-2022-41082 and CVE-2022-41040. In the blog, Microsoft reported that it had observed a limited number of targeted attacks leveraging the two vulnerabilities, dubbed ProxyNotShell.
In August 2022, an unknown threat group utilized the two Microsoft Exchange vulnerabilities after gaining initial access. In these attacks, the threat actor installed the “Chopper” web-shell for hands-on keyboard access, using this access to perform Active Directory (AD) reconnaissance and exfiltrate data. Microsoft assessed with medium confidence that the attackers were state sponsored.
On 11 Oct 2022, researchers reported that the ProxyNotShell vulnerabilities had been exploited in attacks in order to distribute the “LockBit” ransomware. This activity took place in the fourth quarter and—as with most high-profile zero days—is an example of how quickly other cybercriminals began deploying opportunistic cyber attacks exploiting the flaws. Active since at least September 2019, the LockBit gang has been the most active ransomware group in 2022 to date, across multiple regions and sectors. At the time of writing, LockBit has named over 700 victims on its data-leak site in 2022 alone. To learn more about the ransomware trends in Q3 2022, check out our recent Ransomware in Q3 2022 blog.
Vulnerability exploitation—particularly on Internet-facing infrastructure—will likely remain a favorite initial access point for cybercriminals. In our recent advanced persistent threat (APT) Spotlight Series blog, we discuss how the cyber-espionage group “APT41” gained access to six state networks by exploiting vulnerabilities. Vulnerability intelligence can have a real business impact: it can protect you from a major breach by patching the most critical weakness first. Check out our solutions guide on vulnerability intelligence here, or schedule a demonstration of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) to see it in action…