Threat intelligence report, Qatar - September 2022

A process used to determine which components of the system need to be protected and the types of security risks (threats) they should be protected from.

We are notifying significant new trends or developments regarding the threat to an organization's information systems. This notification may include analytical insights into an adversary's intentions, technologies, or tactics targeting information systems.

Reported cyber threats

The National Cyber Security Agency has initiated programs to increase employees' productivity and specialists in information technology and security to protect Qatar from Cyber Attacks.

Two zero-day vulnerabilities in Microsoft Exchange Server

  • One of the two flaws is a server-side request forgery (SSRF), and the other is a remote code execution vulnerability. The security holes have impacted Exchange Server 2013, 2016, and 2019.
  • Microsoft has not released a patch yet, so they recommended all organizations/enterprises use Microsoft Exchange Server to check, review, and apply the temporary remedy as soon as possible to avoid severe damages.

WPGateway Plugin Zero-Day Vulnerability

  • The critical privilege escalation security flaw allows an unauthenticated attacker to add an administrator account to websites running WPGateway.
  • Removing the WPGateway plugin from the site is recommended until the patch is released.

New NullMixer Malware

  • NullMixer spreads malware via malicious websites found via popular search engines, including Google, and infects Windows devices.
  • Researchers suggest users to reinstall Windows, which will resolve the issue.

FARGO Ransomware in Microsoft SQL Servers

  • FARGO ransomware has been actively targeting unsecured MS-SQL servers, which will encrypt files and threatens victims to publish their data online if they do not pay the ransom.
  • Researchers urge Microsoft SQL server administrators to use complex passwords and multi-factor authentication and keep systems updated with the latest patches.

Malware in Windows Logo

  • An espionage-focused threat actor has been attacking Middle Eastern governments using steganography to hide a backdoor malware in a Windows logo.
  • The researcher recommends users to apply security updates to protect their organization from this malware.

Recommendations

All the clients are advised to patch as soon as a vulnerability is identified and comply with National Information Assurance (NIA), Qatar 2022 Cybersecurity Framework (QCSF), and other organizational standards as per Qatar law.

Download the report below to learn more.

Document

Threat intelligence report Qatar - September 2022