We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 15, 2022

Amid the ongoing geopolitical tensions, the cyber threat landscape is witnessing a rise in data-wiping malware activity. Researchers have uncovered a new CaddyWiper malware being used against Ukrainian organizations. This is the fourth malware of its kind to be discovered in a month's time. A new phishing attack has also been identified against Ukrainians that delivers Cobalt Strike and other malware in the name of fake Windows antivirus updates.

There’s also an update about an ongoing Zloader attack campaign targeting organizations worldwide. Active since 2021, the campaign makes use of fake installers for multiple legitimate tools, such as Zoom, Atera, NetSupport, Brave Browser, JavaPugin, and TeamViewer to perform reconnaissance and download the malware.

Top Breaches Reported in the Last 24 Hours

DDoS attacks on Israel

An Iranian-linked hacking group has been held responsible for DDoS attacks on Israeli government sites (with the .GOV.IL domain). Following these attacks, the affected websites were down for some time before they were restored to a normal state.

Top Malware Reported in the Last 24 Hours

CaddyWiper malware detected

A new CaddyWiper malware has affected a dozen systems across Ukraine. The malware is designed to damage targeted systems by erasing user data, programs, hard drives, and partition information. Researchers indicate that the malware does not share any significant code similarities with HermeticWiper or IssacWiper malware. In some cases, it was distributed through Microsoft Group Policy.

Cobalt Strike attack

Fake Windows antivirus updates are being used to install Cobalt Strike and other malware on systems in Ukraine. These updates are distributed via phishing emails that pretend to be from Ukrainian government agencies. They include a link to a French website that contains a download button for the supposed antivirus software updates.

Zloader trojan campaign spotted

An ongoing, widespread intrusion campaign that distributes the Zloader trojan has been detected by researchers. The campaign leveraged fake installers of legitimate tools such as Zoom, Atera, NetSupport, Brave Browser, JavaPugin, and TeamViewer to perform reconnaissance and download the malware.

Top Vulnerabilities Reported in the Last 24 Hours

Apple issues security fixes

Apple has released fixes for at least 39 security gaps detected in its flagship iOS and iPadOS platforms. The most serious of these flaws could expose users to remote code execution attacks. Some of these flaws are related to memory corruption issues in several OS software components, including AVEVideoEncoder, CoreMedia, FaceTime, GPU Drivers, iTunes, Kernel, Sandbox, Siri, and Software update. Additionally, iOS 15.4 and iPadOS 15.4 address many of these vulnerabilities.

Veeam patches two flaws

Veeam has announced patches for two vulnerabilities impacting its data backup solution. Tracked as CVE-2022-26500 and CVE-2022-26501, the flaw can be exploited to execute code remotely without the requirement of authentication. They have a CVSS score of 9.8.

Related Threat Briefings