Go to listing page

Cyware Daily Threat Intelligence, March 12, 2021

Cyware Daily Threat Intelligence, March 12, 2021

Share Blog Post

Malware attacks have been one of the biggest security threats for many organizations for over a decade. Throwing light on the growing threats, researchers have discovered the return of Dridex and Metamorfo trojan in different attack campaigns. Both the campaigns use spoofed emails as part of the initial infection process.

Moreover, two new ransomware are being used in the wild to target organizations and individuals. One of them is dubbed DEARCRY that is distributed by exploiting ProxyLogon vulnerabilities. The other is a variant of Darkside ransomware that is capable of targeting NAS devices, along with Windows and Linux systems.

Top Breaches Reported in the Last 24 Hours

Woodcreek Provider Services affected
A ransomware attack at Woodcreek Provider Services has affected the data of over 200,000 patients, providers, and staff. It allowed attackers access to personal information including Social Security Numbers, dates of birth, and other data. The healthcare firm is one of the victims affected by the attack that took place at Netgain Technologies LLC in November last year.

Molson Coors’ operation disrupted
The brewing operations of Molson Coors have been disrupted in a cybersecurity incident. The firm has engaged a forensic IT firm to investigate the incident.

Top Malware Reported in the Last 24 Hours

Dridex attacks on a rise
Researchers are observing a rise in Dridex-related network attacks that are being driven by the Cutwail botnet. The trojan is delivered in the second stage of the infection process that begins with a booby-trapped email. Currently, the campaign is active in Italy and Japan.

New skimming attack
A new investigation on a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. The pilfered data is encoded before saving it to a .JPG file.

Return of NanoCore RAT
A new malspam campaign is abusing icon files to trick victims into executing the NanoCore RAT. The emails use a .zipx file attachment with a message that pretends to be from ‘Purchase Manager’ of organizations that are being spoofed by attackers.

New BadHatch backdoor version
A revamped version of BadHatch backdoor used by the FIN8 threat actor group has surfaced in the threat landscape. The new variant is being used to compromise companies in the chemical insurance, retail, and technology industries. The attacks have been seen hitting organizations around the world, mainly in Canada, Italy, Panama, Puerto Rico, South Africa, and the U.S.

Darkside 2.0 ransomware
A new version of the Darkside ransomware includes features for targeting virtual machines, a faster encryption process, and VoIP calling. It also features multithreading in both Windows and Linux versions. Furthermore, the Darkside 2.0 is capable of targeting NAS devices.

New DEARCRY ransomware
Threat actors are now abusing the ProxyLogon vulnerabilities affecting Microsoft Exchange servers to install a new ransomware called DEARCRY. Once launched, the ransomware attempts to shut down a Windows service named ‘msupdate’.

Metamorfo banking trojan
A phishing campaign has been found abusing AutoHotKey (AHK) to deliver the Metamorfo banking trojan to victims. The campaign is being used to target Spanish users.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Schneider Power Meters
Technical details for the potentially serious vulnerabilities affecting PowerLogic smart meters made by Schneider Electric were publicly released by security researchers. One of them, CVE-2021-22714, is considered critical as it allows attackers to cause the targeted meter to reboot and possibly even to execute arbitrary code.


darkside ransomware
metamorfo trojan
woodcreek provider services
dearcry ransomware
dridex trojan

Posted on: March 12, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.