Go to listing page

Cyware Daily Threat Intelligence, November 12, 2021

Cyware Daily Threat Intelligence, November 12, 2021

Share Blog Post

Attention! Don’t fall for a ‘call me back’ phishing email that is being sent to deliver BazarLoader malware. The TrickBot operators are using the phrase to create a sense of urgency among the users to execute a fake Windows 10 Apps Installer that causes the download of BazarLoader.

To joke or not to joke, but threat actors have spawned a new COVID-22 malware after the COVID-19 pandemic. The newly found malware is being distributed as a mysterious COVID22 installer and has the capability to destroy the Master Boot Record (MBR).

The Magniber ransomware gang is also back in action with its new set of attack vectors. This time, the gang is leveraging two Internet Explorer vulnerabilities and malicious ads to infect users.

Top Breaches Reported in the Last 24 Hours

SunWater breached
A nine-month-long cyberattack at SunWater water supply firm enabled attackers to redirect visitors to a malicious video platform using customized malware. The attack occurred between August 2020 and May 2021. During this period, the actors managed to access a web server used to store customer information.

Watering hole attacks
Researchers spotted significant watering hole attacks that targeted users visiting Hong Kong websites for a media outlet and prominent pro-democracy labor and political group. Conducted in August 2021, the attacks were carried out by leveraging an XNU privilege escalation vulnerability (CVE-2021-30869) in macOS Catalina.

FBI warns about attacks
A threat actor associated with Iran is making attempts to launch attacks against U.S. organizations. The FBI demonstrated that the attackers are leveraging leaked data sets found on the dark web forums as part of the attack. Apart from organizations in the U.S., the attackers are currently seeking to acquire data from organizations across the globe.

Diamond Comic Distributors affected
Diamond Comic Distributors is struggling to keep up with a ransomware attack that occurred last weekend. This affected its order processing systems and its internal communication platforms.

Top Malware Reported in the Last 24 Hours

BazarLoader spotted
A highly targeted spam campaign launched by the TrickBot gang abuses the Windows 10 App installer to deploy BazarLoader malware on the systems. The spam emails appear to be from a company manager and induce a sense of urgency among the recipients. They include a PDF file that is supposed to be reviewed by the recipients. However, this causes the download of the backdoor.

New COVID-22 malware
A new COVID-22 malware capable of destroying MBR has been found infecting multiple users. The malware is distributed via a malicious COVID22 installer.

Top Vulnerabilities Reported in the Last 24 Hours

Two IE vulnerabilities exploited
The Magniber ransomware gang is now exploiting two Internet Explorer vulnerabilities to infect users as part of their infection process. The flaws are tracked as CVE-2021-26411 and CVE-2021-40444. Both the flaws can be triggered by sending specially crafted documents. They have a CVSS score of 8.8.

AMD fixes several flaws
AMD has fixed more than a dozen flaws that affect its graphic driver for Windows 10 devices. The flaws can allow attackers to execute arbitrary code and elevate privileges on vulnerable systems.

 Tags

sunwater
bazarloader
diamond comic distributors
magniber ransomware gang
internet explorer vulnerabilities
ovid 22 malware

Posted on: November 12, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.