Cyber Threat Radar: What’s On The Rise in March
As we entered the month of March, it’s important to be aware of the latest cyber threats that are posing significant risks to our cyber security.
“It’s important to note that our data regarding cyber threats is based on various sources and research conducted worldwide. Therefore, an increase in the number of indicators does not necessarily indicate a surge in the threat’s prevalence, but it could also signify that the threat has gained more attention from researchers and cybersecurity professionals.” says a TI Analyst at RST Cloud.
We observe the rise of a number of indicators of compromises attributed to these specific threats:
A backdoor called AveMaria is a detection name for a large family of RATs targeting Windows systems. It has serious destructive abilities:
- provide remote access to a victim’s desktop,
- act as a keylogger and data stealer,
- escalate user privileges, steal user credentials,
- use the affected system as an instrument to further attacks and/or infection due to a backdoor that was opened, and more.
Backdoor AveMaria usually arrives in the system as a result of phishing emails. The RAT is available as a subscription on the dark web, which enables a quick adoption of it for threat actors and a swift spread of this malware.
We see an increase not only in file indicators but also AveMaria is associated with quite a significant amount of new network indicators.
AZORult is family of spyware that can steal information about the system, banking information, user credentials, or other sensitive information, and can be used for further attack on the victims system like an act as a downloader of ransomware.
It is typically spread in malware campaigns with exploit kits and phishing emails with social engineering technique. The malspam and phishing emails campaigns can use fake product order requests theme, invoice documents and payment information requests. This Trojan-Spyware connects to command and control (C&C) servers of attacker to send and receive information.
Mirai is a known malware that turns Linux-based network devices into bot agents that can be used as part of a huge botnet in large-scale network attacks. It primarily targets consumer IoT and mobile devices such as IP cameras and home routers.
Mirai demonstrates a stable trend and looks like the more and more machines are getting infected.
The Mirai botnet was first discovered in August 2016 by a white hat malware research group, MalwareMustDie, and has been used in some of the largest and most destructive DDoS attacks: huge DynDNS attack back in 2016, when a major domain name service (DNS) provider, was assaulted by a one terabit per second traffic flood that then became the new record for a DDoS attack.
The AveMaria RAT, AzorUlt Spyware, and Mirai botnet are just a few examples of the cyber threats that are currently gaining traction. We will continue keeping you informed about the latest threats next month.