Cyberthreat update from Acronis CPOCs: Week of July 19, 2021

Here at Acronis, we’re always monitoring for dangers to your data, deploying updates to handle newly-discovered vulnerabilities, and issuing alerts and recommendations to help you stay protected. Our global network of Acronis Cyber Protection Operations Centers (CPOCs) continue to work around the clock to proactively detect and defend against the latest cyberthreats.

Part of this work includes video updates to inform you of modern hazards in the digital landscape — such as the emergence of new Trojans and a continued surge of phishing activity. Here’s a look at some of the most recent breaking news and analyses:

This silver-tongued devil targets world leaders

Microsoft announced recently that it has been quietly working to stop the threats posed by private-sector offensive actors. Their most recent adversary is Candiru, the organization responsible for the DevilsTongue malware.

Candiru has gone by many names over the years — most recently, “Sourgum” — and has targeted over 100 victims worldwide, including politicians, human rights activists, journalists, academics, embassy workers, and political dissidents. Microsoft's most recent Patch Tuesday included fixes for some vulnerabilities that are being actively exploited by Candiru, but it is highly unlikely this covers all of the relevant vectors.

While Candiru continues to use exploits that haven’t yet been documented, the threat-agnostic behavioral detection engine in Acronis Cyber Protect identifies and blocks cyberthreats — including Candiru — based on the malicious behaviors they exhibit.

Admit it, you don’t believe in one zip anymore

Researchers have detected a new phishing campaign that delivers the BazarBackdoor malware. The attackers are compressing the malware multiple times and then disguising it as an attached image file.

These sorts of malware delivery tactics are not new, but they’re gaining popularity as they may be able to skirt threat detection, depending on the email gateway. This particular campaign uses an Environment Day theme to lure victims into interacting with the malicious attachment.

Recent statistics show that attacks like this now account for 80% of reported security incidents, and that 94% of malware is delivered via email. Acronis Advanced Email Security blocks messages that contain malicious attachments — and if they are somehow delivered, Acronis Cyber Protect’s advanced anti-malware engine can recognize and block threats like BazarBackdoor based on the behaviors they exhibit.

Cryptojacking Trojan targets Linux systems

A new malware campaign believed to originate from Romania is targeting Linux-based machines, surreptitiously installing the XMRig Monero cryptocurrency miner. The attackers first gain system access with the help of a credential brute-forcing tool written in Golang and dubbed “Diicot brute.”

In the past, this cybercrime group has been observed installing IRC bots or variations of the DDoS botnet Demonbot. This tactic allows for communication between the attackers and victims’ systems through a Discord channel, eliminating the need for a central command-and-control server that could be taken down.

Acronis Cyber Protect uses behavior-based detection to identify block all sorts of malware threats, including cryptojackers, on Windows, Linux and macOS systems — preventing them from stealing your resources or otherwise harming your infrastructure.

The “new normal” still no match for phishing

COVID-19 has created an ideal situation for phishers, with so many employees suddenly workin from home and reliant on remote-access systems. A recent survey has shown some alarming statistics on this matter.

In the past year, 74% of companies have fallen victim to phishing attacks — 40% in the past month alone. A whopping 80% of organizations indicated that they’ve observed a noticeable increase in phishing attempts.

This problem is compounded by the fact that so many organizations were forced to quickly adopt new digital solutions, without the infrastructure in place to support proper training or support. A lack of internal security training was reported by around 70% of respondents. Combined with the finding that 52% of companies have understaffed IT teams, it’s little wonder that nearly half (47%) of these phishing attacks have been successful. It only takes a single employee falling victim to potentially compromise an entire organization.

Acronis Advanced Email Security helps keep your business safe from social engineering tactics — even if employee security training is lacking — by preventing phishing emails from reaching employees in the first place.

Windows Trojan makes the leap to Mac

A new variant of the third-most-common malware family, FormBook, has been discovered infecting macOS computers. The Mac version is essentially a port of the newer XLoader strain of FormBook, and is available on underground forums for as little as $49 for a one-month license.

XLoader has been unleashed on victims in 96 countries, with 53% of reported victims located in the United States. The Trojan has the ability to steal credentials from web browsers, take screenshots, log keystrokes, and install and run additional payloads on victims’ machines.

Malware is increasingly targeting Mac computers, which is no surprise given that an estimated 20.2 million Apple computers were sold in 2020 alone. Even with Apple's move away from Intel processors, malware developers are creating cyberthreats that attack the macOS environment at an increasing rate.

The Real Time Protection in Acronis Cyber Protect detects and blocks XLoader — and other forms of malware — on macOS, keeping your data safe in this rapidly-evolving cyberthreat landscape.

# # #

For the latest reports on emerging cyberthreats from Acronis’ cyber protection experts, subscribe to the Acronis YouTube channel and receive our CPOC updates as they’re posted.