The IBM X-Force threat intelligence team has recently reported that they are continuously witnessing a huge increase in Dridex-related network attacks, and all these attacks are executed by the Cutwail botnet.
According to the cybersecurity analysts, soon after the original document or spreadsheet appears through email with booby-trapped macros, the Dridex is manifesting itself as a second-stage infector.
Apart from this, the IBM X-Force is perceiving nearly limited campaigns that are quite active in Italy and Japan.
All the recipients have received undesirable messages that are embracing the Microsoft Office file attachments due to the malspam email, as all the initial infected vectors of the attacks were discerned in the malspam email.
Cutwail is quite pre-eminent and one of the leading spamming infrastructures in the cybercrime arena, that’s why all these file attachments are often delivered through the Cutwail botnet.
It is being named as the most comprehensive of its kind in 2009, and it is still proceeding to expand spam for elite malware-wielding groups in 2021.
Since June 2020 the IBM X-Force threat intelligence team has remarked that nearly, 34% of all PowerShell-based raids and all of them were ultimately associated with a Dridex payload.
The most asked question among the analysts is that Dridex is a banking Trojan or ransomware? The security researchers at the X-Force have cleared this question by concluding that Dridex is a banking Trojan.
In various cases, the operators of Dridex are known as the ‘Evil Corp’ group, and it may leverage all its capability to steal every possible credential of the current victims along with web injections.
Not only this, even there are many cases recognized where Dridex is operated as a bot-herding tool that is a compelling information stealer.
The most targeted sector that is being listed in the managed security services networks is health care, as X-Force recognized that health care is one of the top targets of the overall progress in PowerShell attacks.
Not only this but health care is being followed by the financial sector and by retailers too, health care is targeted most because of the recent pandemic situation.
Moreover, the Dridex often does its business with other various cybercrime groups also that have their roots in the elite criminal arena in eastern Europe according to the analysts.
But now the question arises here that what is next for Dridex?
In early January 2021, it seems that Dridex is examining a couple of avenues, and researchers have also noticed that it is spreading through the Rig Exploit Kit, the Cutwail botnet, and, in some cases, by the QakBot botnet.
There are some mitigations that are suggested by the threat intelligence team, and here we have mentioned them below:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read
NimzaLoader Malware Developed Using a Rare Programming Language to Avoid Detection
Researchers Uncovered a New Office Malware Builder Dubbed APOMacroSploit
Malicious actors are distributing a new backdoor, MadMxShell, through a Google Ads campaign that impersonates…
A new menace has emerged, affecting millions of devices worldwide. The PlugX USB worm, a…
Rodriguez and Hill, founders of the cryptocurrency mixing service Samourai, have been arrested for operating…
Hackers use black hat SEO methods to manipulate search engine rankings and make malicious or…
GitLab released security patches 16.11.1, 16.10.4, and 16.9.6 for both Community and Enterprise Editions, and…
The Qiulong ransomware gang, a new cyber threat actor, has emerged targeting Brazilian victims as…