Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 20, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 20, 2020
No doubt, the dark web is becoming a cybersecurity nightmare for businesses. It has been found that a database containing the personal information of 267 million active Facebook users is being sold on a dark web forum for a price of around $600. Likewise, the credentials of over 23 million Webkinz World players and sensitive data of about 20 million Aptoide app store users have also made their way to different hacker forums.
Apart from selling stolen sensitive data of users, the dark web has also become a forum for cybercriminals to sell fake personal protective equipment (PPE), vaccines, and ventilators. It should also be noted that the bad actors are taking advantage of the COVID-19 crisis to generate revenue for themselves.
Top Breaches Reported in the Last 24 Hours
Cognizant confirms Maze ransomware attack
Cognizant has confirmed that it was hit by the Maze ransomware during the weekend. The IT giant revealed that the attack has caused service disruption for some of its clients. The company’s internal security teams are working to contain the attack.
Facebook’s 267 million records on sale
Personal information of 267 million active Facebook users stolen in December 2019 are being sold for around $600 on a dark web forum. Most of these records belong to users in the United States and include Facebook profiles, full names, unique IDs for each account, timestamps, and more.
Personal data of 23 million online players hacked
The credentials of over 23 million players stolen from the online children’s game, Webkinz World, have also made their way on the dark web. The security breach took place earlier this month. The hacker behind the breach had gained access to the game’s database using an SQL injection vulnerability present in one of the website forms.
Cryptocurrency firms attacked
Hackers stole $25 million worth of cryptocurrencies from two cryptocurrency firms - Lendf.Me and Uniswap. The attack took place over the weekend and is believed to have been carried out through an exploit - to steal funds from both platforms - shared on GitHub in July 2019. The hackers used the reentrancy attack to siphon funds from each platform into their wallet.
Aptoide app breached
Cybercriminals breached the database of the Aptoide app to steal 39 million customer records. Out of these, 20 million customer details, including login emails and hashed passwords, were published on a popular hacker forum. The makers of the app have acknowledged the breach and are currently investigating the extent of the attack.
Czech hospitals attacked
Several Czech hospitals battling the novel coronavirus have been targeted in recent cyberattacks. As a result, this has disabled the critical services of the affected hospitals. Some of the affected hospitals are in the eastern Czech cities of Olomouc and Ostrava.
Top Malware Reported in the Last 24 Hours
Trickbot’s notoriety
In a research conducted by Microsoft’s Security Intelligence Team, it has been found that Trickbot is the most prolific malware to be used used in COVID-19 themed phishing email attacks. The last week alone had witnessed several phishing emails that appeared to be from a non-profit company offering free COVID-19 test and included unique macro-laced document attachments. The purpose of these emails is to harvest user credentials and attempt extortion.
Top Scams Reported in the Last 24 Hours
Coronavirus dark web scams
Researchers have found that scammers are promoting fake vaccines, N95 masks, and ventilators on the dark web. Apart from these, one seller was also found selling infected sputum of a COVID-19 patient for a price of $100. In another instance, an MP3 containing a ‘pure frequency’ that claimed to ‘kill coronavirus’ was also promoted on a hacker forum. As a general precaution, users should avoid buying anything from the dark web.
New sextortion scam
A new sextortion scam that threatens victims to release their inappropriate videos if a ransom is not paid, has been doing the rounds on the internet. The scammers behind the scam, attempt to intimidate the victim by highlighting the unique anti-evasion technique of malware, instead of using fake videos.
Scams leveraging financial relief package
Hackers are leveraging financial relief packages for COVID-19 to target US taxpayers. Researchers have uncovered that bad actors are registering fake domains around this theme to trick users into sharing their personal details. These fake websites include the news around the COVID-19 financial incentives and ask people to apply for the relief package by clicking on links.