Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 23, 2021

With numerous tricks and techniques in their kit, cybercriminals are always on a new mission to disrupt the reputation and operation of businesses. One such dangerous trick launched by Darkside ransomware operators is sure to have a major impact on companies listed on NASDAQ or other stock markets. With this new extended extortion tactic, the operators aim to put more pressure on victim organizations that deny fulfilling the ransom demand.

What else? Threat actors have managed to find a new way to blend the abuse of vulnerable Pulse Secure VPN appliances and SolarWinds Orion platform for malicious purposes. The combined abuse of these vulnerable products can result in large-scale supply chain attacks.

Another instance of the addition of new tactics has been made by the MountLocker ransomware gang. With an aim to expand their attacks on Biotech companies, the operators have enhanced the malware capabilities with additional evasion features.

Top Breaches Reported in the Last 24 Hours

Expanding extortion technique

In an attempt to expand its extortion technique, the Darkside ransomware gang has planned to disrupt stocks of companies listed on NASDAQ or other stock markets. With this new tactic, the operators aim to put more pressure on victim organizations that deny fulfilling the ransom demand.

More supply chain attacks in process

The CISA has raised alarm about a new cyberattack that involves the abuse of both Pulse Secure VPN appliances and the SolarWinds Orion platform. While the former is used to gain initial access, the latter enables threat actors to perform supply chain attacks.

Top Malware Reported in the Last 24 Hours

MountLocker rebranded

MountLocker ransomware is upping its features to coincide with a rebranding for the malware into AstroLocker. Some of the newly added features are the inclusion of a set of new evasion features and the use of multiple CobaltStrike servers with unique domains. The changes in the ransomware have been done especially to target Biotech companies.

Tor-based botnet

Researchers have detected a new botnet campaign that targets Linux systems by abusing the Tor network for proxies and exploiting cloud infrastructure management tools. The botnet includes worm-like capabilities that make it easy to spread across systems.

Top Vulnerabilities Reported in the Last 24 Hours

CocoaPods RCE exploit exposed

A remote code execution vulnerability in the central CocoaPods server could have potentially impacted up to three million mobile apps. The flaw, which went unnoticed since 2015, has been finally patched by the developers.

Top Scams Reported in the Last 24 Hours

Costco warns about a scam

Costco Wholesale Corporation is warning American internet users of a new scam that targets its customer base. The scam uses financial benefits as a lure to trap victims, promising free products, financial reimbursements, exclusive offers, cashback rewards, and gift cards. The ultimate goal of the scam is to harvest personal information from users. Other social engineering tactics deployed by scammers include the exploitation of Americans seeking employment.

Related Threat Briefings