We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 28, 2022

New ransomware groups have sprung into action to wreak havoc across multiple organizations. One of these is tracked as Black Basta that infiltrated at least a dozen companies in a matter of weeks. Another newly found Onyx ransomware also managed to hit six organizations by destroying their large files instead of encrypting them. In another threat, RedLine Stealer resurfaced in a fresh RIG exploit kit campaign targeting a vulnerability in Internet Explorer.

Scammers are always on the lookout for trending events to catch unsuspecting users in their trap. One such cunning attempt that redirected users to fake cryptocurrency giveaway sites was observed recently as Elon Musk struck deal with Twitter.

Top Breaches Reported in the Last 24 Hours

Austin Peay State University resumes operations

Austin Peay State University (APSU) resumed its operations after restoring its systems affected by a ransomware attack. The institution reported that it took immediate actions to contain the infection.

Top Malware Reported in the Last 24 Hours

New updates on the Black Basta ransomware

A newly found Black Basta ransomware group has breached at least 12 companies in just a few weeks of April. The gang has demanded over $2 million in ransomware from one victim to decrypt files and not leak data. The gang makes use of the double-extortion method as part of its attack process.

New Onyx ransomware spotted

A new Onyx ransomware has targeted six organizations, so far, by destroying large files instead of encrypting them. The group also leverages the double-extortion scheme to threaten victims if a ransom is not paid. The ransomware only encrypts files that are smaller than 200MB in size and overwrites the remaining files.

New Bumblebee malware loader

Cybercriminals actors, observed delivering BazarLoader and IceID, have transitioned to a new loader called Bumblebee that’s under active development. Researchers identified the first campaign in March 2022, with the loader delivering Cobalt Strike Beacon, Silver and Meterpreter, and Silver onto the victims’ systems.

RedLine Stealer resurfaces

A new campaign has surfaced recently that distributes the notorious RedLine Stealer malware. The campaign leverages the RIG exploit tool to exploit a vulnerability (CVE-2021-26411) in Internet Explorer. Once executed, RedLine Stealer exfiltrates passwords, saved credit cards, crypto wallets, and VPN logins from infected systems and sends them to a remote C2 server.

Top Vulnerabilities Reported in the Last 24 Hours

Top exploited vulnerabilities reported

Cybersecurity authorities from the Five Eyes nations—Australia, Canada, New Zealand, the U.S., and the U.K—have released a report on the top frequently exploited security vulnerabilities in 2021. These include Log4Shell, ProxyShell, ProLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client.

Top Scams Reported in the Last 24 Hours

Fake cryptocurrency-giveaway scams

Scammers leveraged a current trend around Elon Musk to conduct fake cryptocurrency giveaway scams. They made use of bots to send messages to multiple people on Twitter. In order to look convincing, the messages had the same current profile picture of the Tesla CEO as on his official Twitter account. These messages included short URLs that redirected recipients to fake cryptocurrency giveaway sites.

Related Threat Briefings