Cyware Daily Threat Intelligence
Daily Threat Briefing • Apr 28, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Apr 28, 2022
New ransomware groups have sprung into action to wreak havoc across multiple organizations. One of these is tracked as Black Basta that infiltrated at least a dozen companies in a matter of weeks. Another newly found Onyx ransomware also managed to hit six organizations by destroying their large files instead of encrypting them. In another threat, RedLine Stealer resurfaced in a fresh RIG exploit kit campaign targeting a vulnerability in Internet Explorer.
Scammers are always on the lookout for trending events to catch unsuspecting users in their trap. One such cunning attempt that redirected users to fake cryptocurrency giveaway sites was observed recently as Elon Musk struck deal with Twitter.
Austin Peay State University resumes operations
Austin Peay State University (APSU) resumed its operations after restoring its systems affected by a ransomware attack. The institution reported that it took immediate actions to contain the infection.
New updates on the Black Basta ransomware
A newly found Black Basta ransomware group has breached at least 12 companies in just a few weeks of April. The gang has demanded over $2 million in ransomware from one victim to decrypt files and not leak data. The gang makes use of the double-extortion method as part of its attack process.
New Onyx ransomware spotted
A new Onyx ransomware has targeted six organizations, so far, by destroying large files instead of encrypting them. The group also leverages the double-extortion scheme to threaten victims if a ransom is not paid. The ransomware only encrypts files that are smaller than 200MB in size and overwrites the remaining files.
New Bumblebee malware loader
Cybercriminals actors, observed delivering BazarLoader and IceID, have transitioned to a new loader called Bumblebee that’s under active development. Researchers identified the first campaign in March 2022, with the loader delivering Cobalt Strike Beacon, Silver and Meterpreter, and Silver onto the victims’ systems.
RedLine Stealer resurfaces
A new campaign has surfaced recently that distributes the notorious RedLine Stealer malware. The campaign leverages the RIG exploit tool to exploit a vulnerability (CVE-2021-26411) in Internet Explorer. Once executed, RedLine Stealer exfiltrates passwords, saved credit cards, crypto wallets, and VPN logins from infected systems and sends them to a remote C2 server.
Top exploited vulnerabilities reported
Cybersecurity authorities from the Five Eyes nations—Australia, Canada, New Zealand, the U.S., and the U.K—have released a report on the top frequently exploited security vulnerabilities in 2021. These include Log4Shell, ProxyShell, ProLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client.
Fake cryptocurrency-giveaway scams
Scammers leveraged a current trend around Elon Musk to conduct fake cryptocurrency giveaway scams. They made use of bots to send messages to multiple people on Twitter. In order to look convincing, the messages had the same current profile picture of the Tesla CEO as on his official Twitter account. These messages included short URLs that redirected recipients to fake cryptocurrency giveaway sites.