Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 19, 2021 - Featured Image

Daily Threat Briefing Aug 19, 2021

The ever-evolving ransomware gangs’ affiliate recruitment strategy has put a new spin on the insider threat attack. A unique campaign launched by a group of Nigerian hackers is tricking potential targets into installing the DemonWare ransomware, in return for a slice of the payout. In this instance, the threat actors are using LinkedIn and other publicly available information to identify targets.

Meanwhile, Cisco’s multiple security devices are vulnerable to the SNIcat attack technique that can be used to covertly steal data from corporate networks. The affected devices include Cisco firewalls running Firepower Threat Defense (FTD) software, devices running Web Security Appliance (WSA) modules, and all ISA3000 firewalls.

Top Breaches Reported in the Last 24 Hours

Liquid exchange loses $94 million

Japan-based cryptocurrency exchange Liquid has suspended its operations following a massive hack that compromised its warm wallets. Investigation reveals that the attackers stole roughly $94 million worth of cryptocurrency assets in the attack, including $45 million in Ethereum tokens.

A potential insider threat strategy

Cybercriminals based in Nigeria are tricking potential targets into installing DemonWare ransomware on their organization’s network in return for a payout. For this, they are leveraging LinkedIn and other publicly available information to identify the targets. The attackers leave an email address and a Telegram username for interested parties to contact them as part of the campaign.

U.S. Census breach

A report published by the U.S. Office of Inspector General (OIG) revealed that threat actors breached the servers of the U.S. Census Bureau last year by exploiting an unpatched Citrix ADC flaw. This enabled the attackers to modify user data.

Police database accessed

The Cyber Partisans group has managed to obtain the personal information of the Belarusian government and police after gaining access to a database. The compromised data includes passport photos, home addresses, and the places of work of the affected individuals.

Tokio Marine Holdings attacked

Japan’s largest property and casualty insurer, Tokio Marine Holdings disclosed a recent ransomware attack. The firm is still trying to determine the scope of the damage.

Top Malware Reported in the Last 24 Hours

The terror of trojans

A new malware campaign distributing njRAT and AsyncRAT has been found targeting travel and hospitality organizations in Latin America. Techniques used in this campaign bear a resemblance to those of the Aggah group. The infection chains used in these campaigns are built using a NET-based crypter called ‘3losh crypter rat’.

**Top Vulnerabilities Reported in the Last 24 Hours **

Cisco’s zero-day RCE flaw

A zero-day RCE flaw in the Universal Plug and Play (UPnP) service of multiple legacy small VPN routers can be exploited to execute arbitrary code remotely. The affected VPN routers include RV110W, RV130, RV130W, and RV215W. In another incident, Cisco has revealed that some of its security products are vulnerable to the SNIcat attack technique that can be used to steal data from corporate networks. The affected devices include Cisco firewalls running FTD software, devices running WSA modules, and all ISA3000 firewalls.

Top Scams Reported in the Last 24 Hours

Pilfering users’ banking details

Fraudsters have created fake support pages on Facebook to steal bank details from users. To make it look convincing, the pages are embedded with a chatbot that greets clients before starting a conversation.

Related Threat Briefings