Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 20, 2020

A cyberattack on an organization can cripple its internal network and have knock-on effects on its customers as well. In the last 24 hours, the cyber landscape witnessed several crippling attacks and one of them was allegedly aimed at the South Korean supplier of RAM and flash memory manufacturer, SK Hynix. As per claims made by the Maze ransomware operations, the company lost 11TB of personal and corporate files in the incident.

Looking at the chaos created by cybercriminals, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about a new strain of malware, named BLINDINGCAN RAT that aims at the U.S. and foreign organizations in aerospace and defense sectors. Meanwhile, researchers found a new variant of the Lucifer malware infecting Linux systems, which is already known for turning Windows computers into Monero cryptomining bots and using them to launch DDoS attacks.

Top Breaches Reported in the Last 24 Hours

Maze is in action

The Maze ransomware operators have claimed to infect the network of the South Korean semiconductor giant, SK Hynix, and leaked some of the stolen files. The hackers allegedly exfiltrated 11TB of its internal data and uploaded a 570MB ZIP on their website as evidence of the infiltration, holding SK Hynix to ransom.

Experian falls into a trap

Experian, a consumer credit reporting agency, was tricked into giving away the personal details of its South African customers to a fraudster masquerading as a client. According to a report by South African Banking Risk Centre (SABRIC), the data breach affected 24 million South African customers and 793,749 local businesses.

SnapFulfil hit by ransomware

A cloud-based warehouse management software provider, SnapFulfil, faced a ransomware attack targeted on their services, impairing warehouse operations for no less than one of its customers. The U.K.-based company is collaboratively working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to recover its systems and alleviate the impact for the customers.

Top Malware Reported in the Last 24 Hours

CISA warns of a new North Korean malware

The Cybersecurity and Infrastructure Security Agency (CISA) issued a Malware Analysis Report (MAR), warning about a new strain of North Korean malware, named BLINDINGCAN RAT. According to the report, the malware was leveraged in attacks aimed at the U.S. and foreign organizations catering to the aerospace and military defense and sectors.

DDoS botnet infects Linux systems

Once known for deploying XMRig miner on vulnerable Windows computers, converting them into Monero cryptomining bots, the hybrid DDoS botnet, Lucifer, is now reportedly infecting Linux systems. In addition to that, Lucifer’s creators have broadened the capabilities of different Windows versions to steal credentials and escalate privileges through the Mimikatz post-exploitation tool.

APT focuses on India and Afghanistan

According to Kaspersky, the Transparent Tribe APT group has designed a new tool to infect USB devices for surveillance and spying on government and military personnel. While the group’s main payload is the Crimson RAT, it has been found using a custom .NET trojan and a USB attack tool to steal files from removable media.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues a security update

Microsoft has released the out-of-band KB4578013 Windows security update to address a couple of bugs affecting the Windows Remote Access service. The security update fixes CVE-2020-1530 and CVE-2020-1537, the two Windows Remote Access privilege escalation vulnerabilities impacting all the versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

A vulnerability in IBM Db2

Tracked as CVE-2020-4414, a flaw in IBM Db2 could allow attackers to gain access to critical data or lead to denial-of-service (DoS) in the relational database. The memory leak vulnerability impacts IBM Db2 versions for UNIX, Linux, and Windows (9.7, 10.1, 10.5, 11.1, 11.5). The issue rises from improper usage of shared memory and exploitation is possible if a specially-crafted request is sent.

Related Threat Briefings