Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 26, 2020

Emerging sophisticated cyberattack campaigns have become a major cause of headache for cyber defenders. A massive spear-phishing campaign, which is believed to have been active since 2018, has finally come under the radar of security researchers. The campaign, backed by the notorious Lazarus threat actor group, has so far targeted the cryptocurrency vertical in more than 14 countries.

That’s not all. A recently discovered DarkSide ransomware has claimed its attacks on Brookfield Residential by stealing confidential information from the firm. The operators have threatened to leak all the stolen files and documents on a website if their ransom demand is not met.

A new phishing attack against Microsoft Office 365 users was also observed in the last 24 hours. The attack, which was primarily aimed at government and security organizations, was executed using a legitimate Box webpage as a bait.

Top Breaches Reported in the Last 24 Hours

Massive spear-phishing campaign

The Lazarus threat actor group has been found using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries. Based on phishing artifacts, researchers believe that the campaign has been running since at least January 2018.

DarkSide ransomware attack

North American land developer and homebuilder, Brookfield Residential is one of the first victims to be infected by the new DarkSide ransomware. To claim the attack, the gang has added a portion of stolen data on its leaked site.

NZX exchange suffers DDoS attack

The operations at Wellington-based NZX stock exchange were temporarily halted due to a DDoS attack. The firm took some countermeasures to mitigate the attack and later resumed its operations.

Top Malware Reported in the Last 24 Hours

Ransomware release data leak sites

Avaddon and Conti have become the latest ransomware family to launch their data leak websites. The ultimate purpose of these ransomware operators is to extort victims by threatening to leak their stolen data online. While Conti’s data leak site currently lists twenty-six victims, Avaddon’s leak site has only the entry of documents stolen from a construction firm.

Malicious 3Ds Max plugins

A newly discovered hacker group was found targeting companies across the globe with malware hidden inside malicious Autodesk 3Ds Max plugins, such as PhysXPluginMfx. The purpose of the malware was to deploy a backdoor trojan to enable hackers to steal sensitive data files and documents.

Top Vulnerabilities Reported in the Last 24 Hours

Faulty set-top boxes

Serious security flaws in two popular set-top boxes - THOMSON THT741FTA and Philips DTR3502BFTA - can leave customers at risk of cyberattacks. The flaws can allow malicious attackers to launch botnet and ransomware attacks. Furthermore, these set-top boxes are shipped by manufacturers with open telnet ports and an unencrypted protocol used for communicating with remote devices or servers.

Top Scams Reported in the Last 24 Hours

FBI alerts about vishing

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory about the rising vishing attacks. According to the advisory, such attacks have spiked since mid-July and are aimed at stealing login details from employees. Attackers can later use these details to conduct research on victims or to fraudulently obtain funds.

Phishing attack observed

A phishing attack aimed at government and security organizations used a legitimate Box webpage to capture victims’ Microsoft 365 credentials. The attack was carried out through emails that appeared to be from a third-party vendor, urging recipients to view a sensitive financial document.

Related Threat Briefings