Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 1, 2020

Ransom demands are growing in large and tactics are becoming cutthroat. After Delaware County, the online learning company K12 has decided to pay a ransom to cybercriminals who gained unauthorized access to student and employee information before deploying ransomware.

Apart from ransomware threat, the terror of Magecart-themed credit card skimming attack has also come to light in the last 24 hours. The gang has been found injecting convincing PayPal iframes into the checkout pages of online retail sites to steal payment data of users.

Meanwhile, researchers have detailed a cyberattack that was active in November and targeted German users. The attack delivered the Gootkit banking trojan, and in some cases, the REvil ransomware.

Top Breaches Reported in the Last 24 Hours

AspenPointe notifies patients

U.S. healthcare provider Aspen Pointe has notified patients of a data breach that occurred in September. The attack enabled attackers to steal PHI and PII of its patients. Currently, there is no evidence that data stolen during the attack was used by any third-party attackers.

Adopis Pharma leaks data

An unsecured Elasticsearch database associated with Apodis Pharma was under investigation for leaking over 1.7 TB of confidential business data including full names of Apodis Pharma’s partners and employees, shipment details, and addresses.

K12 pays ransom

The online learning solutions provider K12 has decided to pay a ransom to cybercriminals who managed to breach their systems and deploy a piece of ransomware. The company revealed that the attack did not disrupt its major corporate systems. It claimed that accounting, payroll, procurement, enrollment, and shipping systems remained operational, even after the attack.

Top Malware Reported in the Last 24 Hours

Monero coin miner

A threat actor group tracked as Bismuth is responsible for a cyberespionage campaign that was carried out between July and August. The attackers used cryptocurrency miners to stay under the radar and establish persistence in targeted networks. Bismuth, which shares similarities with the OceanLotus threat actor group, has been running complex cyberespionage attacks since 2012.

New credit card skimming

The Magecart gang has been found using postMessage to hijack PayPal transactions during the checkout process of an online purchase. The ultimate purpose of the new credit-card skimming attack is to create a fake PayPal transaction process in order to steal victims’ payment data.

**Gootkit or REvil ransomware used **

Users in Germany are targeted in a cyberattack that delivers the Gootkit banking trojan and, in some cases, the REvil ransomware. In the latest campaign, threat actors are relying on compromised websites to trick users into downloading malicious files through fake forum templates.

Related Threat Briefings