Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 4, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 4, 2020
Looks like the recently discovered Egregor ransomware is keeping up to its creators’ ambition of wreaking havoc on organizations. The ransomware, which has crippled over 60 firms worldwide since September, has added two more targets—Metro Vancouver’s transportation agency TransLink and the U.S department store Kmart—to its list of victims.
In other news, researchers have uncovered a new PowerShell-based backdoor malware named PowerPepper. Associated with the Deathstalker threat actor group, the malware has been used against firms specialized in law and consultancy in Europe, Asia, and the U.S.
Top Breaches Reported in the Last 24 Hours
Black Shadow extorts Shirbit
An Israeli insurance company, Shirbit, had its files stolen after the Black Shadow threat actor gang breached into the company’s network. Following the attack, the hackers had demanded almost $1 million in bitcoin in ransom to stop the leaking of stolen data. The stolen data included documents, email PST files, scanned documents, audio recordings, and images of passports.
TransLink impacted
Metro Vancouver’s transportation agency TransLink has fallen victim to the Egregor ransomware. This disrupted services and payments systems of the agency. However, all transit services remained unaffected.
Kmart targeted
The U.S department store Kmart has also suffered an attack by Egregor ransomware. It is unknown if the attackers stole data, but several devices and servers were encrypted after the attack.
Top Malware Reported in the Last 24 Hours
PowerPepper malware
Kaspersky has released details of a previously undocumented PowerShell-based backdoor malware that is associated with the DeathStalker hacker group. The malware includes various tricks to evade detection and is capable of executing remote shell commands. So far, the malware has been used against firms specialized in law and consultancy in Europe, Asia, and the U.S.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable Docker
A vulnerability discovered in ‘shim’ API can allow unauthorized third parties to execute arbitrary contents and arbitrary permission levels in Docker and other Kubernetes configurations. Tracked as CVE-2020-15257, the flaw scores 8.8 on the CVSS scale. The vulnerability exists due to the way a common container management component spawns the shim API. It has been fixed in containerd versions 1.3.9 and 1.4.3.
Top Scams Reported in the Last 24 Hours
Exit scam
Compounder Finance DeFi developers have made away with $11 million in an exit scam that allegedly installed a hidden backdoor into the targeted systems. The firm promised the investors of high-returns for a small investment as a part of its Ethereum-based decentralized finance (DeFi) project. To attract more investors, the tricksters claimed to support funds from other cryptocurrencies such as DAI, USDT, and USDC.