Cyware Daily Threat Intelligence
Daily Threat Briefing • December 13, 2021
The weekend has kept the organizations busy in mitigating the infamous Log4Shell vulnerability. Several large companies such as Apple, Twitter, Amazon, Pulse Secure, Google, and VMware have begun responding to the critical vulnerability that is being currently exploited in the wild. While a majority of attacks involving the exploitation of the zero-day flaw originated from Mirai, Muhstik, and Kinsing botnets, Microsoft said it observed the first instance where the flaw was being used to deploy Cobalt Strike beacons.
In other news, the discovery of three new malicious Python packages with over 10,000 downloads is likely to have supply chain management in peril. A previously undocumented threat actor group named Karakurt has also ramped up its attacks in the third quarter of 2021, affecting several organizations across North America and Europe.
Top Breaches Reported in the Last 24 Hours
Hellmann disrupted by ransomware
Germany-based logistic provider, Hellmann announced that some of its servers have been affected by a ransomware attack. The company is yet to ascertain the type of data affected in the attack.
Volvo attacked
Swedish manufacturer Volvo Cars disclosed details of a cyberattack on one of its repositories. As a result, hackers have stolen research and development secrets from its systems.
Karakurt targets North Americans
A newly found Karakurt threat actor group has been held responsible for a string of data theft and extortion attacks between September and November 2021. These attacks affected over 40 entities including healthcare, industrial, retail, technology, and entertainment verticals. Most of the victim organizations are located in North America.
Top Malware Reported in the Last 24 Hours
Malicious PyPI packages removed
Three malicious Python packages designed to exfiltrate environment variables and drop trojans on infected machines have been removed after their discovery on the PyPI software repository. These packages, which were downloaded 15,000 times, were named aws-login0tool, dpp-client, and dpp-client1234.
Microsoft unfolds QBot’s attack process
As QBot continues to expand its attacks far and wide, researchers are looking into ways to break the trojan’s distribution chain. As part of this attempt, Microsoft has demystified the complete attack process of the trojan, along with all the secondary payloads propagated during the infection.
Top Vulnerabilities Reported in the Last 24 Hours
Log4Shell attacks on the rise
Companies have started responding to the zero-day remote code execution Log4Shell flaw that is being exploited in the wild. The flaw, tracked as CVE-2021-44228, can be abused to gain complete access to the targeted systems by sending a specially crafted string. The list of affected companies includes Apple, Twitter, Baidu, IBM, Google, LinkedIn, Cisco, and VMware, among others. Meanwhile, Quebec has shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw that affected the Apache Log4j Java-based logging library.
Top Scams Reported in the Last 24 Hours
Loss due to gift card scams
The FTC revealed that Americans have incurred a loss of $148 million to gift card scams during the first nine months of 2021. While Google Play, Apple, eBay, and Walmart gift cards are popular among scammers, there has been an increase in the abuse of Target gift cards. Most of these scams begin with scammers impersonating a government officer and calling the targets to threaten them to freeze their bank accounts.