Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 17, 2020

Supply chain chaos is turning ugly as threat actors evolve their attack techniques. After the infamous SolarWinds attack, researchers have found a new supply chain attack targeting the Vietnam Government Certification Authority (VGCA). The attack was used to compromise the agency’s digital signature toolkit to install spyware called PhantomNet or Smanager on victims’ systems.

Meanwhile, giving a befitting reply to attackers behind SolarWind attacks, Microsoft, in collaboration with FireEye and GoDaddy, have created a killswitch for SUNBURST backdoor to disrupt the operations of the malware.

In other news, two malicious RubyGems packages and 28 malicious Chrome extensions were found stealing cryptocurrencies and users’ data respectively.

Top Breaches Reported in the Last 24 Hours

Widespread banking fraud campaign

Threat actors have managed to steal millions of dollars from US and EU banks in an ongoing worldwide mobile banking fraud campaign. To do that, the attackers used huge emulator farms that helped them access thousands of hacked accounts using spoofed mobile devices. According to reports, over 20 emulators have been used to hack accounts from over 16,000 compromised devices.

Supply chain attack

Researchers have uncovered a new supply chain attack targeting the Vietnam Government Certification Authority (VGCA). The attack was used to compromise the agency’s digital signature toolkit to install spyware called PhantomNet or Smanager on victims’ systems. The breach occurred between July 23 and August 16.

Top Malware Reported in the Last 24 Hours

Kill Switch for SUNBURST

In a collaboration effort from Microsoft and GoDaddy, FireEye has created a killswitch for Sunburst malware that has reportedly infected SolarWinds’ Orion platform. The backdoor had impacted several U.S. government agencies and many private firms such as Boeing, AT&T, and Ford.

Malicious RubyGems package

Two new malicious RubyGems packages were taken down from the RubyGems repository for their participation in a supply chain attack designed to steal cryptocurrency from unsuspecting users. These packages masqueraded as a bitcoin library and a library for displaying strings with different color effects. They were named 'pretty_color-0.8.1.gem' and 'ruby-bitcoin-0.0.20.gem' and contained a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.

Meyhod skimmer discovered

Researchers have discovered a new skimmer called Meyhod on several e-commerce sites including websites for hair treatment company Bosley and the Chicago Architecture Center (CAC). Elements of the code vary across different victim sites, with operators appearing to tailor them to match those used by each victim site.

Malicious extensions

Researchers have found around 28 malicious Chrome and Edge extensions that can allow attackers to steal users’ data and redirect victims to ads and phishing sites. These tainted extensions pose as helper add-ons for Vimeo, Instagram, Facebook, and other popular online services.

Top Vulnerabilities Reported in the Last 24 Hours

Trend Micro patches serious flaws

Trend Micro has issued updates for serious vulnerabilities affecting its InterScan Web Security Virtual Appliance (IWSVA). These flaws are related to CSRF protection bypass, XSS, authorization and authentication bypass, command execution, and command injection issues.

Faulty P2P file sharing feature

Design flaws discovered in Huawei, LG, and Xiaomi smartphones can allow attackers to hijack file transfer sessions. The flaws exist in the P2P file-sharing features of these smartphones.

HPE discloses a zero-day bug

HPE has shared mitigations for a zero-day vulnerability that affects the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. The flaw is tracked as CVE-2020-7200 and is rated 9.8 on the CVSS scale.

Top Scams Reported in the Last 24 Hours

Christmas bonus scam

Experts are warning Facebook users to be on the lookout for a Christmas bonus scam that appears to come from individuals in their contact lists. The message claims to offer a Christmas bonus or Christmas benefit, for which the targeted victim is asked to contact a Facebook Agent who will send a new message regarding the contest sponsored by Powerball. The ultimate purpose of the scam is to steal personal information and money from victims.

Related Threat Briefings