Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 20, 2019

Phishing continues to be a favorite attack vector for cyber crooks to infiltrate computers and steal personal data. A series of Emotet trojan attacks that used phishing emails for propagation has come to notice in the past 24 hours. In one incident, a spam email that mentioned a new climate change demonstration by Greta Thunberg was used to spread the trojan. In another incident, Frankfurt was forced to turn off its IT network after it suffered an Emotet infection. The infection started after an employee of the Fechenheim civil registry clicked on an Emotet-laden attachment from a malicious email.

Apart from this, security experts have also observed a massive cyberespionage campaign that is being used to spread a variety of malware. Dubbed Hornet’s Nest, the campaign makes use of a new dropper Legion Loader to drop a cocktail of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker, and a cryptocurrency stealer.

Top Breaches Reported in the Last 24 Hours

Facebook exposed over 267 million phone numbers

An unsecured database has exposed more than 267 million Facebook user IDs, phone numbers and names. Most of the affected users are from the United States. It is still not clear how the data was obtained.

Over 3,000 Amazon Ring cameras compromised

More than 3,000 Amazon Ring cameras were reportedly compromised to expose the login credentials of users and to possibly enable hackers easy access to all kinds of information. The leaked data could have allowed hackers to access Ring customers’ payment information, camera footage and video cameras’ history. Ring is reaching out to all customers to notify them about the data leak. It has asked users to change their passwords.

Wawa data breach

Almost 700 stores of Wawa mini-mart were affected over the past nine months in a malware infection designed to steal customers’ payment card details. The number of customers affected in the incident is not clear but Wawa has stores in Delaware, Pennsylvania, New Jersey, Maryland, and Virginia.

Top Malware Reported in the Last 24 Hours

100 malicious apps

More than 100 Android applications have been found allowing fraudsters to make money by pushing pervasive advertisements to users’ devices. These apps have some 4.6 million downloads from the Google Play Store and include malicious code that enables the bogus advertising network. The apps in question are fortune prediction apps, gaming apps, and selfie apps. These malicious apps include two code libraries called Soraka and Sogo.

Emotet’s infection

Frankfurt city officials have taken down their IT network following infection with the Emotet malware. The attackers had used Emotet in the initial stage to then launch a ransomware attack. In another incident, a spam email that promoting a new climate change demonstration by Greta Thunberg was used as a lure to spread the trojan. The authors of Emotet trojan are also taking advantage of the holiday season and sending out emails pretending to be from shipping companies to trick users.

Hornet’s Nest campaign

A high-volume hacking campaign dubbed ‘Hornet’s Nest’ was found targeting organizations around the world. The purpose of the campaign is to deliver a bunch of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker, and a cryptocurrency stealer. All these malware are being delivered through a new dropper named Legion Loader.

Trickbot returns

The Trickbot trojan was observed in a new campaign targeting e-commerce shoppers. The campaign was carried out via a phishing email that included a message about an order being shipped. The phishing email contained a Microsoft Word document as an attachment.

Fake streaming website

Attackers have been observing using the hype around the new ‘Star Wars: The Rise of Skywalker’ movie as a bait to lure potential victims on fake streaming sites and steal their credit card data. Over 30 fraudulent websites and social media profiles disguised as official movie accounts that claim to distribute the movie for free have been found by researchers.

Report on APT20 attacks

Dozens of companies in the aviation, construction, energy, finance, healthcare, transportation industries, as well as across 10 countries fell victim to APT20 attacks in the past two years. The affected countries include the US, UK, Brazil, China, France, and Germany.

Top Vulnerabilities Reported in the Last 24 Hours

Exploiting RDS feature

Adversaries are exploiting a feature in Windows RDS to deploy a cocktail of malware such as Cryptocurrency miners, info-stealers, and ransomware. In addition, threat actors are also stealing several system information such as architecture, CPU model, number of cores, RAM size, and Windows version.

Drupal releases new versions

Drupal has released versions 7.69, 8.7.11, and 8.8.1 to address several vulnerabilities including a serious file processing issue. The most serious issue is related to the Archive_Tar third-party library. It has been assigned a ‘Critical’ severity rating. The issue affects Drupal 7x, 8.7.x, and 8.8.x versions.

Related Threat Briefings