Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence December 5, 2018 - Featured Image

Daily Threat Briefing Dec 6, 2018

Top Breaches Reported in the Last 24 Hours

NRCC hack

The National Republican Congressional Committee (NRCC) was hacked and thousands of sensitive emails stolen. Four of NRCC's senior aides' email accounts were surveilled for months by the attackers. GOP House leadership, including House Speaker Paul Ryan and House Majority Leader Kevin McCarthy, were not alerted of the hack until recently. The FBI was alerted of the incident and an internal investigation was launched as well.

Healthcare breach

The websites of four Montreal regional health boards (CIUSSS) were knocked offline by a cyberattack. The sites of the CIUSSS Centre-Ouest-de-l'Île-de-Montréal, Nord-de-l'Îe-de-Montréal, l'Ouest-de-l'Îe-de-Montréal, and Centre-Sud-de-l'Île-de-Montréal have been offline since November end. Fortunately, the attack did not result in compromising the personal data of patients.

Marijuana hack

A Florida-based medical marijuana provider's website accidentally leaked customer data. AltMed, which does business as MüV, discovered the breach thanks to a customer who sounded the alarm. AltMed's was taken down and remains offline as a precaution. The breach was caused by a website flaw.

Top Malware Reported in the Last 24 Hours

New Ursnif variant

A new variant of the prolific banking malware Ursnif was recently discovered. The new Ursnif variant was found being distributed via a malspam campaign and targeting victims in Italy. The malware's initial dropper is an obfuscated JavaScript. It creates a batch file and generates a lot of noise by attempting to connect to fake domains. The new Ursnif variant also makes debugging harder by making a new copy of itself. It uses registry keys to remain persistent in the infected system.

Ransomware attack

A new unnamed ransomware variant struck thousands of victims in China. The ransomware infected around 20,000 Windows systems. The attackers operating the ransomware demanded $16 in bitcoins and used mainly Chinese apps to deliver the malware. The ransom payments are requested via WeChat payment service which is only available in China and adjoining region. Victims have complained to be infected with the ransomware after installing social media-themed apps. The ransomware also included an information-stealing component that harvested login credentials for several Chinese online services like Alipay, Baidu Cloud, NetEase 163, Tencent QQ, Tmall, and Jingdong.

Top Vulnerabilities Reported in the Last 24 Hours

CoAP and MQTT flaws

Researchers have discovered major design flaws and vulnerable implementations in Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). The researchers discovered over 200 million MQTT messages and over 19 million CoAP messages being leaked by servers. The flaws provide attackers with millions of exposed records. Researchers also identified a few vulnerabilities tracked as CVE-2017-7653, CVE-2018-11615, and CVE-2018-17614.

Top Scams Reported in the Last 24 Hours

London Blue

A group of online scammers, called London Blue, has generated a list of 50,000 CFOs, which then they used to launch BEC scams. The list was discovered by the security firm Agari after the scammers targeted the firm with one of its scams. London Blue is primarily targeting mortgage companies. Such scams are believed to focus on stealing real estate purchases or lease payments. The scammers sent out phishing emails but they didn't contain any malware, which made it difficult to detect the malicious emails. London Blue is likely based in Nigeria but has members in the UK and the US as well. The group operates as a modern corporation. Its members carry out specialized functions, including business intelligence, sales management, email marketing, and more.

Related Threat Briefings