Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 8, 2021

Phishing attacks rely on the best defense mechanisms to target as many individuals as possible. In this attempt, phishers have now been observed using Morse code as a part of their latest obfuscation technique to hide malicious URLs in email attachments.

Another novel evasion technique has been observed in the recently discovered Zeoticus 2.0 ransomware. The malware is designed in such a manner that it does not depend on the C2 server for communication. Moreover, it targets all countries except Russia, Belarus, and Kyrgyzstan.

Top Breaches Reported in the Last 24 Hours

Sri Lankan domains defaced

Hacktivists have hijacked and defaced the DNS records of several Sri Lankan websites that include Google.lk and Oracle.lk. Users visiting these sites are redirected to web pages detailing various social issues impacting the local population. The attack took place on February 6.

SN Servicing Corp notifies about an attack

Mortgage loan servicing company SN Servicing Corporation has disclosed a ransomware attack that affected its systems. Although attack details are not known, a preliminary investigation identifies the compromised data includes billing statements and fee notices of customers from 2018.

WestRock struggles from the attack

WestRock is struggling to recover from a ransomware attack that occurred on January 23. Although the company hasn’t shared any details about the attack, it has proactively shut down certain systems to enhance its cybersecurity posture.

Top Malware Reported in the Last 24 Hours

Zeoticus 2.0 ransomware

Zeoticus 2.0 ransomware has emerged on the threat landscape that has no dependence on a C2 server. It relies on faster encryption algorithms such as XChaCha20, Poly1305, XSalsa202, and Curve25519. It is also worth noting that the malware is designed not to function in some regions such as Russia, Belarus, and Kyrgyzstan.

New obfuscation technique

A new phishing attack campaign has been observed using Morse code to hide malicious URLs in an email attachment. The ultimate goal is to bypass secure email gateways or mail filters during the infection process.

Ziggy ransomware shuts down

The Ziggy ransomware has shut down its operation and released decryption keys for its victims. The ransomware operators announced the shut down on Telegram.

Furball spyware

Iranian threat actor group, Charming Kitten, has been linked with a massive cyberespionage campaign that involves the use of Furball spyware. Target individuals could include regime dissidents, civil rights activists, journalists, and lawyers. The spyware is distributed via malicious wallpaper and gaming apps.

Related Threat Briefings