Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 10, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 10, 2020
Distributed Denial of Service (DDoS) attacks can be used as a potential cyber weapon by nation-states to bring a country to its knee. Over the weekend, the Iran government faced a similar situation after the country’s internet services were disrupted for an hour due to a massive DDoS attack. As a result of the attack, Iran had lost 25% of its internet access. It took 7 hours for the internet connection to return to normal conditions.
In a different incident, the operators of Emotet have enhanced the capabilities of the trojan by including a Wi-Fi worm module to its arsenal. The new variant makes use of wlanAPI.dll calls to scan nearby wireless networks. Once found, the trojan attempts to brute-force its way into the target network to compromise devices.
Talking about scams, scammers are making use of a free utility called ‘Lock My PC’ to lock users out of their PCs unless they pay the requested ‘support’ fees. For this, the scammers pretend to be from Microsoft or Google and convince target users to let them access their systems to fix a ‘detected’ issue.
Top Breaches Reported in the Last 24 Hours
Leaky Likud party’s app
A misconfiguration in an election day app developed by Likud party may have potentially exposed the personal details of almost 6.5 million Israeli citizens. Researchers claim the app’s website developers left the API endpoint exposed online without a password, allowing third-parties to obtain passwords for admin accounts. The app was made available for download on the elector.co.il website.
Stolen data up for sale
Data of more than half a million clients of Russian microfinance organizations have been put up for sale on a dark web market. The affected clients belong to companies like Bistrodengi, Zaymer, and Ekapusta. The compromised data includes full names, phone numbers, email addresses, birth dates and passport of Russians.
13.4 million accounts compromised
The Saudi-based OurMine hacking group had managed to compromised nearly 13.4 million Twitter accounts to highlight the security flaws in the social networking platform. The temporary account takeover lasted for less than 30 minutes. Upon being informed of the issue, Twitter locked the compromised accounts and is working closely with Facebook to restore them.
DDoS attack
A massive DDoS attack had brought down a large portion of the Iranian access to the Internet. As a result of the attack, Iran had lost 25% of its internet access. It took 7 hours for the internet connection to return to normal.
Top Malware Reported in the Last 24 Hours
MyCERT issues an alert
Malaysia’s Computer Emergency Response Team (MyCERT) has issued a security alert to warn about a hacking campaign targeting government officials. Carried out by the APT 40 threat actor group, the attack campaign aims to steal confidential documents from government systems. The campaign involves the use of spear-phishing messages sent to government officials. These messages appeared to be from a journalist, an individual from a trade publication, or individuals from a relevant military organization or non-government organization.
Adposhel adware
Researchers have detected a new adware family called Adposhel that takes control of push notifications in Chrome at the administrator level. The adware uses Chrome policies to ensure that notification prompts will be shown to users and adds some of its own domains to the list of sites that are allowed to push browser notifications.
New Emotet variant
A new variant of Emotet trojan has been found to include a Wi-Fi worm module that allows the malware to spread to new victims connected to nearby insecure wireless networks. This new strain of Emotet starts the spreading process by using wlanAPI.dll calls to discover wireless networks.
Top Vulnerabilities Reported in the Last 24 Hours
Windows 7 bug
A weird bug has been hitting Windows 7 users after the January 14 end-of-life (EOL) deadline. The affected users are taking to different online forums to report that they are receiving a popup message that reads "You don't have permission to shut down this computer" every time they attempt to shut down or reboot their systems. The cause of the bug remains unknown. However, a temporary workaround - that doesn't require any scripting or OS system hacks, and could be executed by any Windows 7 user - has been devised.
Top Scams Reported in the Last 24 Hours
Tech support scam
Scammers are using a free utility called ‘Lock My PC’ to lock users out of their PCs unless they pay the requested ‘support’ fees. The scammers pretend to be from Microsoft, Google, and other known companies and convince the victims to let them access their computers to fix a ‘detected’ issue. Once the scammers gain access to the computer, they would use the Windows Syskey program to lock the user out of their Windows.
Impersonation scam
Scammers are impersonating CoinDesk reporters and editors with an intention to steal money from users. The scam, which is primarily disseminated through Telegram messages, promises victims about full coverage of their crypto projects in exchange for a fee that can go up to $500.