Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 17, 2022

Alert! There’s a new Kraken botnet in the town and let's not confuse it with the one from 2008 as they have nothing in common, apart from their names. Researchers claim that the new Golang-based botnet makes use of SmokeLoader to spread quickly across multiple devices. The current iteration of the botnet is capable of taking screenshots, stealing various cryptocurrency wallets, and collecting information about the host.

There’s also a warning about a newly found phishing threat that can put Blockchain and Defi environments at risk. Tracked as ‘Ice Phishing,’ the attack can allow attackers to obtain the private cryptographic keys for digital wallets. Furthermore, the FBI has asked organizations and individuals to be vigilant following a recent rise in BEC scams.

Top Breaches Reported in the Last 24 Hours

Update on attacks at Red Cross

A new update on the cyberattack at the International Committee of the Red Cross (ICRC) reveals that the hackers had accessed the networks 70 days before the attack. They exploited a critical severity authentication bypass flaw, tracked as CVE-2021-40539, in Zoho’s ManageEngine AdSelfService Plus to breach the network. The attackers had impersonated legitimate users to hide their presence in the environment.

U.S. contractor under attack

A statement released by the CISA reveals that Russian state-sponsored operatives are targeting U.S. cleared defense contractor networks to obtain sensitive information. Some of these attacks have been ongoing for at least six months. According to the agency, threat actors are using tactics such as spear-phishing and brute-force attacks to breach networks.

Top Malware Reported in the Last 24 Hours

New Golang-based Kraken botnet

A newly found Goland-based Kraken botnet is under active development. Different from the one discovered in 2008, the botnet features an array of backdoor capabilities to pilfer sensitive information from compromised Windows hosts. It makes use of SmokeLoader to spread quickly, gaining control over hundreds of devices each time.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco warns about a DoS flaw

Cisco is informing its customers of a DoS vulnerability in its Email Security Appliance (ESA) product. The flaw, tracked as CVE-2022-20653, can be exploited using specially crafted emails. The vulnerability is caused by insufficient error handling in DNS name resolution. Patches and workarounds have been made available.

Top Scams Reported in the Last 24 Hours

Baltimore city scammed

The Office of the Inspect General (OIG) revealed that Baltimore city was duped into sharing hundreds of thousands of dollars last year after cybercriminals posed as a vendor. The fraudsters claimed to be associated with an employee from a vendor and emailed the Mayor’s Office of Children and Family Success (MOCFS) and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) to update the vendor’s EFT remittance information.

FBI warns about a rise in BEC scam

The FBI is warning about the rise in BEC scams against U.S. organizations and individuals. The agency shared that the scammers had lately turned to virtual meeting platforms to match the overall trend of businesses moving to remote work during the pandemic.

Ice Phishing attack

Microsoft has warned about a new Ice Phishing attack that poses a threat to blockchain and Defi networks. This can enable threat actors to obtain private cryptographic keys to access digital wallets.

Related Threat Briefings