Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 20, 2024

In a significant blow to the ransomware landscape, international law enforcement took down the infrastructure of the LockBit group. Along similar lines, Meta Platforms took action against surveillance-for-hire firms in Italy, Spain, and the UAE, infecting devices with a myriad of spyware. In other news, Cisco researchers flagged Agniane Stealer, a crypto-targeting malware that surfaced in August 2023. It steals financial data from compromised hosts.

A couple of security issues have been reported in ScreenConnect software, posing remote code execution risks. The vulnerabilities, awaiting CVE IDs, involve authentication bypass and path traversal flaws. Meanwhile, a security flaw in the WordPress builder theme could be a threat to thousands of active installations.

Top Breaches Reported in the Last 24 Hours

Ransomware attack on Schneider Electric

The Cactus ransomware group took responsibility for crippling Schneider Electric's network and stealing 1.5TB of data. As proof of its claims, the group leaked 25MB of allegedly stolen data on its dark web leak site, including snapshots of American citizens' passports and NDA document scans. The breach occurred on January 17th, targeting Schneider Electric's Sustainability Business division.

Attackers target Ukrainian media outlets

Cybercriminals from Russia hacked into prominent Ukrainian media outlets, spreading fake news about Russian forces destroying Ukrainian special forces in Avdiivka. Experts claimed that these non-destructive attacks aim to destabilize Ukraine, sow panic, and spread false propaganda. The attacks attempt to undermine citizen’s trust in Ukrainian authorities.

Former staff steals data for personal gain

A former staff member of the Stratford-on-Avon District Council accessed databases containing residents' information, pilfering around 79,000 email addresses for personal gain. The breach, targeting a garden and waste collection database, also involved data from Warwick District Council due to collaborative arrangements. The individual responsible faced a police investigation but received only a slap on the wrist.

Top Malware Reported in the Last 24 Hours

LockBit infrastructure disrupted

In a coordinated effort labeled Operation Cronos, law enforcement agencies across multiple countries arrested two LockBit ransomware operators, seized over 200 crypto wallets, and created a decryption tool to aid victims. The operation, spearheaded by the U.K National Crime Agency and supported by Europol and Eurojust, resulted in the takedown of 34 servers worldwide. Additionally, almost 1,000 decryption keys were retrieved, enabling the development of a LockBit 3.0 decryption tool.

Meta singles out spyware campaigns

Meta Platforms revealed taking actions against at least eight spyware operators based in Italy, Spain, and the UAE, as part of its Adversarial Threat Report. These firms, including Cy4Gate/ELT Group and RCS Labs, were spotted deploying spyware across iOS, Android, and Windows devices. These operations involved scraping, social engineering, and phishing across multiple platforms. The firm has removed over 2,000 accounts linked to coordinated inauthentic behavior from China, Myanmar, and Ukraine.

PlugX’s variant spread across Asian countries

Following Check Point's disclosure of the SMUGX campaign, Trend Micro now revealed that the campaign employs a customized PlugX malware variant named DOPLUGS. The malware uses the KillSomeOne module for USB worm functionality. Spear-phishing emails containing Google Drive links serve as the initial access vector, allowing the download of DOPLUGS onto victims' systems. It exhibits backdoor behavior, with distinct features in each iteration, evolving alongside the campaign's objectives.

New stealer threat to cryptocurrency

A crypto-stealing malware, dubbed Agniane Stealer, has emerged in the wild. It leverages advanced techniques and employs ConfuserEx Protector for obfuscation. The ?stealer aims to extract sensitive data from unsuspecting users, including credentials, passwords, credit cards, and wallets. As per sources, the malware was actively marketed on Telegram.

Top Vulnerabilities Reported in the Last 24 Hours

Peeking through neighbors’ cam

Wyze, a security camera provider, experienced a security breach that allowed some users to see images and videos from other users' cameras. The issue occurred after an outage caused by an overload on the system, resulting in incorrect mapping of device IDs. The breach has affected nearly 13,000 individuals, with 1,500 of them enlarged a thumbnail or viewed a video. While only events were visible, not live feeds, affected users expressed feelings of violation and disgust.

Critical flaw in WordPress builder theme

A critical RCE vulnerability, tagged CVE-2024-25600, in Bricks (a premium theme for WordPress) was discovered impacting around 25,000 active installations. Active exploitation attempts have been detected since February 14, prompting warnings from security experts. Attackers exploit REST API endpoints for server-side rendering, bypassing nonce checks, and compromising security plugins like Wordfence and Sucuri.

ConnectWise patches ScreenConnect bugs

ConnectWise addressed two critical security holes in its ScreenConnect remote desktop software, capable of enabling RCE and unauthorized access to restricted directories. The flaws, affecting versions 23.9.7 and prior, pose significant risks to system integrity and data confidentiality. Although there is no evidence of exploitation, users were urged to update to version 23.9.8 promptly.

Related Threat Briefings