Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 21, 2023

The ransomware landscape continues to thrive as a threat actor launched Hardbit 2.0. The ransomware group begs cyber insurance details from victim firms so that they can mutually set a ransom price that hurts no one. Speaking of malware threats, a cybercriminal group was observed launching a spear-phishing campaign using an updated version of the backdoor known as ReverseRAT. The cybercrime group first used ReverseRAT in its campaign in 2021 against the government and power utility sector of Afghanistan and India.

In other top headlines, Apple shared a new iOS 16.3.1 update that quietly addressed a high-severity vulnerability tracked as CVE-2023-23530, along with other security holes. The bug enabled arbitrary code execution with certain elevated privileges.

Top Breaches Reported in the Last 24 Hours

Ransomware targets healthcare facility

Patient data at the Pennsylvania-based Lehigh Valley Health Network (LVHN) was compromised in wake of a ransomware attack by the BlackCat group. The impacted data include patient images for radiation oncology treatment. Officials said the attack has not disrupted operations. BlackCat had reportedly demanded a ransom amount, however, the request was declined by LVHN.

Tusla, also an HSE cyberattack victim

The Irish Child and Family Agency Tusla is informing around 20,000 individuals about a breach during the 2021 cyberattack on the HSE, the country’s public healthcare system. Cybercriminals were able to steal sensitive data belonging to both staff and individuals. Tusla CEO Kate Duggan noted that it had secured an order to “restrain any sharing or processing or publishing of any of the data stolen.”

Irish media broadcaster under attack

A cyberattack on Virgin Media Television, an Irish broadcaster, has impacted its operations. Though the nature of the attack wasn’t specified by officials, they clarified it’s not a ransomware attack. Other operations of the company including the Virgin Mobile wireless carrier and home broadband experienced no interruptions owing to the attack.

Top Malware Reported in the Last 24 Hours

ReverseRAT by SideCopy

Hackers are distributing an upgraded version of the ReverseRAT backdoor, revealed cybersecurity firm ThreatMon. The RAT is being deployed on Indian government sites through spear-phishing campaigns, which contain a fake advisory from India’s Ministry of Communications. The activity has been attributed to SideCopy, a threat group of Pakistani origin with overlaps with Transparent Tribe.

Hardbit 2.0 is here

A report from Varonis revealed its findings about the second version of HardBit ransomware that extorts organizations. Its first version was observed in October 2022. This time, actors were spotted negotiating with certain victims as per their terms of cyber insurance. Victims are given 48 hours to get in touch with hackers, who use a peer-to-peer chat program that is open-source and encrypted.

Top Vulnerabilities Reported in the Last 24 Hours

Apple fixes privilege escalation flaw

Apple recently released iOS 16.3.1 to all users. The new release fixed issues related to iCloud and Siri requests for the Find My app. Researchers from Trellix’s Advanced Research Center shared details about a privilege escalation bug that could let an attacker bypass Apple's security measures and execute arbitrary code on macOS and iOS.

Related Threat Briefings