Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 26, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 26, 2021
The notorious Lazarus threat group didn’t waste any time getting up and running for 2021. Researchers have linked the group with a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense sector. The campaign leverages a multi-step approach that begins with specially crafted spear-phishing emails to execute the ThreatNeedle malware.
The emergence of cybercrime-as-a-service schemes is predicted as one of the biggest cybersecurity issues in upcoming years. Nation-state hacking groups are hiring cybercrime groups in an attempt to hide their involvement in attack campaigns. Meanwhile, the new DarkWorld ransomware is an Achilles heel in the cybersecurity world.
Top Breaches Reported in the Last 24 Hours
Emergence of CaaS
A report has warned about the emergence of Cybercrime-as-a-Service (CaaS) schemes among nation-state threat actors. The scheme allows threat actors to work with groups that can carry out attacks for them. The crimes range from executing malicious hacking operations to breaching networks.
Npower suffers an attack
The U.K’s largest energy firm Npower has been forced to deactivate its mobile app after a report of credential stuffing attack against users emerged. Although it’s unclear how many accounts are affected, the data that may have been exposed in the incident include dates of birth, contact details, addresses, and financial information of users.
Top Malware Reported in the Last 24 Hours
New ThreatNeedle malware
An ongoing espionage campaign aimed at the defense industry has been tracked by researchers. Tied to the North Korea-based Lazarus group, the attack involves the use of ThreatNeedle malware which exfiltrates sensitive information. The malware is delivered via COVID-themed emails with malicious Microsoft Word attachments.
New DarkWorld ransomware
Researchers have detected a new DarkWorld ransomware that adds .dark extension to encrypted files. The malware uses the Rijndael algorithm to encrypt files.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable PLCs
Industrial organizations have been warned about a critical authentication bypass vulnerability that can allow hackers to remotely compromise PLCs from Rockwell Automation. Tracked as CVE-2021-22681, the flaw has a CVSS score of 10. The vulnerability impacts Studio 5000 Logix Designer, as well as over a dozen CompactLogix, ControlLogix, DriveLogix, Compact GuardLogix, GuardLogix, and SoftLogix controllers.
SQL triggers backdoors
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin-level user into the infected database whenever the trigger condition is met.