Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 7, 2021

Cybercriminals with their illegal motives combined with complex attack tactics are getting on the nerves of federal agencies, as well as security experts. Lately, two interesting changes in attack techniques deployed by TA551 and APT37 threat actor groups have come to the light. While TA551 has been found switching from Valak malware to IcedID trojan as part of its recent cyberattacks, APT37 leveraged the VBA decoding technique to hide RokRat trojan on impacted systems.

There’s more. Malware authors are now heavily relying on Golang-based Ezuri crypter and memory loader to make their code undetectable to antivirus software. The crypter, which is already in use for malware targeting Windows, is now being used for malware aiming to infiltrate Linux systems.

Top Breaches Reported in the Last 24 Hours

Nissan source code leaked

Nissan had inadvertently leaked the source code of mobile apps and internal tools due to a misconfiguration issue in one of its Git repositories. The Git server was left exposed on the internet with its default username and password combo of admin/admin.

Funke Media Group attack

Germany’s third-largest publisher, Funke Media Group, had fallen victim to a ransomware attack that affected systems in offices all around the country. As a result, subscribers were forced to receive only emergency issues of a few pages. The attack took place on December 22, 2020.

ShinyHunters sell more data

ShinyHunters is now selling databases belonging to three more Indian companies on a dark web forum. The affected companies are ClickIndia, ChqBook, and WedMeGood. Earlier, the hacker group was responsible for the data breach at Juspay.

Top Malware Reported in the Last 24 Hours

New attack tactic

Multiple malware authors are relying on Golang-based Ezuri crypter and memory loader to make their code undetectable to antivirus software. Although the tactic is widely used across Windows malware, threat actors now use Ezuri for infiltrating Linux environments.

TA551 shift from Valak to IcedID

The TA551 threat actor group, which is known for extensively using information-stealing malware families such as Ursnif and Valak, has switched to IcedID malware after mid-July, 2020. The infection chain starts with a malicious email that includes a password-protected zip archive. If a victim opens the archive, it causes the download of malicious macros that drop IcedID malware on systems.

RokRat trojan ** **

North Korean hacking group APT37 has been found using the RokRat trojan in a fresh wave of campaigns against the South Korean government. A VBA self decoding technique is being used to hide the malware on impacted systems.

Top Vulnerabilities Reported in the Last 24 Hours

Fortinet issues patches

Fortinet has issued security patches for several potentially serious vulnerabilities discovered in the FortiWeb web application firewall. The flaws could be abused to expose corporate networks to attacks. The flaws are tracked as CVE-2020-29015, CVE-2020-29016, CVE-2020-29019, and CVE-2020-29018.

SoftMaker Office flaws fixed

Several vulnerabilities discovered in SoftMaker Office can be abused for arbitrary code execution via malicious documents. The vulnerabilities impact TextMaker, a component in SoftMaker Office. Assessed with a CVSS score of 8.8, all of these vulnerabilities are now fixed.

Top Scams Reported in the Last 24 Hours

Impersonation scam

Scammers have been impersonating Singapore government officials in an ongoing phishing scam that attempts to pilfer banking information from users. Victims in such cases receive phone calls or messages which inform them that there are issues with their bank accounts. They are asked to verify their banking or personal details to resolve the issue.

Related Threat Briefings