Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 27, 2023

The threat of cyberattacks motivated by geopolitical affairs has grown in recent years. One Russian hacker group known for such attacks has now targeted German airports, public administration, and financial institutions with DDoS attacks. Meanwhile, the BlackCat ransomware gang has continued its marauding run of attacks by claiming to breach an explosives manufacturer and allegedly stealing sensitive military data.

In other news, the malware landscape is evolving constantly with new threats popping up daily and some known threats getting dismantled. In the last 24 hours, researchers reported the emergence of a new ransomware strain named Mimic. On the other hand, the FBI, Europol, and other law enforcement agencies took down a long-standing threat in the form of Hive ransomware.

Top Breaches Reported in the Last 24 Hours

Killnet targets Germany

The notorious Russian hacker group Killnet launched a new wave of DDoS attacks against German organizations. The targeted entities include German airports, public administration bodies, and financial sector organizations. Germany’s Federal Cyber Security Authority (BSI) said these attacks rendered some websites unavailable.

Mental health institutions hacked

Lately, two U.S. mental healthcare providers, Lutheran Social Services of Illinois and North Carolina-based Mindpath Health, disclosed suffering breaches due to a ransomware attack and an email hacking incident, respectively. The former incident affected nearly 184,000 individuals whereas the latter impacted nearly 194,000 people.

Explosives manufacturer hit by BlackCat

The BlackCat Ransomware gang added Solar Industries India, an industrial explosives manufacturer, to the list of victims published on its Tor leak site. The gang claimed to have infiltrated the company’s infrastructure and stolen 2TB of data that was put up for auction on its site. This allegedly includes secret military data related to weapons production.

Top Malware Reported in the Last 24 Hours

New Windows ransomware threat

Researchers at Trend Micro discovered a new ransomware strain, dubbed Mimic, that utilizes the 'Everything' file search tool on Windows to discover files to be targeted for encryption. English and Russian-speaking users are the prime targets. The ransomware supports command-line arguments to narrow down encryption targets. It also makes use of multi-threaded execution to speed up the data encryption process.

Hive ransomware taken down

The FBI, in cooperation with Europol and other law enforcement agencies across 10 countries, completed a months-long operation to take down the notorious Hive ransomware group. The operation blocked $130 million in ransom payments to the group and resulted in the seizure of the Hive leak site.

**PlugX variants infect USB devices **

Security researchers have uncovered a PlugX malware sample that comes with updated propagation capabilities, including the ability to infect attached removable USB media devices.

Notably, this variant of PlugX also uses a Unicode character called non-breaking space (U+00A0) to hide files in a USB device plugged into a workstation.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability in Ruby on Rails apps

Positive Security warned that Ruby on Rails applications using for object-based search could be vulnerable to data theft. Many websites invoke the Ransack search function with unrestricted user input as parameters. This type of integration of the library can result in data theft or even takeover of administrator accounts.

RCE flaw in Lexmark printers

More than 100 printer models made by Lexmark are affected by a server-side request forgery (SSRF) vulnerability that could allow attackers to gain foothold on networks, expose sensitive documents, or obtain network credentials. Lexmark patched the vulnerability, CVE-2023-23560, through a firmware update.

Top Scams Reported in the Last 24 Hours

Phishing campaign against Bitwarden users

A number of phishing campaigns are abusing Google Ads to target users of Bitwarden and other password managers. The scammers use spoofed websites promoted via search ads to steal users’ password vault credentials.

Related Threat Briefings