Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 11, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 11, 2022
While, on one side, existing ransomware threats continue to raise stakes and claim more victims, a new ransomware group has now made the headlines. Known as 0mega, the ransomware group has infiltrated several networks around the globe. Meanwhile, the relatively aged Lockbit cybercriminal group compromised the network of French telecom firm La Poste Mobile. Users have been warned to watch out for phishing and social engineering attacks.
Furthermore, a researcher has laid bare a security bug in Honda vehicles that let hackers unlock a car door and start it remotely. The flaw, identified as CVE-2021-46145, works by manipulating the code in software-defined radios.
Million of readers exposed by a breach
Mangatoon, an app for reading comic Manga and novels, was found exposing 23 million user account details via an unsecured Elasticsearch database. Exposed data include names, email addresses, social media account information, authentication tokens from social logins, and salted MD5 password hashes. A hacker who goes by “pompompurin” reportedly broke through the weak credentials of the database storage.
Killnet attempts DDoS on Latvia
Latvia has suffered a 12-hour-long DDoS attack that bombarded its public broadcasting center. Attackers also targeted the official website of the Latvian president's office and a similar attack appears to have crippled the website of the Estonian president. It is assumed that pro-Kremlin hacker group Killnet is behind this series of attacks that have been hiding around in Latvian networks for over a month.
A French telephone operator targeted
La Poste Mobile, a virtual mobile telephone operator in France, experienced a ransomware attack that impacted administrative and management services. The Lockbit ransomware group has added La Poste Mobile as one of its victims to its leak site. The firm has urged customers to be vigilant as threat actors may have accessed their data.
0mega ransomware rises as new global threat
Bleeping computer took the wraps off the new ??0mega ransomware operation targeting organizations globally. Active at least since May 2022, the operators run a double-extortion model and have allegedly breached multiple organizations. They drop customized ransom notes depending on the victim, mostly containing the victim firm’s name and a short description of the type of stolen data.
BlackCat now demands $2.5 million
Security firm Resecurity discovered a significant rise in the ransom demanded by the notorious Blackcat ransomware gang which now touches $2.5 million. According to a report, the average ransomware payment count rose to a record high of $570,000 in the first half of 2021 and has now almost doubled in 2022.
Hijacking Honda cars remotely
Kevin2600, a security professional, found that all Honda car models manufactured between 2012 and 2022 suffer a Rolling-PWN attack vulnerability. The researcher put the Remote Keyless Entry (RKE) system available in modern vehicles to a test and found the flaw. A hacker can abuse this to open the door of a car or even start its engine remotely.
Callback campaign by cybercriminals
CrowdStrike exposed a callback phishing campaign wherein adversaries would pose as top cybersecurity companies and inform a client company about a breach incident with a callback request. The campaign’s infection routine begins with dropping legitimate remote administration tools (RATs) for initial access. Then, it downloads off-the-shelf penetration testing tools for lateral movement. At the final stage, it may unload ransomware or pursue data extortion on victims.