Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 17, 2020

Financially-motivated ransomware attackers have now expanded their activities to target Operational Technology (OT) networks. The ransomware families involved in this campaign are SNAKE, LockerGoga, Maze, MegaCortex, Nefilim, DoppelPaymer, and CLOP.

Meanwhile, a new and sophisticated Android banking trojan, dubbed BlackRock, has been found targeting 337 different apps. The malware is capable of stealing credentials and sensitive information from installed apps.

A mishap of Iran-based Charming Kitten threat actor group also came to light in the last 24 hours. The gang had left one of its servers exposed to the Internet for three consecutive days before it was taken offline. The files found on the server contained videos on how to exfiltrate data from various online accounts.

Top Breaches Reported in the Last 24 Hours

Unsecured Elasticsearch database

A misconfigured Elasticsearch database associated with ‘MyCastingFile.com’ has exposed over 260,000 actors’ data online. The database contained 1 GB of data, amounting to 9.5 million records. These records include full names, residential and email addresses, phone numbers, dates of birth, and vehicle information of users.

Charming Kitten makes a mistake

Iran-linked Charming Kitten hacker group had accidentally exposed one of its servers due to a basic misconfiguration issue. The files found on the server contained videos on how to exfiltrate data from various online accounts. It also contained videos of successful attacks on a member of the U.S. Navy and officer in the Hellenic Navy.

Orange confirms an attack

The French telecommunication giant, Orange, has confirmed an attack from Nefilim ransomware that exposed the data of their enterprise customers. The ransomware operators breached the company through their Orange Business Solutions division.

UFO VPN hacked

The Hong Kong-based UFO VPN had exposed more than 20 million users’ logs due to an unprotected Elasticsearch database. It contained 849 GB data such as plaintext passwords, IP addresses, session tokens, and information of devices.

Top Malware Reported in the Last 24 Hours

BlackRock Android trojan

A new Android banking trojan, dubbed BlackRock, is capable of stealing credentials and credit card information from 337 apps. This includes social, communication, networking, and dating apps. The malware derives its source code from Xerxes banking malware.

Black Box attack

A new type of jackpotting attack has been spotted by ATM maker Diebold Nixford. The attack is executed by injecting malware through a ‘black box’.

New Thanos variant

A new variant of the Thanos ransomware, which is written in C# language, is being widely advertised on the underground market. It uses several anti-analysis techniques to evade detection.

Ransomware families target OT

Seven ransomware families have expanded their activities to target processes associated with Operational Technology (OT) software. The ransomware families which target over 1000 processes are SNAKE, DoppelPaymer, LockerGoga, Maze, MegaCortex, and Nefilim. On the other hand, CLOP targets 1,425 processes.

Top Vulnerabilities Reported in the Last 24 Hours

Zoom addresses a flaw

Zoom has fixed a security flaw that exists in the ‘Vanity URL’ feature. The vulnerability can allow attackers to pose as a company employee and invite customers or partners to meetings to steal their sensitive information.

Related Threat Briefings