Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 18, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 18, 2022
Cybercriminals are once again using social media to infect systems. Recently, a hacker group has been found promoting a fake password-cracking tool for industrial control systems (ICS), which is also carrying a P2P botnet called Sality. In another news, cybersecurity experts discovered an ongoing malware campaign that exploits a high-severity RCE vulnerability in Elastix VoIP systems. During the campaign, hackers create root user accounts and ensure persistence through scheduled tasks.
Breaches continue to disrupt operations at multiple organizations. From interrupting operations of the Albanian government to stealing thousands of dollars via a popular NFT platform, the weekend was not the same for several individuals.
Major attack hits Albania
The Albanian National Agency for the Information Society ordered the shutting down of all the online public services and government websites in Albania following a cyberattack. The attack has also impacted the official websites of the Prime Minister’s Office, the country’s Parliament, as well as the e-Albania portal.
NFT platform lost nearly $375K
Cybercriminals have hijacked NFT service provider Premint’s website. Up to $375,000 in digital assets were lost in the attack. Hacker reportedly injected a malicious JavaScript file onto the website, which lured at least six unaware users into signing transactions. The victim firm has cautioned visitors against making any transactions on the website.
Roblox held for extortion
About 4GB of internal documents that were stolen from a Roblox employee made it to a hacking forum. The leak, which contains the personal information of several individuals, is to threaten the firm with extortion demands. The data, in question, include email addresses, identification documents, and spreadsheets that probably concern Roblox-focused creators.
Networks of a sewer system operator choked
A ransomware attack crippled the networks of ??the Narragansett Bay Commission, Rhode Island, responsible for running sewer systems in parts of the metropolitan Providence and Blackstone Valley. The group behind the attack and the scope of the attack was not yet disclosed. The body clarified that it does not store payment data or SSNs of its customers.
Ad website in Lithuania breached
Ad website alio[.]lt has suffered a data leak incident affecting more than 345,000 customers. Fortunately, highly sensitive records, such as bank accounts, payment card data, personal codes, and personal addresses, were not present in the targeted database. Users, however, were requested to change their passwords. Russian hackers could be behind the attack, authorities claim.
Supply chain attack via GitHub
Checkmarx alerted about a new supply chain attack campaign aimed at developers using GitHub repositories. The attack technique involves tampering with commit metadata that are usually older and are credible owing to reputable contributors. Hackers can also spoof the committer’s identity and attribute it to a genuine GitHub account.
.
Not a crack but exploit
Dragos security researchers laid bare a cyberattack campaign aimed at technicians and engineers who work with ICS. Hackers were seen using several social media accounts to promote password cracking tools for PLCs and HMIs. An investigation revealed that the software does not really crack the passwords but it exploits a firmware bug, allowing hackers to retrieve the password on command. Furthermore, the software tool contains the Sality malware.
RCE bug in Elastix VoIP systems
Two threat groups were spotted abusing Elastix VoIP servers with more than 500,000 malware samples that install a PHP backdoor on the target device. The large-scale campaign was apparently carried out via a critical RCE flaw, tracked as CVE-2021-45461. The beginning of the abuse goes back to December 2021.
Bug in Windows NFS
Trend Micro analyzed and warned against a Windows vulnerability, identified as CVE-2022-30136, impacting the Network File System. A hacker can abuse this vulnerability by sending malicious RPC calls to a server to execute privileged code on affected systems running NFS. Experts also noted that the unsuccessful exploitation of the bug can crash the targeted system.