We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 18, 2022

Cybercriminals are once again using social media to infect systems. Recently, a hacker group has been found promoting a fake password-cracking tool for industrial control systems (ICS), which is also carrying a P2P botnet called Sality. In another news, cybersecurity experts discovered an ongoing malware campaign that exploits a high-severity RCE vulnerability in Elastix VoIP systems. During the campaign, hackers create root user accounts and ensure persistence through scheduled tasks.

Breaches continue to disrupt operations at multiple organizations. From interrupting operations of the Albanian government to stealing thousands of dollars via a popular NFT platform, the weekend was not the same for several individuals.

Top Breaches Reported in the Last 24 Hours

Major attack hits Albania

The Albanian National Agency for the Information Society ordered the shutting down of all the online public services and government websites in Albania following a cyberattack. The attack has also impacted the official websites of the Prime Minister’s Office, the country’s Parliament, as well as the e-Albania portal.

NFT platform lost nearly $375K

Cybercriminals have hijacked NFT service provider Premint’s website. Up to $375,000 in digital assets were lost in the attack. Hacker reportedly injected a malicious JavaScript file onto the website, which lured at least six unaware users into signing transactions. The victim firm has cautioned visitors against making any transactions on the website.

Roblox held for extortion

About 4GB of internal documents that were stolen from a Roblox employee made it to a hacking forum. The leak, which contains the personal information of several individuals, is to threaten the firm with extortion demands. The data, in question, include email addresses, identification documents, and spreadsheets that probably concern Roblox-focused creators.

Networks of a sewer system operator choked

A ransomware attack crippled the networks of ??the Narragansett Bay Commission, Rhode Island, responsible for running sewer systems in parts of the metropolitan Providence and Blackstone Valley. The group behind the attack and the scope of the attack was not yet disclosed. The body clarified that it does not store payment data or SSNs of its customers.

Ad website in Lithuania breached

Ad website alio[.]lt has suffered a data leak incident affecting more than 345,000 customers. Fortunately, highly sensitive records, such as bank accounts, payment card data, personal codes, and personal addresses, were not present in the targeted database. Users, however, were requested to change their passwords. Russian hackers could be behind the attack, authorities claim.

Top Malware Reported in Last 24 Hours

Supply chain attack via GitHub

Checkmarx alerted about a new supply chain attack campaign aimed at developers using GitHub repositories. The attack technique involves tampering with commit metadata that are usually older and are credible owing to reputable contributors. Hackers can also spoof the committer’s identity and attribute it to a genuine GitHub account.

.

Not a crack but exploit

Dragos security researchers laid bare a cyberattack campaign aimed at technicians and engineers who work with ICS. Hackers were seen using several social media accounts to promote password cracking tools for PLCs and HMIs. An investigation revealed that the software does not really crack the passwords but it exploits a firmware bug, allowing hackers to retrieve the password on command. Furthermore, the software tool contains the Sality malware.

Top Vulnerabilities Reported in the Last 24 Hours

RCE bug in Elastix VoIP systems

Two threat groups were spotted abusing Elastix VoIP servers with more than 500,000 malware samples that install a PHP backdoor on the target device. The large-scale campaign was apparently carried out via a critical RCE flaw, tracked as CVE-2021-45461. The beginning of the abuse goes back to December 2021.

Bug in Windows NFS

Trend Micro analyzed and warned against a Windows vulnerability, identified as CVE-2022-30136, impacting the Network File System. A hacker can abuse this vulnerability by sending malicious RPC calls to a server to execute privileged code on affected systems running NFS. Experts also noted that the unsuccessful exploitation of the bug can crash the targeted system.

Related Threat Briefings