Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 22, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 22, 2020
The Emotet trojan made a comeback after a five-month hiatus and new details have emerged in the last 24 hours. It has been found that the trojan is now pushing QakBot payloads at a high rate to victims’ systems. Although the purpose of the QakBot remains unclear, it is believed that the trojan particularly delivers ProLock ransomware to the targeted systems.
A mysterious ‘Meow’ attack that wipes out data completely from unsecured Elasticsearch and MongoDB databases has also come to notice in the last 24 hours. The purpose of the attack is still unknown. However, if this continues, several companies can suffer massive data loss.
Top Breaches Reported in the Last 24 Hours
GGPoker hit by DDoS attack
A popular Asian poker site, GGPoker, stated that many of its systems were affected in a DDoS attack that lasted for around two hours. The incident took place as the firm did not shield the server with DDoS protection after it was migrated to a new cloud data center to improve performance.
Twilio confirms breach
Twilio confirmed that one or more miscreants had gained access to its unsecured AWS S3 bucket and modified a copy of the JavaScript SDK used by its customers. However, the firm claimed that intruders had inserted non-malicious code into TaskRouter v1.20 SDK.
New Meow attack
Dozens of unsecured Elasticsearch and MongoDB databases have been targeted in an automated Meow attack that destroys data without leaving an explanation of even a ransom note. The purpose of attackers is unknown. However, if this continues, several companies can suffer a massive wipeout of data.
Telecom Argentina regains access
Telecom Argentina has regained access to its systems that were affected in a ransomware attack. The attackers behind the attack - which took place over the weekend - had demanded a ransom of $7.5 million in Monero to unlock the encrypted files.
Top Malware Reported in the Last 24 Hours
MATA framework
Kaspersky is alerting SOC teams about a new malware framework that is linked to the notorious North Korean Lazarus hacking group. Dubbed ‘MATA’, the framework is used to aid attacks designed to steal customer databases and distribute malware. MATA has been around since April 2018 and deployed against several e-commerce firms, software developers, and ISPs across Poland, Germany, Turkey, Korea, Ireland, and India.
Emotet delivering QakBot
Researchers tracking Emotet trojan have found that the malware is now pushing QakBot banking trojan at an unusually high rate, instead of the previously distributedTrickbot trojan. It is unclear what QakBot drops on infected systems but it is reported that the trojan may infect some of its victims with the ProLock ransomware.
Top Vulnerabilities Reported in the Last 24 Hours
Citrix Workspace app flaw
A vulnerability discovered in the Citrix Workspace app could be abused to gain full remote compromise of the host machine. The flaw, tracked as CVE-2020-8207, can be exploited through a named pipe. The issue has been patched in the latest version 2006.1 or 1912 LTSR CU1.