Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 14, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 14, 2023
One malware, no significant retooling in the past three years yet hundreds of intrusions. Meet Makop ransomware! Its operators kicked off their mission in 2020 and erected the operation initially by leveraging a variant of the Phobos ransomware. It’s a human-operated ransomware operation that has hands-on-keyboard criminals even for the encryption stage. Separately, a highly targeted attack campaign abusing a zero-day in Fortinet products was observed in the wild. The campaign is said to be focused on governmental targets. The vulnerability impacts a range of FortiOS versions, users must take note.
Are you noticing? With time, phishing kits have evolved to become lethal to your security postures. Along the same lines, the security team at Microsoft highlighted high-volume phishing campaigns shooting millions of emails per day through an AitM phishing kit.
Nearly $200 million stolen
Digital adversaries swindled about $197 million in cryptocurrency from crypto lending platform Euler Finance. Blockchain monitoring firm PeckShield brought attention to the incident, which was in fact a series of transactions implying an ongoing attack on the victim firm. According to sources, the incident marks the 26th largest crypto theft ever.
Data of dead in wrong hands
The Department of Health, Hawaii, suffered a breach of close to 3,400 death records after a hacker obtained network access to the state’s death registry. However, death certificates were not accessed in the incident. It has warned families of recently deceased individuals and urged them to beware of cybercriminals approaching with unsettled matters such as accounts, estate, insurance claims, or Social Security survivor benefits.
Personal data of millions exposed
A breach incident at Zoll, a medical device maker, has impacted over one million people. A hacker was able to access personal details, such as names, dates of birth, addresses, and SSNs. It detected unusual activity on January 28 on its internal network. Zoll alleges that a vendor inadvertently left an email server exposed during a server migration process, leading to the breach.
Makop, an underrated threat
Cybersecurity researcher Luca Mella shared technical insights on the Makop ransomware that attains persistence through dedicated .NET tools. To access victim networks, the gang makes use of internet-facing bugs and exposed remote administrative services. The operators began to work for their criminal enterprise in 2020 using a variant of the Phobos ransomware.
Fake ChatGPT browser extension
Guardio Labs unearthed a Chrome extension that was pilfering Facebook account details and deploying backdoors in the name of offering rapid access to advanced ChatGPT capabilities. Attackers promoted it through sponsored posts on Facebook for quick onboarding of unsuspecting victims. It could steal authorized active session cookies and more.
Fortinet zero-day abused
An unknown cybercriminal group was found abusing a security flaw in Fortinet FortiOS software. The bug in question, tracked as CVE-2022-41328, is a path traversal flaw that allows an attacker with arbitrary code execution access. Further exploitation of the bug may result in data loss and OS and file corruption. The flaw affects FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3.
Over a hundred flaws addressed
More than 100 vulnerabilities have been fixed by Siemens and Schneider Electric with the release of their March 2023 Patch Tuesday security advisory. A total of 65 bugs affecting components such as the Linux kernel, OpenVPN, Busybox, and OpenSSL, were patched in Ruggedcom and Scalance products. Devices running Siprotec 5 received a patch for a serious DoS flaw impacting Wind River VxWorks.
Auction platforms under attack
The Criminal Investigation Bureau, Taiwan, disclosed that customers are most likely to fall victim to scams on two Singapore-based online auction marketplaces, namely Shopee and Carousell. The agency said that scammers pursued phishing attacks on these platforms that were aimed at harvesting the personal or business information of customers to carry out transactions. Officials warned that they have no security professional team in the country to assist victims in case of a successful hack.
Massive email campaigns via phishing kits
Microsoft Threat Intelligence stumbled across an open source adversary-in-the-middle (AiTM) phishing kit that furthers the ability of hackers to launch organized attacks and also scale it. The threat actor behind the kit is being tracked under the moniker DEV-1101. The kit’s features include setting up landing pages impersonating Microsoft Office and Outlook platforms. It can let attackers manage campaigns from mobile devices and even bypass CAPTCHA barriers.