Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 23, 2022

Time is of the essence when it comes to preventing ransomware attacks. In new research compiled on ten big ransomware families, Splunk revealed that LockBit is the fastest ransomware that is capable of encrypting nearly 100,000 files in just four minutes. In separate news, BitLocker ransomware targeted a major meat producer, affecting all its subsidiaries. Additionally, DeadBolt ransomware has infected over 5,000 QNAP NAS devices, with more than 1,000 discovered only in March.

Several malware threats attributed to different Chinese threat actors have also been observed in the last 24 hours. A custom macOS malware called GIMMICK was used by Storm Cloud, the Chinese threat actor group, to launch a campaign in 2021. On the other hand, Mustang Panda has been linked to a new Hodur malware that is being used in an ongoing attack campaign.

Top Breaches Reported in the Last 24 Hours

Data of over 40,000 London voters leaked

Personal data of 43,000 voters was accidentally leaked after the electoral services department of Wandsworth Council of London shared the emails to the wrong recipients. Among the data exposed included names, addresses, and voting instructions for people.

SAMH’s data leaked

The attackers behind RansomEXX ransomware published 12 GB of data stolen from the Scottish Association for Mental Health (SAMH). This included individuals’ driving licenses, passports, home addresses, and phone numbers. In some cases, passwords and credit card details were also affected.

Nestlè hacked

Anonymous hacktivists announced that it hacked Nestlè and stole 10 GB of sensitive data, including company emails, passwords, and data related to business customers. The hacking group also leaked a portion of the stolen data online.

Greece’s public postal service affected

Several services at ELTA, the state-owned provider of postal services in Greece, were affected following a ransomware attack. The attackers exploited an unpatched vulnerability to intrude into its network. Currently, ELTA can't offer services of mail post, bill payments, or process any form of financial transaction order.

Top Malware Reported in the Last 24 Hours

New GIMMICK malware

A newly discovered macOS malware called GIMMICK has been attributed to the Storm Cloud Chinese espionage threat actor group. While the macOS variant is written in Objective C, the Windows versions are written in both .NET and Delphi. Researchers discovered the sample in a campaign that was used to compromise a MacBook Pro running macOS 11.6.

DeadBolt ransomware attack spotted

Researchers discovered that over 5,000 QNAP NAS devices have been affected by the DeadBolt ransomware since January 26. The ransomware asked 0.03 Bitcoin in ransom to release the decryption key.

New Hodur malware

A new variant of PlugX RAT, named Hodur, is being used by Mustang Panda in an ongoing attack campaign. Most of the victims are located in East and Southeast Asia, with a few in Europe and Africa. The malware is distributed via decoy documents that contain information about ongoing events in Europe and the war in Ukraine.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws discovered in Dell BIOS

Five new security weaknesses discovered in Dell BIOS can be exploited to launch remote code execution attacks on vulnerable systems. The flaws are tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, and exist in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). They are rated 8.2 on the CVSS scale. A number of Dell products, including Alienware, Inspiron, Vostro line-ups, and Edge Gateway 3000 Series, are impacted.

HP patches three RCE flaws

Three critical RCE flaws affecting hundreds of HP printer models have been patched by the firm. The flaws are tracked as CVE-2022-3942, CVE-2022-24292, and CVE-2022-24291. While one of them can lead to remote code execution attacks, the other two can be exploited for information disclosure and to trigger a denial of service condition. The affected products include HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

Related Threat Briefings