Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 31, 2020

Earlier in March, a watering hole campaign targeted iOS users in Hong Kong with a powerful spyware called LightSpy. Following that research, a group of researchers from Kaspersky have uncovered a new campaign that leverages several compromised websites to launch drive-by download attacks with fake Adobe Flash update warnings. The campaign has been active since May 2019 and uses a variety of creative toolsets like Go language, NSIS installer, and more.

In a different discovery, researchers have observed that a ‘Stuxnet-type’ attack is possible on Schneider’s Modicon M340 Programmable Logic Controller. The attack targets the controller via Schneider’s EcoStruxure Control Expert engineering software, formerly known as Unity Pro.

The past 24 hours also saw a new cryptocurrency Ponzi scam doing the rounds on the internet. For this, a hacker has hijacked more than 30 YouTube accounts and rebranded them with Microsoft product names in order to attract online users. The victims are asked to invest a small amount of cryptocurrency in order to receive a big return.

Top Breaches Reported in the Last 24 Hours

42 million records leaked

A trove of 42 million records from a third-party version of Telegram was leaked through an Elasticsearch cluster targeted by a group called ‘Hunting system’. The exposed data included usernames, phone numbers, account IDs, hashes, and secret user keys .

Campaign Sidekick app exposed

A code repository including access credentials of the Campaign Sidekick app was exposed online due to a fault in its configuration settings. The repository included the full history of changes to the code since the time it was uploaded in November 2016. Additionally, it had exposed the credentials for the CPanel and Secure File Transfer Protocol (SFTP) servers of another US-based data aggregating company, Voter Gravity.

Top Malware Reported in the Last 24 Hours

Stuxnet type attack

Researchers recently demonstrated a ‘Stuxnet type’ attack on a Schneider’s Modicon M340 Programmable Logic Controller. The attack targeted the controller via Schneider’s EcoStruxure Control Expert engineering software, formerly known as Unity Pro. Such an attack can have serious consequences, including the disruption of manufacturing processes or other types of damages.

Watering hole attack

A widespread watering hole attack campaign has been observed affecting several websites that belong to public bodies, charities, and organizations of the targeted group. The campaign, that has been active since May 2019, targets people in a few Asian countries. The attackers’ toolset include Sojson obfuscation, NSIS installer, open-source code, Go language, and Google Drive-based C2 channels.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable AVN systems

Malicious actors can exploit the Audio, Visual and Navigation (AVN) systems in the 2017 model of Lexus and Toyota cars to compromise the internal Controller Area Network (CAN) network and related electronic control units (ECUs). The AVN systems are affected by two vulnerabilities that can allow attackers to achieve remote code execution in the Display Control Unit (DCU) system with root privilege.

Adobe patches critical flaw

Adobe has issued a security advisory and patch for a critical vulnerability CVE-2020-3808 affecting its Creative Cloud Desktop Application. The flaw affects versions prior to 5.0 of the Creative Cloud for Windows. The issue can allow attackers to delete arbitrary files from a target system.

Top Scams Reported in the Last 24 Hours

Cryptocurrency Ponzi scam

A hacker has hijacked over 30 YouTube accounts with a purpose to launch a cryptocurrency Ponzi scam. The hijacked accounts have been renamed to various Microsoft brands before broadcasting the scam. It tricks victims into sending a small sum of cryptocurrency in exchange for a good return. The various Microsoft brands used in the scam include Microsoft US, Microsoft Europe, Microsoft News, and others. Meanwhile, Microsoft has denied the breach of any official account of the company.

**Bad actors misuse CARES Act **

Threat actors have started leveraging the recently launched CARES Act to launch a variety of attacks on unsuspecting victims. Researchers are seeing this as a channel for attackers to collect personal and financial details from victims. Therefore, SMBs must be vigilant of unsolicited emails that claim to provide a relief package.

Related Threat Briefings