Cyware Daily Threat Intelligence

Daily Threat Briefing • May 10, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 10, 2021
Lately, geopolitically motivated acts of cybercrime have gained a strong foothold in the threat landscape. Financially-focused cybercriminals have caused a major disruption at the Colonial Pipeline that carries almost half the fuel consumed by the U.S. East Coast. This attack raises serious concerns about the energy sector’s defenses against malicious cyber entities.
In another ghastly update, partnerships between malware groups have witnessed a major surge as operators of Cuba ransomware have joined hands with the Hancitor group. That’s not all. Another Twitter scam impersonating Elon Musk and SNL is doing the rounds, scamming Twitteratis of cryptocurrencies.
Top Breaches Reported in the Last 24 Hours
Ransomware hits Colonial Pipeline
Colonial Pipeline, one of the largest fuel pipelines in the U.S., was hit by a ransomware attack, impacting all operations and some IT systems. The DarkSide ransomware gang is suspected to be behind the attack.
City of Tulsa hacked
The local government at the City of Tulsa, Oklahoma, underwent a ransomware attack that knocked down the city government’s network and official websites.
City of Chicago suffers breach
The Jones Day data breach resulted in the compromise of employee emails in the City of Chicago. The former breach was a direct result of the attacks involving vulnerabilities in Accellion’s FTA file sharing service.
Top Malware Reported in the Last 24 Hours
Hancitor joins Cuba ransomware
Attackers have started using the Hancitor malware to deliver Cuba ransomware in a new email spam campaign. The campaign aims to exfiltrate data and hold it for ransom. Cuba ransomware has been active since at least January 2020 and its operators have also launched a data leaks site listing nine victim organizations across the aviation, financial, education, and manufacturing industries.
Top Vulnerabilities Reported in the Last 24 Hours
Foxit bug allows malware execution
A now patched vulnerability in Foxit Reader could have allowed attackers to execute arbitrary code on computers running the flawed software. Tracked as CVE-2021-21822, this RCE bug results from a Use After Free bug.
SVR exploits 12 flaws
Russian Foreign Intelligence Service (SVR) cyber operators have changed their TTPs in response to a joint advisory published by intelligence agencies from the U.S. and the U.K. The SVR is now targeting 12 security flaws as a part of its changed tactics.
Top Scams Reported in the Last 24 Hours
Another Elon Musk cryptoscam
Following Elon Musk hosting the Saturday Night Live (SNL), Twitter scammers are hacking into verified Twitter accounts and changing their profiles to mimic SNL. They are promoting a cryptocurrency giveaway scam to steal Dogecoin, Bitcoin, and Ethereum.
WallStreetBets forum scammed
Members of the WallStreetBets (WSB) forum became victims of a cryptocurrency scam, resulting in a loss of around $2 million. The page moderators had warned the members about the possible fraudulent activity via Telegram and yet, some people fell for the trap.