Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 18, 2021

DarkSide ransomware jitter continues to reign this week. In a never-seen-before instance, the ransomware has been upgraded to target hidden files in disk partitions. The impact of this is likely to leave massive damage on organizations and an increased incentive to pay a ransom to recover files.

A deluge of spear-phishing campaigns is targeting users worldwide. One such campaign focuses on impersonating financial institutions in the U.S and the U.K in an attempt to distribute RATs. The other campaign is being targeted against taxpayers in South Korea, Australia, and the U.S. Both the campaigns are aimed at stealing sensitive information from users.

Top Breaches Reported in the Last 24 Hours

Monday.com impacted

Monday.com has recently disclosed being breached due to the Codecov supply chain attack. Investigation reveals that the actors had gained access to a read-only copy of its source code.

Guard.me affected

Student health insurance carrier guard.me has taken its website offline after suffering a data breach. The incident occurred due to a vulnerability that allowed a threat actor to access policyholders’ personal information. The firm has started notifying the impacted students.

Top Malware Reported in the Last 24 Hours

New DarkSide ransomware variant

Researchers have discovered a DarkSide variant capable of seeking out partition information and compromising multiple disk partitions. With this, the variant aims to find additional files to encrypt, causing more damage and putting pressure on organizations to pay the ransom. This variant also looks for the domain controller and connects to its Active Directory via LDAP anonymous authentication.

Truist impersonated

Threat actors impersonated Truist in a spear-phishing campaign that attempted to distribute RATs. The tailor-made phishing campaign spoofed the financial institution through registered domains, email subjects, and applications related to the institution. To increase the attack success rate, the attackers used malware currently undetected by anti-malware engines. Other U.S. and U.K financial institutions (Maybank, FNB America, and Cumberland Private) have also been impersonated in this spear-phishing campaign.

Another spear-phishing campaign

Taxpayers in South Korea, Australia, and the U.S. are being targeted in a phishing campaign that pretends to be from accounting ledgers. The subject line reads “Account Ledger for 2020-2021,” and the email body encourages recipients to verify the attachment. The campaign is used to distribute RATs.

Top Vulnerabilities Reported in the Last 24 Hours

Object Injection vulnerability

A new object injection vulnerability in the PHPMailer library can allow attackers to conduct different kinds of malicious attacks such as code injection, SQL injection, path traversal, and application denial of service. The vulnerability occurs due to improper sanitization in a PHP function. It affects the library versions between 6.1.8 and 6.4.0.

Top Scams Reported in the Last 24 Hours

Scammers target families

The FBI has warned about scammers actively targeting the families of missing persons to make quick money between $5,000 and $10,000. The scammers manipulate the targeted families via phone calls or text messages into believing that their loved ones are in danger or have been abducted. They take the help of social media posts in order to gather information about the missing person.

Related Threat Briefings