Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 19, 2021

What’s trending today in cybersecurity? It’s the new Simps botnet! Attributed to the Keksec group, the botnet borrows its source code from Mirai and Gafgyt botnets and primarily focuses on DDoS attacks. This new discovery adds to the pressure of hardening the security of IoT devices.

That’s not all. A new variant of WastedLocker ransomware distributed via the RIG exploit kit has been identified in a cyberespionage campaign, active since February. The exploit kit was used to exploit two scripting engine vulnerabilities in Internet Explorer.

The MountLocker ransomware gang has also upped its game by using Windows API to spread laterally across victim networks.

Top Breaches Reported in the Last 24 Hours

District Health Board (DHB) affected

New Zealand’s Waikato DHB has been hit with ransomware that took down most of its IT services. As a result, patient notes became inaccessible, clinical services were disrupted, and surgeries postponed.

Top Malware Reported in the Last 24 Hours

Decryptor for NoCry ransomware

Researchers have released a decryptor for Judge ransomware that also decrypts files encrypted by the very similar NoCry ransomware. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection, and deletes system restore points.

New Simps botnet

The new Simps botnet that focuses on DDoS activities has been primarily tied to the Keksec group. The botnet borrows its code from Mirai and Gafgyt botnets.

New variant of WastedLocker ransomware

A new RIG exploit kit campaign that distributes a new variant of WastedLocker ransomware has been spotted in a cyberespionage campaign running from February. The campaign targeted unpatched IE browsers using known VBScript vulnerabilities.

MountLocker’s new strategy

The MountLocker ransomware now uses enterprise Windows Active Directory APIs to spread laterally across victim networks. Using this API, the ransomware can find all devices that are part of the compromised Windows domain and encrypt them using stolen domain credentials.

Top Vulnerabilities Reported in the Last 24 Hours

Exploitable bugs in Mercedes-Benz

Several vulnerabilities identified in the infotainment systems of Mercedes-Benz cars can allow attackers to take control over the cars. Four of these flaws can be exploited for remote code execution. The flaws are tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910.

Top Scams Reported in the Last 24 Hours

Windows Defender impersonated

Scammers are impersonating Windows Defender Update to trick users into installing malicious applications into systems. Once the user clicks on the fake update, they are displayed a fake pop-up message that prompts them to install a fake app that is actually a data-stealing trojan. The trojan is capable of stealing system information, application profile data, and user data.

Meal kit delivery scam

Consumers are being warned about a surge in meal kit delivery scams that impersonate well-known meal kit delivery companies like Gousto and HelloFresh. These scams are carried out in multiple ways, with one of them asking the recipients to rate their delivery to enter a prize draw. The scam leverages SMS and WhatsApp messages to reach its targets.

Related Threat Briefings