Cyware Daily Threat Intelligence

Daily Threat Briefing • May 19, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 19, 2021
What’s trending today in cybersecurity? It’s the new Simps botnet! Attributed to the Keksec group, the botnet borrows its source code from Mirai and Gafgyt botnets and primarily focuses on DDoS attacks. This new discovery adds to the pressure of hardening the security of IoT devices.
That’s not all. A new variant of WastedLocker ransomware distributed via the RIG exploit kit has been identified in a cyberespionage campaign, active since February. The exploit kit was used to exploit two scripting engine vulnerabilities in Internet Explorer.
The MountLocker ransomware gang has also upped its game by using Windows API to spread laterally across victim networks.
Top Breaches Reported in the Last 24 Hours
District Health Board (DHB) affected
New Zealand’s Waikato DHB has been hit with ransomware that took down most of its IT services. As a result, patient notes became inaccessible, clinical services were disrupted, and surgeries postponed.
Top Malware Reported in the Last 24 Hours
Decryptor for NoCry ransomware
Researchers have released a decryptor for Judge ransomware that also decrypts files encrypted by the very similar NoCry ransomware. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection, and deletes system restore points.
New Simps botnet
The new Simps botnet that focuses on DDoS activities has been primarily tied to the Keksec group. The botnet borrows its code from Mirai and Gafgyt botnets.
New variant of WastedLocker ransomware
A new RIG exploit kit campaign that distributes a new variant of WastedLocker ransomware has been spotted in a cyberespionage campaign running from February. The campaign targeted unpatched IE browsers using known VBScript vulnerabilities.
MountLocker’s new strategy
The MountLocker ransomware now uses enterprise Windows Active Directory APIs to spread laterally across victim networks. Using this API, the ransomware can find all devices that are part of the compromised Windows domain and encrypt them using stolen domain credentials.
Top Vulnerabilities Reported in the Last 24 Hours
Exploitable bugs in Mercedes-Benz
Several vulnerabilities identified in the infotainment systems of Mercedes-Benz cars can allow attackers to take control over the cars. Four of these flaws can be exploited for remote code execution. The flaws are tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910.
Top Scams Reported in the Last 24 Hours
Windows Defender impersonated
Scammers are impersonating Windows Defender Update to trick users into installing malicious applications into systems. Once the user clicks on the fake update, they are displayed a fake pop-up message that prompts them to install a fake app that is actually a data-stealing trojan. The trojan is capable of stealing system information, application profile data, and user data.
Meal kit delivery scam
Consumers are being warned about a surge in meal kit delivery scams that impersonate well-known meal kit delivery companies like Gousto and HelloFresh. These scams are carried out in multiple ways, with one of them asking the recipients to rate their delivery to enter a prize draw. The scam leverages SMS and WhatsApp messages to reach its targets.