Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 21, 2021

Fake ransomware spotted! A Java-based RAT disguised as ransomware is running in the wild to harvest credentials of browsers and email clients. Named STRRAT, the uniqueness of the malware lies in the way it appends .crimson extension to files without actually encrypting them.

While STRRAT is after victims’ credentials, some ransomware gangs are playing a bigger game with their victims. CNA Financial reportedly paid $40 million in ransom to resolve a ransomware attack that occurred in late March.

While on one hand, the Conti ransomware gang did a favor to Ireland’s HSE by releasing a decryptor, on the other hand, it still warned that it intends to publish or sell data stolen during the attack. Only time will say how the organization plans to thwart the risk.

Top Breaches Reported in the Last 24 Hours

Mercari discloses a data breach

E-commerce platform Mercari has disclosed a data breach resulting from a supply chain attack at Codecov. The company has confirmed that tens of thousands of customer records, including financial information, were exposed to external actors due to the breach.

Alaska health department targeted

The website handled by the Alaska health department was targeted in a malware attack. Investigators are trying to determine if any personal or confidential information was compromised as part of the attack.

CNA pays $40 million

CNA Financial has paid $40 million in ransom to recover the decryption key from the ransomware attackers. The attack had taken place in March, following which many of its IT systems were knocked offline and sensitive data was stolen.

Top Malware Reported in the Last 24 Hours

STRRAT malware

Microsoft has warned about a massive email campaign that distributes STRRAT malware to steal confidential data from infected systems. The malware disguises itself as ransomware to continue with its infection process. It appends the filename extension .crimsom to files without actually encrypting them.

Top Vulnerabilities Reported in the Last 24 Hours

Blind SQL flaw

A time-based blind SQL injection vulnerability in the WP Statistics plugin impacts over 600,000 sites. The vulnerability can be exploited by attackers to extract sensitive information from a WordPress website using the plugin. The flaw is rated with a CVSS score of 7.5 and affects plugin versions prior to 13.0.8.

Top Scams Reported in the Last 24 Hours

Invoice impersonation phish

There has been an increase in the number of invoice impersonation phishing attacks that imitate legitimate system login pages for invoice processing. The goal of the scheme is to harvest credentials from unsuspecting users. The emails use phrases such as ‘You have received an Invoice’, ‘View Document’, and ‘Generated by Accounting’ to trick users into opening the malicious link.

Amazon vishing attack

Scammers are using voice messages along with ‘spray and pray’ techniques in a new campaign that trick users into visiting fake websites. These vishing attempts are made by scammers pretending to be from banks, or popular online services such as PayPal or Amazon. The scams tempt victims with false promises of tax rebates and competition prizes.

Related Threat Briefings