Cyware Daily Threat Intelligence
Daily Threat Briefing • May 29, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • May 29, 2023
There have been multiple attacks on routers globally, featuring the likes of the Horse Shell backdoor by Chinese actors. Now, Linux-based routers in Japan have come under threat from a new malware dubbed GobRAT. The campaign appears to be running since February this year and it can infect devices based on various architectures such as ARM, MIPS, x86, and x86-64. In another headline, a bug in the Google Cloud Platform's (GCP) Cloud SQL service was found to pose a sensitive data leakage threat via a multi-stage attack chain. An intruder could not only gain access to internal data but also steal the data of the cloud provider and its customers.
Security researchers have made a breakthrough revelation with a new attack called Hot Pixels. The technique exploits the fact that it’s challenging to balance CPU power consumption requirements and heat dissipation limitations while maintaining high execution speeds.
Healthcare entity targeted in NY
Albany ENT & Allergy Services, a New York-based medical specialty practice, has been listed on the leak site for the RansomHouse ransomware group. Hackers claimed to have pilfered the personal records and Protected Health Information (PHI) of nearly 224,500 employees and patients. According to the forensics investigation, the intrusion occurred between March 23 and April 4.
PHI for nine million people exposed
Florida-based MCNA Dental insurance company confirmed suffering a cyberattack that impacted the personal and medical data of close to nine million patients across more than 100 healthcare providers. Unauthorized access to its systems was detected on March 6, and subsequent investigation revealed the presence of malicious code infecting certain systems within the company’s network.
RAT attacks Linux routers in Japan
Actors behind a new malware named GobRAT were observed launching attacks against Linux routers in Japan. Cybercriminals abuse routers with publicly accessible web user interfaces. The malware strain is written in Go and established C2 communication via TLS. It can receive as many as 22 varieties of encrypted commands for execution.
AceCryptor in top malware strains
ESET experts conducted an in-depth analysis of malware known as AceCryptor and disclosed that it has been utilized to package a range of malware including SmokeLoader, RedLine Stealer, RanumBot, and Raccoon Stealer. Experts have reported over 240,000 instances of AceCryptor detections in their telemetry from 2021 and 2022, averaging more than 10,000 detections per month.
**GCP bug risks confidential data **
Security experts at Dig revealed a vulnerability within the Cloud SQL service of GCP, which could be exploited in order to gain unauthorized access to sensitive data. An attacker can escalate their privileges from that of a regular user to a container administrator. It could grant them access to internal data within GCP, such as confidential files, passwords, customer data, and other secrets.
Whitehat researchers study ‘Hot Pixels’
Security researchers discovered an innovative attack technique known as Hot Pixels. The attack leverages the data-dependent computation times of modern system-on-a-chip (SoCs) and graphics processing units (GPUs) to extract information from visited web pages on Chrome and Safari, even when side-channel countermeasures are in place. They achieved up to 94% accuracy in determining the content viewed on the target device.