Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 13, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 13, 2018
Top Malware Reported in the Last 24 Hours
New cryptominer
A new cryptominer dubbed Coinminer.Linux.KORKERDS.AB has been discovered. The malware targets Linux systems and leverages a rootkit to hide its presence on the infected systems. Without the rootkit, admins can detect the malicious activity. However, once the rootkit is installed, the process causing the high CPU is not visible even though the total system utilization is still shown as 100%.
New Trickbot campaign
A new Trickbot campaign has been detected. The malware now has new capabilities - it can steal credentials and browser data, including cookies, browser histories and more. Trickbot is now distributed via a malicious Excel document. It also uses several anti-analysis techniques to evade detection. Trickbot’s new module “pwgrab32”, is designed to steal credentials from applications such as Microsoft Outlook, Filezilla, and WinSCP, as well as steal system information. The new additions to Trickbot indicate that the cybercriminals operating the malware have no intention of hanging up their boots.
Top Breaches Reported in the Last 24 Hours
Nordstrom
Nordstrom's flagship store in Seattle was hit by a breach that exposed the sensitive and personal data of some of its employees. The data compromised includes Social Security numbers, dates of birth, checking account and routing numbers, salaries and more. It is still unclear as to how many people were affected by the breach. Nordstrom claims that no data was misused. The firm is still investigating the breach. Nordstrom claims said that the breach was caused by a contract worker who improperly handled some Nordstrom's employees' data.
Health breach
Florida's Department of Health suffered a data breach that may have comprised the personal information of some patients in Escambia, Santa Rosa, Okaloosa and Walton counties. The breach occurred after a cybercriminal hacked into a Microsoft Outlook account of an employee of the Children’s Medical Services. The attack is believed to have taken place between October 8 and October 16. Officials said that no payment card information or personal data, like social security numbers, were compromised.