Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 14, 2022

While examining some attacks, a Ukrainian cybersecurity agency bumped into a new ransomware strain, dubbed Somnia. Reportedly, cybercriminals breached the victims’ networks with the aid of an access broker that used data-stealing malware to capture the Telegram session data of the victims. Speaking of malware, a much more versatile KmsdBot malware was observed in the wild, targeting luxury car brands, gaming firms, and security firms. SSH connections with weaker login credentials are susceptible to the attacks.

What more? A fake extortion scam has been doing the rounds wherein hackers claim to leak the stolen data if a ransom demand isn’t met by website owners. Potential victims are being warned to not fall for it.

Top Breaches Reported in the Last 24 Hours

Hackers drained $600 million off FTX

Several wallets for crypto exchange FTX were compromised to pilfer about $600 million,

all visible on the blockchain tracker Etherscan. Users have been urged to delete FTX apps and avoid using its website. The crypto exchange filed for bankruptcy on Friday after a large number of withdrawals from the exchange.

Deutsche Bank’s network access for sale

A threat actor, on Telegram, claims to have obtained access to Deutsche Bank’s network. It includes around 21,000 machines in the bank’s network; the majority are Windows systems. File servers with more than 16TB of internal data could be in the attacker’s control.

OakBend ransomware update

OakBend Medical Center, in a new disclosure about the ransomware incidents, revealed that hackers obtained the personal and medical information of up to 500,000 individuals. For many of them, the leaked data also includes Social Security numbers and birth dates. The Texas medical system has, hence, warned current and former patients to be vigilant about receiving spam messages.

Ransomware targets Canadian supermarket chain

Canada’s second-largest supermarket chain Sobeys fell victim to a ransomware attack, allegedly conducted by Black Basta. Though it didn’t affect its payment systems, customers could face issues while processing gift cards and refilling prescriptions. The company, however, is yet to confirm a data breach.

Bahrain elections process interrupted

Hackers targeted government websites in Bahrain on the day parliamentary and local elections were held. The government has not disclosed details about the websites targeted, however, the websites for the state-run Bahrain News Agency (BNA) and Bahrain’s parliament were observed to be offline.

Top Malware Reported in the Last 24 Hours

Somnia: New ransomware against Ukraine

During an investigation into the recent series of attacks against organizations in Ukraine, the CERT-UA discovered a new ransomware variant called Somnia. The government has attributed the attacks to the group ‘From Russia with Love’ (FRwL), allegedly a Pro-Russian hacker group. The attackers apparently used “Advanced IP Scanner” software as bait that, in fact, contained the Vidar stealer.

Multipurpose KmsdBot malware

Akamai uncovered an evasive malware, KmsdBot, being used to target companies ranging from gaming to luxury car brands to security firms. It uses the SSH cryptographic protocol to enter systems with the goal of mining and launching DDoS attacks. The malware is equipped to control the mining process and update the malware if required.

Top Vulnerabilities Reported in the Last 24 Hours

CISA warns about Zimbra bugs

Unpatched flaws in Zimbra Collaboration Suite are being abused by cyber adversaries to launch attacks against government and private sector entities. Officials said those exposed to the internet may assume that they have been compromised, and use third-party detection signatures provided in the CISA advisory to identify threat activity.

Top Scams Reported in the Last 24 Hours

Extortion attempt against website owners

Website owners and admins around the world are being targeted by a handful of scammers claiming to have hijacked their servers. Scammers, self-dubbed Team Montesano, demand $2,500 in their email to victims by threatening them of leaking the stolen data, damaging their reputation, and getting the site blacklisted for spam.

Related Threat Briefings