Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 14, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 14, 2022
While examining some attacks, a Ukrainian cybersecurity agency bumped into a new ransomware strain, dubbed Somnia. Reportedly, cybercriminals breached the victims’ networks with the aid of an access broker that used data-stealing malware to capture the Telegram session data of the victims. Speaking of malware, a much more versatile KmsdBot malware was observed in the wild, targeting luxury car brands, gaming firms, and security firms. SSH connections with weaker login credentials are susceptible to the attacks.
What more? A fake extortion scam has been doing the rounds wherein hackers claim to leak the stolen data if a ransom demand isn’t met by website owners. Potential victims are being warned to not fall for it.
Hackers drained $600 million off FTX
Several wallets for crypto exchange FTX were compromised to pilfer about $600 million,
all visible on the blockchain tracker Etherscan. Users have been urged to delete FTX apps and avoid using its website. The crypto exchange filed for bankruptcy on Friday after a large number of withdrawals from the exchange.
Deutsche Bank’s network access for sale
A threat actor, on Telegram, claims to have obtained access to Deutsche Bank’s network. It includes around 21,000 machines in the bank’s network; the majority are Windows systems. File servers with more than 16TB of internal data could be in the attacker’s control.
OakBend ransomware update
OakBend Medical Center, in a new disclosure about the ransomware incidents, revealed that hackers obtained the personal and medical information of up to 500,000 individuals. For many of them, the leaked data also includes Social Security numbers and birth dates. The Texas medical system has, hence, warned current and former patients to be vigilant about receiving spam messages.
Ransomware targets Canadian supermarket chain
Canada’s second-largest supermarket chain Sobeys fell victim to a ransomware attack, allegedly conducted by Black Basta. Though it didn’t affect its payment systems, customers could face issues while processing gift cards and refilling prescriptions. The company, however, is yet to confirm a data breach.
Bahrain elections process interrupted
Hackers targeted government websites in Bahrain on the day parliamentary and local elections were held. The government has not disclosed details about the websites targeted, however, the websites for the state-run Bahrain News Agency (BNA) and Bahrain’s parliament were observed to be offline.
Somnia: New ransomware against Ukraine
During an investigation into the recent series of attacks against organizations in Ukraine, the CERT-UA discovered a new ransomware variant called Somnia. The government has attributed the attacks to the group ‘From Russia with Love’ (FRwL), allegedly a Pro-Russian hacker group. The attackers apparently used “Advanced IP Scanner” software as bait that, in fact, contained the Vidar stealer.
Multipurpose KmsdBot malware
Akamai uncovered an evasive malware, KmsdBot, being used to target companies ranging from gaming to luxury car brands to security firms. It uses the SSH cryptographic protocol to enter systems with the goal of mining and launching DDoS attacks. The malware is equipped to control the mining process and update the malware if required.
CISA warns about Zimbra bugs
Unpatched flaws in Zimbra Collaboration Suite are being abused by cyber adversaries to launch attacks against government and private sector entities. Officials said those exposed to the internet may assume that they have been compromised, and use third-party detection signatures provided in the CISA advisory to identify threat activity.
Extortion attempt against website owners
Website owners and admins around the world are being targeted by a handful of scammers claiming to have hijacked their servers. Scammers, self-dubbed Team Montesano, demand $2,500 in their email to victims by threatening them of leaking the stolen data, damaging their reputation, and getting the site blacklisted for spam.