Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence November 26, 2018 - Featured Image

Daily Threat Briefing Nov 16, 2018

The Malware Reported in the Last 24 Hours

Trickbot vs Emotet

Security experts have discovered that Trickbot has overtaken Emotet as the top-ranking malware threat. Trickbot has infected numerous victims across Europe, the Middle East, and Africa. However, the US was hit the hardest by the banking malware. Trickbot targets a wide array of international banks via its webinjects, it is also capable of stealing cryptocurrency from Bitcoin wallets. Trickbot typically spreads via malicious spam campaigns. It can spread via spear-phishing emails disguised as unpaid invoices or requests to update account information.

tRAT

The TA505 threat group, which is considered to be one of the most prolific financially motivated hacker group, has been observed delivering the Khalesi malware. tRAT is a new remote access trojan that is believed to contain reconnaissance functionalities. Experts believe that TA505 may be testing out tRAT to determine its effectiveness. TA505 is responsible for cyber attacks using the banking Trojan Dridex in 2014 and the Locky ransomware in 2016 and 2017.

Top Breaches Reported in the Last 24 Hours

Pathe

the Dutch branch of the French Film production and distribution company Pathe suffered a data breach. The firm lost over 19 million euros to BEC scammers and the lost funds may or may not have been recovered. The cybercriminals targeted the email IDs of the CEO and tricked the firm into paying out over 19 million euros. The BEC scammers are believed to have had a good idea of the company’s internal workings in order to carry out this attack. They were successful in hindering the Chief Financial Officer from confirming the transactions via phone.

Health data breach

Midlands Regional Hospital in Tullamore was hit by a ransomware attack. The attack affected the organization's Laboratory Information System and associated IT infrastructure. The organization said that no patient records and the wider health services remained unaffected. It is still unclear whether the organization received a ransom demand or whether they ended up paying the cybercriminals.

Related Threat Briefings