Cyware Daily Threat Intelligence
Daily Threat Briefing • November 22, 2021
With Black Friday and Cyber Monday around the corner, cyber attackers have already started picking up their choice of brands and this is evident from the latest shocking report from the U.K’s NCSC. The agency revealed that websites of over 4000 online retailers have been hacked in multiple e-skimming attacks to steal payment information and the personal data of customers. A majority of these compromised websites used vulnerable Magneto software that simplified the job of threat actors.
This burning question of unpatched vulnerabilities has also led to another malware espionage attack that distributed SquirrelWaffle loader, Cobalt Strike Beacon, and Qbot trojan. However, on the lighter side, the Conti ransomware gang suffered an embarrassing breach due to a security flaw in its recovery servers. This allowed the security experts to gain access to the gang’s payment portal.
Top Breaches Reported in the Last 24 Hours
Mahan Air hit
Iran’s Mahan Air confirmed that it was hit by a cyberattack during the weekend. Following the attack, the company’s website went down. Hooshyarane Vatan hacker group claimed responsibility for the attack.
Conti gang suffers a security breach
The Conti ransomware group suffered a security breach temporarily after researchers tracked down the real IP address of one of its most sensitive servers. This was possible by exploiting a vulnerability in the recovery servers that Conti used. As a result, researchers were able to gain access to the gang’s payment portal, the site used for negotiating ransom payments.
Vulnerable Sky routers left exposed
Around 6 million Sky routers were left exposed to cyberattacks for almost 18 months due to a DNS rebinding flaw in the routers. The vulnerability would have let hackers reconfigure routers according to their requirements and later use them against users in phishing attacks. A patch to address the flaw has been finally released.
Online retail shops compromised
According to the U.K’s NCSC, a total of websites of 4151 retailers have been hacked over the past 18 months in different digital skimming attacks. This led to the compromise of users’ financial and personal information. A majority of these compromised websites used vulnerable Magneto software that simplified the job of cybercriminals.
Vesta Wind Systems affected
The manufacturer of wind turbines, Vesta Wind Systems, was forced to shut down its IT systems following a security breach incident. However, the firm has mentioned that there is no indication of an impact on third-party operations and other supply chain operations.
Top Vulnerabilities Reported in the Last 24 Hours
ProxyLogon and ProxyShell exploited
Security researchers warned that attackers are abusing months-old Microsoft Exchange Server flaws in newly found phishing campaigns designed to distribute the SquirrelWaffle loader. By exploiting the flaws, the attackers are able to compromise a victim organization’s on-premises Exchange server and then send phishing emails through the existing email threads. The final payload is either Cobalt Strike or the Qbot trojan.
Top Scams Reported in the Last 24 Hours
Vishing campaigns on the rise
The SEC has warned of a new multi-channel vishing campaign that pilfers sensitive details from victims. Scammers pretend to be SEC staff members and attempt to trick victims through phone calls and voicemail messages. They ask the victims to take immediate action by providing their personal details, while claiming that suspicious activities have been detected on their cryptocurrency accounts.