Cyware Daily Threat Intelligence

Daily Threat Briefing • Nov 5, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Nov 5, 2018
Top Malware Reported in the Last 24 Hours
Fbot vs Trinity
IoT botnets Fbot and Trinity are locked in a turf war over unsecured Android devices with exposed ADB ports. These exposed ADB ports can allow attackers to gain control over vulnerable Android devices and steal data and mine for cryptocurrencies. On any given day, there are around 30,000 to 35,000 Android devices that have their ADB ports exposed. This indicates that both Fbot and Trinity have a substantial number of potential devices that they can infect and use to mine for cryptocurrencies.
New ransomware
A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots the computer. DiskCryptor encrypts the whole disk and then prompts the user to enter a password on reboot. The cybercriminals operating the new ransomware are likely hacking into Remote Desktop Services and installing the ransomware manually onto targeted devices. To stay safe, users are advised to disable RDPs or use VPNs to ensure that remote access is limited only to the VPN account holder.
Top Breaches Reported in the Last 24 Hours
Veeco
Veeco Instruments Inc., a company that manufactures equipment used to make semiconductors, was recently hacked. The firm believes that the attack was orchestrated by a highly sophisticated threat actor. The Securities and Exchange Commission filing did not specify when the intrusion happened but said the attack ‘may have an adverse effect’ on the company's financial condition.
EasyDNS
EasyDNS accidentally leaked cloaked contact details of around 1,500 domain owners in Whois query results for a little over 24 hours. The breach exposed identity and contact details, such as names, phone numbers, email addresses, and postal addresses. The breach was caused by a bug in the software used by EasyDNS. The software provider Tucows is the second largest domain registrar in the world and its software is used by EasyDNS to manage domain names. EasyDNS is giving a $7.50 credit for all domains affected. Anyone who paid for Whois privacy as an add-on can contact the support team to get a refund.