Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 8, 2020

Malware obfuscation techniques are taking a new shape with the abuse of legitimate services. Researchers have found a new form of fileless attack, called Kraken, that leverages Windows Error Reporting (WER) service as part of its evasion strategy. The attack starts with a spear-phishing email that contains a zip file.

Furthermore, a widespread malware campaign that makes use of legitimate Pastebin sites to obscure and host malware has been discovered in the last 24 hours. Among the malware identified in the campaign are AgentTesla, LimeRAT, and Redline Stealer.

A new botnet dubbed HEH has also been uncovered in the last 24 hours. It is capable of wiping all data from infected systems such as routers, servers, and IoT devices.

Top Breaches Reported in the Last 24 Hours

Chowbus breached

Chowbus food delivery service has been breached after a threat actor gained unauthorized access to 800,000 user records. The stolen data contained names, email addresses, phone numbers, and mailing addresses of customers. The hack came to light after numerous customers complained of receiving a mysterious email titled ‘Chowbus data’ that stated ‘Download Chowbus data here.’

Top Malware Reported in the Last 24 Hours

A new version of PoetRAT

A new version of PoetRAT has been found targeting Azerbaijan public sector and other important organizations. The campaign leverages malicious documents that pretend to be from government officials. This has enabled attackers to obtain access to sensitive documents from compromised systems.

New HEH botnet

A newly discovered HEH botnet is capable of wiping all data from infected systems such as routers, servers, and IoT devices. The botnet spreads via brute-force attacks against interconnected systems. The botnet has been detected on the following CPU architectures - x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III), and PPC.

New Kraken attack

A new fileless attack called Kraken abuses Windows Error Reporting (WER) service as a defense evasion mechanism. The attack starts through a spear-phishing email that contains a zip file. Within the zip file, there lies a malicious document that pretends to include information about compensation rights for workers.

Emotet on the rise

CISA has issued an alert to warn about rising Emotet attacks since August. The agency reveals that multiple state and local governments in the U.S. have been targeted by the trojan in the past two months. The attacks are carried out through phishing emails.

Obscuring through Pastebin site

Researchers have identified multiple malware campaigns relying on legitimate paste services like paste.nrecom.net to host malicious payloads. These paste sites enable attackers, such as Agent Tesla, to hide their malicious code in plain sight.

Top Vulnerabilities Reported in the Last 24 Hours

Patches released for Android

The October 2020 security updates for Android include patches for a total of 48 vulnerabilities. Twenty-two of these flaws have a high-severity rating. One of the critical-severity flaws affects Qualcomm components. Other impacted components include Android runtime, Framework, and Media Framework.

Related Threat Briefings