Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 13, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 13, 2020
Even after the fall of the TrickBot, the operators are in the news for their another creation, the BazarLoader malware. It has been found that the gang is using the backdoor to deploy Ryuk ransomware on high-value targets.
The Qbot trojan has also returned in a new campaign that uses a fake Windows Defender antivirus theme as part of its defense evasion strategy. The malware is capable of stealing bank credentials, Windows domain credentials, and providing remote access to threat actors.
A heist of over $22 million from Electrum wallet app users has also come to light in the last 24 hours. The campaign, which lasted for around two years, involved victims receiving an unexpected request via a popup message that asked them to update their wallets.
Top Breaches Reported in the Last 24 Hours
Virginia Public School data exposed
Hackers have posted information stolen from a Virginia public school district online. The breached data includes the personal data of students and employees. The school district is currently working to restore its affected systems.
Over $22 million stolen
Cybercriminals have made away with over $22 million from the Electrum wallet app users in multiple campaigns that were carried out over the past two years. The modus operandi involved victims receiving an unexpected request via a popup message that asked them to update their wallets.
London’s Hackney Council targeted
London’s Hackney Council has been targeted in a cyberattack affecting many of its services and IT systems. The investigation is at an early stage and limited information is currently available.
Seyfarth Shaw affected
International law firm Seyfarth Shaw LLP has shut down many of its systems after being hit with ransomware. The firm notes that there is no evidence that client or firm data was accessed in the attack.
The U.S. Census Bureau targeted
The DHS has revealed that threat actors attempted to target the network of the U.S. Census Bureau last year. The attackers were also found conducting vulnerability scans and attempts of unauthorized access.
Intcomex leaks data
Intcomex has leaked nearly 1 TB of its users’ data in a major data breach. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information, and more. Following a failed ransom negotiation, threat actors have leaked almost all data stolen from the firm.
Top Malware Reported in the Last 24 Hours
Qbot botnet returns
Researchers have discovered a new campaign that uses a fake Windows Defender antivirus theme to trick users into enabling Excel macros and distributing Qbot. The malware is capable of stealing bank credentials, Windows domain credentials, and providing remote access to threat actors.
BazarLoader’s new partner
The TrickBot gang has been found using BazarLoader malware to deploy Ryuk ransomware on high-value targets. The infection process starts with a phishing email. After infecting a computer, BazarLoader will use process hollowing to inject the BazarBackdoor component into legitimate Windows processes such as cmd.exe, explorer.exe, and svchost.exe.
Top Vulnerabilities Reported in the Last 24 Hours
Acronis patches flaws
Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges. The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals. Tracked as CVE-2020-10138 (CVSS score 8.1), the first of the bugs affect Acronis Cyber Backup 12.5 and Cyber Protect 15 and resides in a privileged service that uses “an OpenSSL component.