Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 20, 2023

A new info-stealer has emerged in the cyber threat landscape. Dubbed ExelaStealer, the malware—largely open-source—targets Windows systems and can potentially impact individuals and organizations to carry out various malicious objectives. In a different story, unpatched zero-day resulted in the compromise of tens of thousands of devices yet again. In this attack, digital adversaries abused a critical vulnerability in Cisco IOS XE devices and the firm has advised administrators to disable the HTTP Server feature on systems exposed to the Internet to mitigate the risk.

The use of out-of-date software by online vendors remains a key point of concern. A vulnerable OpenCart version, originally released over a decade ago, fell victim to a credit card skimmer attack that not only harvested card data but also intercepted the personal data of customers.

Top Breaches Reported in the Last 24 Hours

Widespread DDoS attack targets shipping firms

A devastating DDoS attack has affected numerous European shipping companies. The attack, which began on Thursday, led to the unavailability of multiple websites. Major companies in the shipping industry, including Viking Line, reported being impacted. While it's believed to be a DDoS attack, further details and confirmation are awaited from the affected organizations.

Play ransomware threatens major food distributor

The Play ransomware group issued a threat against Associated Wholesale Grocers (AWG), one of the largest cooperative food wholesalers in the U.S. The cybercriminals announced their intention to release sensitive data, including confidential documents, contracts, personal information, payroll details, and financial records, on October 22. The looming deadline has raised alarm over the potential fallout.

Skimmer campaign hits outdated system

An online store running on an outdated OpenCart version has experienced credit card data theft due to a skimmer attack on the platform. The attackers used a PHP-based skimmer to exfiltrate sensitive information. In addition, an authentication bypass flaw allowed unauthorized access to the store. The attackers tampered with the authentication mechanism, ultimately modifying the system to accept hardcoded passwords. The attackers also left a backdoor uploader in the account creation process.

Top Malware Reported in the Last 24 Hours

New info-stealer targets Windows systems

ExelaStealer, a new info-stealer written in Python, has been found capturing sensitive data from compromised Windows systems. It can steal passwords, Discord tokens, credit card information, cookies, keystrokes, screenshots, and clipboard content. The malware can be used by amateur cybercriminals due to its low cost, making it a potential threat. It often masquerades as a PDF document to infiltrate systems. Info-stealers like ExelaStealer target both individuals and corporations to obtain data for various malicious objectives.

BlackCat ransomware introduces Munchkin

The BlackCat/ALPHV ransomware group has added a new tool called Munchkin to its arsenal, enabling it to deploy ransomware on network devices through VMs. Munchkin uses customized Linux distribution to run VirtualBox on compromised devices and execute various attack scripts. This tool, designed to help ransomware affiliates, creates custom ransomware executables and targets remote devices. The authors have also included safeguards to prevent chat access token leakage, enhancing operational security.

Vietnamese cybercrime groups drop DarkGate

Vietnamese cybercrime groups launched a barrage of attacks against digital marketing professionals in the U.S., the U.K, and India. They are reportedly using various malware strains, including DarkGate, to compromise their targets. These attackers employed social engineering tactics to deceive marketing professionals into downloading malicious files disguised as job descriptions or salary details. Other malware strains used include Ducktail, Lobshot, and Redline Stealer.

Top Vulnerabilities Reported in the Last 24 Hours

Over 40,000 Cisco devices compromised

Researchers from LeakIX and CERT Orange discovered that more than 40,000 Cisco IOS XE devices have been compromised as cybercriminals continue to exploit the recently disclosed bug (CVE-2023-20198) in devices. Most of them are located in the United States, the Philippines, Chile, and Mexico. Cisco earlier warned customers about this zero-day vulnerability that allowed attackers to gain administrator privileges and take over routers.

Related Threat Briefings