Cyware Daily Threat Intelligence
Daily Threat Briefing • Oct 21, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 21, 2022
The BlackByte ransomware group appears to have hit a key milestone with Exbyte, a new custom data exfiltration tool deployed by the affiliates. Experts aren’t sure who developed the tool but it was identified in at least two attacks involving the ransomware. Separately, operators behind Mirai, RAR1ransom, and GuardMiner have been abusing a vulnerability in VMware products namely VMware Workspace ONE Access and Identity Manager. A patch for the flaw was issued in April, but vulnerable devices continue to expose the patch model of impacted organizations.
In other news, the exploitation of Text4Shell bug was found under way. WordPress security company Wordfence said that the critical bug, which is being compared with the Log4Shell bug, may have less scope of impact in comparison to the latter.
EnergyAustralia fell victim to cyberattack
Australian energy company EnergyAustralia was hit by a cyber incident, affecting the data of hundreds of customers. Unauthorized access was detected to its My Account online platform. All impacted accounts were locked and reviewed for potential data theft. The company claimed no data appears to have been transported outside of the company’s systems.
One bug targeted by three malware campaigns
Hackers were seen abusing a critical bug in VMware Workspace ONE Access and Identity Manager Attacker to deploy a variety of malware threats. A cybercriminal group was seen dropping a Mirai variant on exposed Linux systems. RAR1ransom operators took the opportunity for encryption-based attacks. Lastly, hackers used GuardMiner for cryptomining attacks.
Meet Exbyte by BlackByte
BlackByte ransomware affiliates have started using a new data exfiltration tool, dubbed Exbyte. It is designed to speed up the process of data stealing from the victim’s network and uploading it to an external server. Written in Go, the Exbyte exfiltration tool helps upload the stolen files to the Mega[.]co[.]nz cloud storage service.
Text4Shell under attack
Wordfence collected evidence of attacks targeting the newly disclosed flaw in Apache Commons Text named Text4Shell. Tracked as CVE-2022-42889, it was assigned a score of 9.8 on the CVSS scale. An attacker could abuse the flaw to open a reverse shell connection with the buggy application simply via a specially crafted payload.
F5’s quarterly security notification
Security and application delivery firm F5 has fixed as many as 18 vulnerabilities affecting its range of products. About a dozen of these bugs were assigned ‘high severity’ rating. A majority of these high-severity bugs could allow a remote, unauthenticated attacker to initiate DoS attacks. BIG-IP users were urged to patch these on priority as flaws in these are frequently targeted in attacks.