We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 28, 2022

Security weaknesses in government networks can invite intrusions from geopolitically-motivated bad actors. In one such instance, the Slovak and Polish parliaments were disrupted due to an attack on their computers and phone systems. Meanwhile, the saga of crypto heists continues with the latest multimillion-dollar theft from Team Finance, a DeFi lockup protocol.

Coming to new malware updates from the last 24 hours, a banking trojan and a DDoS botnet were found making waves across different regions. While the Drinik trojan targeted customers of 18 Indian banks, the Fodcha botnet leveled up to terabit-scale attacks with the added threat of ransom demands. An emergency update was issued for Google Chrome to fix an actively exploited zero-day flaw, marking the seventh such occurrence this year.

Top Breaches Reported in the Last 24 Hours

Slovak and Polish Parliaments attacked

Cyberattacks hit the Slovak and Polish parliaments, interrupting the parliamentary session and bringing down the voting system in Slovakia’s legislature. All computers and phone lines went down, making it impossible for lawmakers to vote on several bills.

Hackers rob DeFi platform

Hackers stole $14.5 million worth of cryptocurrency after exploiting a vulnerability in the audited v2 to v3 migration function of the DeFi platform Team Finance. The company has urged the exploiter to get in touch for a bounty payment.

New York Post hacked

Attackers hacked the New York Post and used its website and Twitter account to publish offensive headlines and tweets targeting U.S. politicians. The remarks were made on the U.S. President Joe Biden and his son Hunter Biden, NYC Mayor Eric Adams, NY Governor Kathy Hochul, D-NY Rep. Alexandria Ocasio-Cortez, R-IL Rep. Adam Kinzinger, and Texas Governor Gregg Abbot.

Top Malware Reported in the Last 24 Hours

New banking trojan in the light

According to Cyble researchers, a new version of the Drinik Android trojan targets 18 Indian banks, posing as the country’s official tax management app to steal victims’ banking credentials and personal information. Since 2016, Drinik has been circulating in India and operating as an SMS stealer. However, in September 2021, it added banking trojan features that targeted 27 financial institutions by directing victims to phishing pages.

Fodcha version 4 is here

A new version of the Fodcha DDoS botnet delivers ransom demands directly within DDoS packets used against victims’ networks, revealed Netlab 360. The latest Fodcha version 4 now uses encryption to establish communication with the C2 server and relies on 42 C2 domains to operate 60,000 active bot nodes daily, generating up to 1Tbps of destructive traffic.

Raspberry Robin delivers Clop ransomware

In the last 30 days, the Raspberry Robin malware has compromised nearly 3,000 devices in almost 1,000 organizations. Its latest attacks have resulted in Cl0p ransomware infections, and the threat actor is now capable of employing at least four different tactics for gaining purchase on devices. Microsoft attributes the post-compromise Cl0p activity to DEV-0950, aka FIN11 or TA505, indicating Raspberry Robin’s growth in the wider cybercrime economy.

Top Vulnerabilities Reported in the Last 24 Hours

SiriSpy allows eavesdropping

A vulnerability in Apple’s iOS and macOS, dubbed SiriSpy, could have allowed any app with access to Bluetooth to eavesdrop on conversations with Siri and audio. When using AirPods or Beats headsets, the malicious app could also record conversations from the iOS keyboard dictation feature. Tracked as CVE-2022-32946, SiriSpy has now been patched.

VMware product patched

VMware issued fixes for a critical vulnerability in the management service for its network virtualization and security platform, NSX. The vulnerability in VMWare NSX Manager stemmed from an old deserialization bug in an outdated Java library called XStream. Attackers could abuse the flaw to achieve pre-authentication remote code execution on the host computer.

Another Chrome zero-day

Google released emergency updates to mitigate an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, is a type confusion flaw in the V8 JavaScript engine. This is the third actively exploited bug of its kind in V8 reported this year after CVE-2022-1096 and CVE-2022-1364, while also being the seventh zero-day in Google Chrome since the start of 2022.

Related Threat Briefings