Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence October 4, 2018 - Featured Image

Daily Threat Briefing Oct 4, 2018

Top Malware Reported in the Last 24 Hours

Betabot

Security researchers have recently observed an uptick in Betabot malware infections. Betabot is a data-stealer and allows attackers the ability to hijack targeted systems. Betabot has been updated since it first appeared and now also contains modules that can steal banking data and cryptomining. Betabot also contains detection evading features such as anti-debugging and anti-sandbox techniques.

APT10 malware attacks

The Chinese threat actor group APT10 has been conducting new campaigns against cloud service providers across the globe. The hacker group has been using a new bespoke malware dubbed RedLeaves. Over the past few years, APT10 has used several malware strains - SOGU, HAYMAKER, SNUGRIDE, and QUASARRAT. Over the years, APT10 has evolved from using common malware to deploying customizes module-packed malware in its attacks. The most recent campaign against cloud service providers suggests that the threat group will continue expanding its scope of attacks.

Top Breaches Reported in the Last 24 Hours

Gwinnett Medical Center

The non-profit healthcare organization Gwinnett Medical Center suffered a data breach that exposed some of its patients' personal information. 40 patients had their information accessed and exposed online. The names, dates of birth, and gender were accessed by an unauthorized party and exposed on Twitter. Although the identity of the attackers is still unknown, some believe that the attack may the work of a threat group known as Particle Matrix.

**SBM Holdings **

Mauritius-based SBM Holdings acknowledged that Indian operation unit suffered a breach that saw cybercriminals make away with around $14 million. Although it is still unclear as to how the breach occurred, the incident is being classified as cyber fraud. The bank said that no customers were affected by the breach and that its Indian operations would continue functioning as normal. SBM Holdings has launched an investigation into the incident and has also initiated recovery efforts to reclaim access to the stolen funds.

Related Threat Briefings