Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 6, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 6, 2021
Ransomware operators are on the top of their big hunting game. With several exploits, cybercrime tools, and attack techniques readily available at attackers’ disposal, dark web marketplaces have piqued the interest of ransomware gangs. Research reveals that several ransomware operators are willing to spend up to $100,000 to purchase access to companies’ networks.
Meanwhile, the now-defunct REvil ransomware group has likely reappeared in new attack campaigns targeting two internet service providers in the U.K. The gang had launched a series of DDoS attacks against the organizations with an aim to make huge profits through ransom demands.
Top Breaches Reported in the Last 24 Hours
Ransomware gangs’ new tactic
Research reveals that ransomware operators are heavily relying on dark web marketplaces to purchase the network access of large companies. The result is drawn after analyzing 48 forum posts in which researchers found that 40% of the ads were created by ransomware gangs. One of the posts was linked to BlackMatter ransomware operators who were willing to spend between $3,000 and $100,000 to buy network access.
Irish Gardaí seizes a cyber gang
Dubliln law enforcement agencies seized the cyber infrastructure of attackers responsible for the HSE cyberattack. The operation is believed to have prevented more than 750 potential ransomware attacks by seizing targeted websites, domain names, and servers.
Pacific City Bank hit
Pacific City Bank was hit by AVOS Locker ransomware operators who claim to have stolen multiple sensitive documents from the financial institution. The attackers have published some screenshots as proof of the hack.
Data breach at Dallas school
A data breach at the Dallas public school system affected the personal information of students, parents, teachers, and staff. The breach occurred earlier this month and the exposed data dates back to 2010. Social security numbers, birth dates, contact information, and grades were among the data exposed.
Top Malware Reported in the Last 24 Hours
REvil ransomware reappears
REvil ransomware has made a comeback with a new attack technique to extort its victims. The gang had launched a series of DDoS attacks against two Internet and Telephony Service Providers (ITSP) in the U.K with an aim to extract huge ransom from them.
Top Vulnerabilities Reported in the Last 24 Hours
ProxyShell vulnerabilities exploited
Several threat actors including Conti ransomware affiliates are exploiting three unpatched ProxyShell vulnerabilities to compromise Microsoft Exchange Servers. The flaws—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207—can allow threat actors to conduct remote code execution attacks on Exchange servers.
Top Scams Reported in the Last 24 Hours
Hurricane Ida-related scam
The US Security and Exchange Commission has warned investors to be wary about the latest investment scams that promise huge returns for those affected in the recent hurricane, Ida. Scammers are luring victims to receive compensation from insurance companies.