Cyware Daily Threat Intelligence September 21, 2018

Daily Threat Briefing • Sep 21, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 21, 2018
Top Malware Reported in the Last 24 Hours
Chainshot
Chainshot is a new string of malware along with network infrastructure that links to various targeted attacks. The malware is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. Users are advised to use the Factoring as a Service (FaaS) to calculate the decryption key and access the Chainshot malware. Users are also advised to use the latest anti-malware tools in order to prevent attacks from the similar malware.
Black Rose Lucy
The newly discovered Russian botnet Black Rose Lucy, developed by the Russian cybercrime group The Lucy Gang, can allow cybercriminals to target Android devices. The botnet cropped up in the malware-as-a-service (MaaS) arena. 86 devices from Russia was found to be affected by this. The botnet package contains the Lucy Loader dashboard and the Black Rose dropper. The new version of the botnet has victims from France, Israel, and Turkey.
Top Breaches Reported in the Last 24 Hours
NCIX breach
Canadian gadget retailer NCIX's servers turned up on Craigslist without being wiped. The privacy breach occurred after the retailer closed its stores in 2017 and retired old servers and employee workstations. A security expert gained access to 300 desktop computers from NCIX's corporate offices and retails stores, 18 DELL PowerEdge servers, as well as at least two Supermicro server's running StarWind iSCSI Software that NCIX had used to back up their hard disks.
Democrate** candidate's website breached**
California Democratic congressional candidate Bryan Caforio's website was hit by repeated DDoS attacks during the primary election process. Access to the website was blocked four times before the primary election season. The campaign tried upgrading the website’s hosting services and adding specific DDoS protections. But, in the end, all failed to perform.
AdGuard breach
AdGuard reset the passwords of all its users after it discovered a brute force attack targeting its servers. The attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies. The attackers were able to access some of the accounts but the company does not know which accounts were exactly accessed.