Cyware Daily Threat Intelligence, April 07, 2020

Share Blog post

The ransomware operators are on an attack spree even during the ongoing COVID-19 pandemic. One such attack has been noticed on the US-based oil firm, Berkine. Using Maze ransomware, the attackers stole an entire database containing over 500 MB of confidential documents.

Security researchers also came across a new ransomware, dubbed L4NC34, that demands a ransom of $10 in bitcoin to decrypt encrypted files. The ransomware uses the base64 algorithm to encrypt a victim’s files.

Meanwhile, in a major discovery, it has been found that over 350,000 Microsoft Exchange servers are still vulnerable to a post-auth remote code execution vulnerability. The flaw, that exists in the Exchange Control Panel (ECP) component, can allow attackers to take control of Exchange servers. Users are advised to patch the vulnerability by installing an update released by Microsoft.

Top Breaches Reported in the Last 24 Hours

Email.it confirms security breach
The data of more than 600,000 Email.it users have been put up for sale on the dark web forum. The incident came to light on April 5, 2020, when the hackers - going by the name of NN - went on Twitter to promote a website that was used to sell the company’s data. They claimed that the actual intrusion took place more than two years ago, in January 2018. The selling price of the data varies between 0.5 and 3 bitcoin.

Berkine affected by Maze ransomware
Berkine, a subsidiary of a US-based firm, previously known as Anadarko Petroleum Corp., has been hit by Maze ransomware. The attackers have managed to steal an entire database containing over 500 MB of confidential documents related to budgets, organizational strategies, and production quantities.

Top Malware Reported in the Last 24 Hours

L4NC34 ransomware
Researchers have detected a new ransomware called L4NC34 that appends .crypt extension after encrypting files on a victim’s machine. Later, it drops a ransom note which is actually located within a PHP file. The ransomware demands a ransom of $10 in bitcoin to decrypt the files. Since the ransomware uses the base64 algorithm to encrypt files, researchers have managed to retrieve a decryption key by decoding the algorithm.

Top Vulnerabilities Reported in the Last 24 Hours

Faulty CoronApp-Colombia app
The government of Colombia sanctioned CoronApp-Colombia app has been found to contain vulnerabilities. The app has over 100,000 users and their details are exposed due to the underlying security flaws. The exposed data includes passport numbers, passwords, and self-disclosed health information of users.

Unpatched Exchange servers
Over 350,000 of all Microsoft Exchange servers are still affected by the CVE-2020-0688 post-auth remote code execution vulnerability. The flaw is present in the Exchange Control Panel (ECP) component and can allow attackers to take over Microsoft Exchange servers using previously stolen valid email credentials.

Unpatched flaws in PayPal and Venmo
Unpatched flaws existing in the authentication mechanisms of PayPal and Venmo websites can allow attackers to reset passwords via text messages and take control of a victim’s cellphone number. The flaws were detected earlier this year and affected several other major companies like Amazon, Blizzard, Adobe, eBay, Snapchat, and Yahoo. While some of these companies have plugged the security hole, others are yet to do it.

Top Scams Reported in the Last 24 Hours

Scammers target Australians
Scammers are targeting Australians who are financially impacted by the COVID-19 pandemic with an aim to get their hands on victims’ superannuation funds that will be partially released, starting mid-April. They pretend to be from organizations that can help get early access to the funds and ask victims over the phone to share their personal information in order to receive the funds. The scam targets a wide range of age groups, unlike the previous scams that usually targeted older people.

BEC scam
FBI’s IC3 has warned US citizens that threat actors are abusing cloud email services to launch BEC scams. Some of the widely used email services include Microsoft Office 365 and Google G Suite. Scammers use specially crafted phishing kits to abuse these email services and target employees into handing over their account credentials.

 Tags

paypal website
microsoft exchange servers
post auth remote code execution vulnerability
maze ransomware
venmo
l4nc34 ransomware

Posted on: April 07, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!