Go to listing page

Cyware Daily Threat Intelligence, April 09, 2021

Cyware Daily Threat Intelligence, April 09, 2021

Share Blog Post

The scope of cyberattacks is expanding and so is the malicious intent of cybercriminals. In an interesting twist, cryptominers are widely targeting educational organizations in the U.S. to covertly mine cryptocurrency. Researchers indicate that a miner dubbed UPX-packed cpuminer is being used to drive the campaign.

A new backdoor named SideTwist has emerged in the past 24 hours. The development came to light after researchers uncovered a new cyberespionage campaign that is linked to the Iran-based APT34 group and targeted organizations in Lebanon.

A clever evasion trick implemented by scammers to pilfer Microsoft Office 365 credentials has also come under the lens of researchers. The trick involves the use of HTML code hidden inside JavaScript files.

Top Breaches Reported in the Last 24 Hours

Michigan State University impacted
Michigan State University (MSU) has been impacted by a data breach that arose due to a cyberattack on an Ohio law firm Bricker & Eckler LLP. An investigation into the incident revealed that an unauthorized party had gained access to certain internal systems of the law firm between January 14 and January 31.

Belden updates on data breach
In a new revelation, Belden has disclosed that additional details were accessed and copied during the cyberattack in November 2020. The data accessed includes some current and former employee details, as well as limited company information regarding some business partners.

Educational organizations targeted
U.S. educational organizations are being targeted by threat actors in a massive cryptojacking attack. The first attack was spotted on February 16. Researchers say that a UPX-packed cpuminer has been delivered through malicious traffic.

Top Malware Reported in the Last 24 Hours

SideTwist backdoor
Iran-based APT34 group has been held responsible for a cyberespionage campaign that targeted organizations in Lebanon. The campaign was carried out through phishing emails that ultimately resulted in the deployment of a new backdoor called SideTwist. The backdoor is capable of exfiltrating sensitive information from compromised systems.

Adware through malicious apps
Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used to propagate adware on smartphones. Threat actors are taking advantage of SMSes and WhatsApp messages to lure users into downloading malicious apps.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for Moodle flaw released
Researchers have released a PoC for a security flaw affecting the open-source learning platform Moodle. The flaw affects versions from 2.8 to 3.10 of the software and could lead to an account takeover of students and staff.

Mitigation for Slipstreaming attack
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent ports from being abused in NAT Slipstreaming 2.0 attacks. The flaw allows attackers to bypass visitors’ NAT firewall and gain access to any TCP/UDP port on the visitors’ internal network.

PoC for BleedingTooth released
Google has disclosed details about three zero-click vulnerabilities in a Linux Bluetooth subsystem. Dubbed ‘BleedingTooth’, the flaws are tracked as CVE-2020-12352, CVE-2020-12351, and CVE-2020-24490.
  
Top Scams Reported in the Last 24 Hours

HTML code used for phishing
Scammers are using HTML codes to build web pages that collect Microsoft Office 365 credentials. The codes are hidden in JavaScript files to display the fake login interface and prompt potential victims to type in sensitive information. The tricky phishing campaign is carried out via phishing emails.

Fake antivirus billing scam
Researchers have uncovered a large-scale tech support scam that warns users to renew their antivirus subscriptions. The scam is widespread on sites using low-quality ad networks. When visitors visit any of these sites, they are redirected to a tech support scam website that warns them that their system is infected and prompts them to dial a displayed phone number.


 Tags

html codes
cryptojacking attacks
office 365 phishing
sidetwist
bleedingtooth vulnerability

Posted on: April 09, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!