Cyware Daily Threat Intelligence, April 17, 2020

Share Blog post

Another day, another new threat. A group of academics has come across a never-seen-before attack technique that can be used to exfiltrate sensitive data from organizations without being detected. The new technique, which is termed as Air-ViBeR, uses vibrations from GPU, CPU or PC chassis fans to broadcast data stolen from air-gapped systems.

Variants of Kpot trojan and AgentTesla keylogger were also uncovered in different cyberespionage campaigns in the last 24 hours. While the Kpot v2.0 appeared in a malvertising campaign that took advantage of the COVID-19 crisis, the new variant of AgentTesla was distributed via an image resource named ReZe0V2.

Top Breaches Reported in the Last 24 Hours

Application Software Technology hit
Application Software Technology had suffered a cyberattack after an intruder gained access to employees’ 2019 W-2 tax data. The unauthorized third-party was able to do it after obtaining access to a company email account. Upon discovery, the company immediately notified law enforcement agencies and started using MFA for its executives, human resources, and financial staffers.

Details of MS Zaandam passengers leaked
Private details of some 247 MS Zaandam cruise passengers have been exposed due to an unguarded database. The compromised data included addresses, dates of birth, email addresses, phone numbers, and passport numbers of passengers. 
  
Top Malware Reported in the Last 24 Hours

ICEBUCKET attack
A massive television ad fraud campaign called ICEBUCKET, has successfully duped more than 300 different brands to generate huge revenue for fraudsters. They have managed to pull off the fraud by impersonating more than 2 million people in over 30 countries and tricking advertisers into believing that the ads were viewed by real people. However, in reality, they were bots that pretended to be real people watching TV.

New AgentTesla variant 
Researchers have uncovered a new variant of AgentTesla that is used by threat actors to steal WiFi passwords and data from different applications such as browsers, FTP clients, and file downloaders. The malware variant is distributed via an encrypted image resource named ReZe0V2.

Malicious RubyGems
Over 700 malicious packages written in Ruby programming languages were found to be distributed through the RubyGems repository. The campaign leveraged the typosquatting technique to trick unwitting developers into installing the malicious code into their repositories. Most of these libraries were designed to steal funds by redirecting cryptocurrency transactions to a wallet address under the attacker’s control.

Kpot v2.0 trojan returns
A new malvertising campaign that leverages the COVID-19 crisis has been found targeting Internet Explorer users with Kpot v2.0 trojan. The malware variant is distributed via the Fallout exploit kit that is embedded in malicious advertisements on websites. The purpose of the campaign is to steal cookies, passwords, autofill data, and credentials for different accounts from users.

New PoetRAT
A newly discovered PoetRAT malware family has been found targeting the Azerbaijan government and energy sector in a new cyberespionage campaign. The malware is delivered via URLs that mimic some Azerbaijan government domains. The campaign also uses a slew of post-exploitation tools to log keystrokes, record footage from webcams, and steal browser credentials.

Top Vulnerabilities Reported in the Last 24 Hours

Breaking into air-gapped systems
Israeli researchers have demonstrated a new method of stealing information from air-gapped systems. The technique, named AiR-ViBeR, relies on vibrations from CPU, GPU or PC chassis fans to exfiltrate data from a target system.

PoC for vCenter flaw released
Technical information on a critical VMware vCenter Server vulnerability has been released. The flaw, identified as CVE-2020-3952, only impacts Server 6.7 installations. It can be exploited by an attacker to gain full control over the targeted VMware deployments. VMware has patched the flaw earlier this month.

Cisco patches flaws
Cisco has released security patches to address numerous vulnerabilities affecting a wide range of its products, including IP Phones and UCS Director. While the IP Phones are affected by a critical vulnerability tracked as CVE-2020-3161, the UCS Director is impacted by three vulnerabilities that can allow unauthenticated attackers to bypass authentication or conduct directory traversal attacks.

Top Scams Reported in the Last 24 Hours

Scammers target taxpayers
Scammers are targeting US taxpayers in a new scam by exploiting the tax deadline extension. The scam relies on phishing emails that appear to come from the Internal Revenue Service (IRS). Users should be aware of such scams as scammers can steal personal and financial information. Also, users should note that federal and state taxing authorities do not ask for personal details via emails.

 Tags

agenttesla keylogger
vmware vcenter server
poetrat
kpot v20 trojan
application software technology
icebucket attack

Posted on: April 17, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!