Go to listing page

Cyware Daily Threat Intelligence, April 23, 2021

Cyware Daily Threat Intelligence, April 23, 2021

Share Blog Post

With numerous tricks and techniques in their kit, cybercriminals are always on a new mission to disrupt the reputation and operation of businesses. One such dangerous trick launched by Darkside ransomware operators is sure to have a major impact on companies listed on NASDAQ or other stock markets. With this new extended extortion tactic, the operators aim to put more pressure on victim organizations that deny fulfilling the ransom demand.   
    
What else? Threat actors have managed to find a new way to blend the abuse of vulnerable Pulse Secure VPN appliances and SolarWinds Orion platform for malicious purposes. The combined abuse of these vulnerable products can result in large-scale supply chain attacks.

Another instance of the addition of new tactics has been made by the MountLocker ransomware gang. With an aim to expand their attacks on Biotech companies, the operators have enhanced the malware capabilities with additional evasion features. 

Top Breaches Reported in the Last 24 Hours

Expanding extortion technique
In an attempt to expand its extortion technique, the Darkside ransomware gang has planned to disrupt stocks of companies listed on NASDAQ or other stock markets. With this new tactic, the operators aim to put more pressure on victim organizations that deny fulfilling the ransom demand.   

More supply chain attacks in process
The CISA has raised alarm about a new cyberattack that involves the abuse of both Pulse Secure VPN appliances and the SolarWinds Orion platform. While the former is used to gain initial access, the latter enables threat actors to perform supply chain attacks.

Top Malware Reported in the Last 24 Hours

MountLocker rebranded
MountLocker ransomware is upping its features to coincide with a rebranding for the malware into AstroLocker. Some of the newly added features are the inclusion of a set of new evasion features and the use of multiple CobaltStrike servers with unique domains. The changes in the ransomware have been done especially to target Biotech companies.

Tor-based botnet
Researchers have detected a new botnet campaign that targets Linux systems by abusing the Tor network for proxies and exploiting cloud infrastructure management tools. The botnet includes worm-like capabilities that make it easy to spread across systems.

Top Vulnerabilities Reported in the Last 24 Hours

CocoaPods RCE exploit exposed
A remote code execution vulnerability in the central CocoaPods server could have potentially impacted up to three million mobile apps. The flaw, which went unnoticed since 2015, has been finally patched by the developers.  

Top Scams Reported in the Last 24 Hours

Costco warns about a scam
Costco Wholesale Corporation is warning American internet users of a new scam that targets its customer base. The scam uses financial benefits as a lure to trap victims, promising free products, financial reimbursements, exclusive offers, cashback rewards, and gift cards. The ultimate goal of the scam is to harvest personal information from users. Other social engineering tactics deployed by scammers include the exploitation of Americans seeking employment.   

 Tags

solarwind orion platform
astrolocker
mountlocker ransomware
darkside ransomware operators
pulse secure vpn appliances

Posted on: April 23, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!