Go to listing page

Cyware Daily Threat Intelligence, August 16, 2019

Cyware Daily Threat Intelligence, August 16, 2019

Share Blog Post

Evading detection using new and sophisticated attack techniques is one of the primary goals of malicious actors. Recently, researchers have come across a new attack technique called ‘Module Stomping’ which is used to hide malicious code on a targeted system. The attack method involves overwriting the loaded modules with malicious code through cross-process memory injection. 

New details regarding Electric Fish malware and Remcos trojan have also emerged in the past 24 hours. The US cyber command has publicly disclosed that the Electric Fish is linked to the North Korea-based APT38 hacking group. On the other hand, the new version of Remcos RAT is distributed via malicious .ace attachment through phishing emails. 

In other developments, Mozilla has fixed a ‘master password’ security bypass flaw with the release of Firefox 68.0.2. The flaw could be exploited to steal stored login information by bypassing the master password of the built-in password manager.  

Top Breaches Reported in the Last 24 Hours

Cyberattacks on healthcare firms
Grays Harbor Community Hospital, Harbor Medical Group, and NCH Healthcare System have suffered cyberattacks. While the first two have been hit by ransomware, the NCH suffered an attack due to unauthorized access. Following the attacks, healthcare firms have started notifying their patients. 

Updates on Capital One data breach
Federal prosecutors said Paige Thompson, the suspect charged in the Capital One data breach, may have hacked more than 30 other organizations. Servers found in Thompson's bedroom contained data stolen from more than 30 unnamed companies, educational institutions, and other entities. Much of the data did not appear to contain personal identifying information. Investigators are still working to identify the affected organizations.  

ECB affected by a malware attack
The European Central Bank (ECB) took down Banks’ Integrated Reporting Dictionary (BIRD) website after it was hacked and infected with malware. The bank claims that no sensitive data has been compromised during the attack. It is believed that the malware has been injected on the server hosting the site. 

Credit Karma exposes user data
Credit monitoring site Credit Karma disclosed that a glitch in its website allowed users to see other people’s account information when they logged in. This exposed users’ personal information such as names, addresses and credit card details.  
 
Top Malware Reported in the Last 24 Hours

New Remcos RAT variant
A new variant of Remcos RAT dubbed BKDR_SOCMER.SM has been discovered by security researchers. The malware variant is distributed via phishing email which includes a malicious attachment using the ACE compressed file format. The email appears to come from a legitimate domain - division@alkuhaimi[.]com - and goes with the subject line: “RE: NEW ORDER 573923”.

Electric Fish malware
A new sample of malware called Electric Fish has been linked with APT38 threat actor group. According to the U.S. government, Electric Fish is a tunneling tool designed to exfiltrate data from one system to another over the internet. This is done once a backdoor has been placed. 

Module Stomping technique
Security researchers have discovered a new attack technique called Module Stomping. The technique enables attackers to overwrite loaded modules on a targeted system with malicious code. This allows them to continue their infection process, without being detected by antivirus software.   

Phishing campaign
Microsoft security researchers have discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims. The purpose of the campaign is used to steal credentials from users. For this, the attackers have registered a domain instead of creating a phishing landing page to deceive their victims. The custom 404 page shows the fake login form which asks the victim to share their username and password.  

Top Vulnerabilities Reported in the Last 24 Hours

Mozilla releases Firefox 68.0.2 
Mozilla has fixed a moderate ‘master password’ security bypass flaw CVE-2019-11733 with the release of Firefox 68.0.2. The flaw could be exploited by hackers to bypass the master password of the built-in password manager and steal saved logins. The update ensures that the saved login information cannot be accessed by unauthorized users.  

Flaw in NotePad
Microsoft has addressed a security flaw - CVE-2019-1162 - in its Notepad. The vulnerability exists in the CTextFramework (CTF) and can be exploited attackers to take over the entire system. The attackers can also run arbitrary code on the Notepad by leveraging the vulnerability.  

Top Scams Reported in the Last 24 Hours

Refund phishing scam
Scammers are impersonating the Federal Board of Revenue (FBR) in a new refund phishing scam. They are tricking people into sharing their sensitive bank details by sending scam tax refund emails. The emails claim that the recipients are supposed to receive a tax refund as per FBR’s records and ask them to click on a link for further information. The refund amount, however, varies from email to email. The email goes with the subject line: FBR and Tax Refund Notice 2019.  

 Tags

module stomping
capital one
electric fish malware
refund phishing

Posted on: August 16, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite