Cyware Daily Threat Intelligence, August 17, 2020

Share Blog post

A security lapse by cybercriminals can be a major boon for security experts and this is what has happened in the case of the notorious Emotet trojan. A buffer overflow vulnerability in Emotet discovered by cybersecurity experts enabled them to create a kill switch called EmoCrash which prevented the trojan from infecting users. Though the kill switch was short-lived - alive for 182 days - it helped many susceptible organizations to thwart the attacks by Emotet between February 6, and August 6, 2020.

The past 24 hours also witnessed some major blow from ransomware attackers. The Japanese technology giant, Konica Minolta, and the US spirit and wine giant, Brown Forman, disclosed that their systems and networks were affected after being hit by ransomware attacks.

Top Breaches Reported in the Last 24 Hours

Konica Minolta breached
A ransomware attack at the Japanese technology giant, Konica Minolta, had caused a week-long outage at the firm’s MyKMBS customer portal. Following the attack, the ransomware encrypted internal files and appended the .K0N1M1N0 extension to their filenames.

GCKey service targeted
Thousands of user accounts for online government services in Canada were impacted in a cyberattack that targeted the GCKey service. The incident had affected about 5,500 Canada Revenue Agency accounts, following which the access to these accounts was suspended to protect taxpayer information.

Jack Daniel's maker attacked
US wine and spirits giant, Brown-Forman, has become the latest brand to suffer a REvil (aka Sodinokibi) ransomware attack. The operations claim to have stolen 1TB of corporate data during the attack and are most likely expected to release it in batches on their data leak site.

Top Malware Reported in the Last 24 Hours

EmoCrash thwarts Emotet
Researchers have developed a kill-switch named EmoCrash to crash the Emotet trojan during its installation process, thereby effectively preventing users from getting infected. The kill switch was alive for 182 days between February 6, 2020, and August 6, 2020, before the malware authors patched Emotet and closed the buffer overflow vulnerability.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for RCE flaw released
The Proof of Concept (PoC) for a potential remote execution vulnerability in Apache Struts 2 has popped up on GitHub. The flaw, tracked as CVE-2019-0230, affects versions 2.0.0 to 2.5.20 and could allow an attacker to supply unvalidated input into an attribute used inside of an OGNL expression. The flaw was fixed in version 2.5.22 of Apache Struts.

Top Scams Reported in the Last 24 Hours

Customer card details stolen
The luxury Ritz hotel in London has fallen victim to a sophisticated scam that resulted in the compromise of customers’ payment card details. To do so, the scammers impersonated the hotel staff and asked the customers to confirm their bookings by providing their payment card details.



 Tags

brown forman
emotet trojan
malware kill switch
konica minolta
gckey service
apache struts 2

Posted on: August 17, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!