Cyware Daily Threat Intelligence, August 19, 2020

Share Blog post

As cybercriminals continue to improve their skills and craft sophisticated threats, they aim to infiltrate bigger targets. In the last 24 hours, researchers came across one such threat in the form of FritzFrog, a fileless, multi-functional, Peer-to-Peer (P2P) botnet written in Golang. The botnet specializes in targeting SSH servers and has breached over 500 servers since the beginning of the year. Some of its victims include universities in the U.S. and Europe, along with a railway company.

Meanwhile, a couple of vulnerabilities affecting millions of users were also reported. The first one is a flaw in the implementation of ‘mailto’ links that can be used to infect users of mail clients, such as GNOME Evolution, KDE KMail, IBM/HCL Notes, and Thunderbird. The other major vulnerability reported affects an IoT communication module from Thales. The vulnerability could be exploited to steal credentials, take over device control, and spread across targeted networks.

Top Breaches Reported in the Last 24 Hours

State-sponsored attack spree
Taiwanese authorities reported that the Blacktech and Taidoor hacking groups linked to the Chinese government had attacked at least 10 government agencies and around 6,000 email accounts of public officials. The series of attacks, with some of them even dating back to 2018, were conducted with an intention to steal confidential government data as well as intellectual property from Taiwan’s tech industry.

DDoS extortion threats
Researchers from Akamai stumbled across cybercriminals posing as members of well-known threat groups, such as Fancy Bear and Armada Collective, and threatening organizations with DDoS attacks. The attackers targeted organizations operating in the financial and retail sectors, among others, and claimed to have the capability to launch DDoS attacks of up to 2Tbps.

Top Malware Reported in the Last 24 Hours

Fileless P2P botnet
A new sophisticated, multi-functional P2P botnet written in Golang has been discovered by researchers. The botnet, dubbed FritzFrog, is estimated to have breached over 500 SSH servers since January 2020. It uses a proprietary P2P protocol and an encrypted channel for C2 communications.

Decryption tool for WannaRen
A new decryption tool for decrypting files locked up by the WannaRen ransomware has been released. The ransomware was first detected in the wild in April 2020, and was found to be linked to the Hidden Shadow cybercrime group. It uses a propagation method based on EternalBlue to spread laterally across networks.

Top Vulnerabilities Reported in the Last 24 Hours

New flaw in mail clients
A group of academic researchers found that ‘mailto’ links could be exploited to launch on a range of desktop email clients. The vulnerability stems from the flawed implementation of RFC6068, the technical standard that describes the mailto URI scheme. Some of the mail clients affected by this flaw include GNOME Evolution, KDE KMail, IBM/HCL Notes, and older versions of Thunderbird.

IoT vulnerability exposes connected devices
IBM X-Force researchers discovered a vulnerability in Thales’ Cinterion EHS8 M2M module that is used to provide secure communication between connected devices using 3G/4G networks. Malicious actors could abuse this vulnerability to steal confidential information such as passwords, encryption keys, and certificates, and potentially control a device or gain further access to the targeted network.

Top Scams Reported in the Last 24 Hours

Phishers abuse design tool
The online design platform, Canva, was abused by cybercriminals to create legitimate-looking phishing emails to steal credentials through social engineering tactics. Users reported more than 4,200 malicious emails generated through Canva since mid-February 2020.


 Tags

mailto links
blacktech
fritzfrog
ddos extortion campaign
taidoor threat actor
iot device vulnerability

Posted on: August 19, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!