The ever-evolving ransomware gangs’ affiliate recruitment strategy has put a new spin on the insider threat attack. A unique campaign launched by a group of Nigerian hackers is tricking potential targets into installing the DemonWare ransomware, in return for a slice of the payout. In this instance, the threat actors are using LinkedIn and other publicly available information to identify targets.
Meanwhile, Cisco’s multiple security devices are vulnerable to the SNIcat attack technique that can be used to covertly steal data from corporate networks. The affected devices include Cisco firewalls running Firepower Threat Defense (FTD) software, devices running Web Security Appliance (WSA) modules, and all ISA3000 firewalls.
Top Breaches Reported in the Last 24 Hours
Liquid exchange loses $94 million
Japan-based cryptocurrency exchange Liquid has suspended its operations following a massive hack that compromised its warm wallets. Investigation reveals that the attackers stole roughly $94 million worth of cryptocurrency assets in the attack, including $45 million in Ethereum tokens.
A potential insider threat strategy
Cybercriminals based in Nigeria are tricking potential targets into installing DemonWare ransomware on their organization’s network in return for a payout. For this, they are leveraging LinkedIn and other publicly available information to identify the targets. The attackers leave an email address and a Telegram username for interested parties to contact them as part of the campaign.
U.S. Census breach
A report published by the U.S. Office of Inspector General (OIG) revealed that threat actors breached the servers of the U.S. Census Bureau last year by exploiting an unpatched Citrix ADC flaw. This enabled the attackers to modify user data.
Police database accessed
The Cyber Partisans group has managed to obtain the personal information of the Belarusian government and police after gaining access to a database. The compromised data includes passport photos, home addresses, and the places of work of the affected individuals.
Tokio Marine Holdings attacked
Japan’s largest property and casualty insurer, Tokio Marine Holdings disclosed a recent ransomware attack. The firm is still trying to determine the scope of the damage.
Top Malware Reported in the Last 24 Hours
The terror of trojans
A new malware campaign distributing njRAT and AsyncRAT has been found targeting travel and hospitality organizations in Latin America. Techniques used in this campaign bear a resemblance to those of the Aggah group. The infection chains used in these campaigns are built using a NET-based crypter called ‘3losh crypter rat’.
Top Vulnerabilities Reported in the Last 24 Hours
Cisco’s zero-day RCE flaw
A zero-day RCE flaw in the Universal Plug and Play (UPnP) service of multiple legacy small VPN routers can be exploited to execute arbitrary code remotely. The affected VPN routers include RV110W, RV130, RV130W, and RV215W. In another incident, Cisco has revealed that some of its security products are vulnerable to the SNIcat attack technique that can be used to steal data from corporate networks. The affected devices include Cisco firewalls running FTD software, devices running WSA modules, and all ISA3000 firewalls.
Top Scams Reported in the Last 24 Hours
Pilfering users’ banking details
Fraudsters have created fake support pages on Facebook to steal bank details from users. To make it look convincing, the pages are embedded with a chatbot that greets clients before starting a conversation.