Cyware Daily Threat Intelligence, August 20, 2020

Share Blog post

A cyberattack on an organization can cripple its internal network and have knock-on effects on its customers as well. In the last 24 hours, the cyber landscape witnessed several crippling attacks and one of them was allegedly aimed at the South Korean supplier of RAM and flash memory manufacturer, SK Hynix. As per claims made by the Maze ransomware operations, the company lost 11TB of personal and corporate files in the incident.

Looking at the chaos created by cybercriminals, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about a new strain of malware, named BLINDINGCAN RAT that aims at the U.S. and foreign organizations in aerospace and defense sectors. Meanwhile, researchers found a new variant of the Lucifer malware infecting Linux systems, which is already known for turning Windows computers into Monero cryptomining bots and using them to launch DDoS attacks.

Top Breaches Reported in the Last 24 Hours

Maze is in action
The Maze ransomware operators have claimed to infect the network of the South Korean semiconductor giant, SK Hynix, and leaked some of the stolen files. The hackers allegedly exfiltrated 11TB of its internal data and uploaded a 570MB ZIP on their website as evidence of the infiltration, holding SK Hynix to ransom.

Experian falls into a trap
Experian, a consumer credit reporting agency, was tricked into giving away the personal details of its South African customers to a fraudster masquerading as a client. According to a report by South African Banking Risk Centre (SABRIC), the data breach affected 24 million South African customers and 793,749 local businesses.

SnapFulfil hit by ransomware
A cloud-based warehouse management software provider, SnapFulfil, faced a ransomware attack targeted on their services, impairing warehouse operations for no less than one of its customers. The U.K.-based company is collaboratively working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to recover its systems and alleviate the impact for the customers.

Top Malware Reported in the Last 24 Hours

CISA warns of a new North Korean malware
The Cybersecurity and Infrastructure Security Agency (CISA) issued a Malware Analysis Report (MAR), warning about a new strain of North Korean malware, named BLINDINGCAN RAT. According to the report, the malware was leveraged in attacks aimed at the U.S. and foreign organizations catering to the aerospace and military defense and sectors.

DDoS botnet infects Linux systems
Once known for deploying XMRig miner on vulnerable Windows computers, converting them into Monero cryptomining bots, the hybrid DDoS botnet, Lucifer, is now reportedly infecting Linux systems. In addition to that, Lucifer’s creators have broadened the capabilities of different Windows versions to steal credentials and escalate privileges through the Mimikatz post-exploitation tool.

APT focuses on India and Afghanistan
According to Kaspersky, the Transparent Tribe APT group has designed a new tool to infect USB devices for surveillance and spying on government and military personnel. While the group’s main payload is the Crimson RAT, it has been found using a custom .NET trojan and a USB attack tool to steal files from removable media.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues a security update
Microsoft has released the out-of-band KB4578013 Windows security update to address a couple of bugs affecting the Windows Remote Access service. The security update fixes CVE-2020-1530 and CVE-2020-1537, the two Windows Remote Access privilege escalation vulnerabilities impacting all the versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

A vulnerability in IBM Db2
Tracked as CVE-2020-4414, a flaw in IBM Db2 could allow attackers to gain access to critical data or lead to denial-of-service (DoS) in the relational database. The memory leak vulnerability impacts IBM Db2 versions for UNIX, Linux, and Windows (9.7, 10.1, 10.5, 11.1, 11.5). The issue rises from improper usage of shared memory and exploitation is possible if a specially-crafted request is sent.

 Tags

lucifer malware
sk hynix
ibm db2
blindingcan malware
snapfulfil
transparent tribe apt

Posted on: August 20, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!