Cyware Daily Threat Intelligence, August 21, 2020

Share Blog Post

Secure your routers and IoT devices with the latest security updates as a newly discovered modular Peer-to-Peer FritzFrog botnet has hopped onto the scene. Active since January 2020, the botnet, so far, has affected more than 500 servers and tens of millions of machines with an aim to drop backdoor and cryptominers. Some of the victims include well-known universities in the U.S. and Europe. 

Meanwhile, the University of Utah paid a ransom of $457,000 to a ransomware gang to prevent the leak of its students’ data online. The university took this major decision even after restoring the affected systems using backups.  

Top Breaches Reported in the Last 24 Hours

Cooke County notifies residents
More than 2,000 residents in Cooke County have received a notification about a ransomware attack that occurred in July 2020. The incident, which is reported to be the work of REvil ransomware operators, had resulted in the breach of personal identification information of individuals. Following the attack, the operators had posted a screenshot of the stolen data on the dark web.

The University of Utah pays ransom
The University of Utah has paid a ransom of $457,000 to a ransomware gang to prevent the leak of its students’ data online. The university took this major decision even after restoring the affected systems using backups.  

Top Malware Reported in the Last 24 Hours

New FritzFrog botnet
A newly discovered sophisticated peer-to-peer (P2P) botnet called FritzFrog has been active since January 2020. Written in Golang, the botnet has infected over 500 SSH servers, including the ones linked to well-known universities in the U.S. and Europe. Government offices, education and finance firms, medical centers, banks, and telecom companies are among the other affected victims.

Malicious EC2 server
An EC2 server in a financial institution’s  Amazon Web Services (AWS) environment was found running a cryptominer meant for mining Monero cryptocurrency. The interesting aspect of the discovery was that the mine had not been planted by exploiting a vulnerability. Instead, it came embedded in the community Amazon Machine Image (AMI) used to create the EC2 instance.    

Top Vulnerabilities Reported in the Last 24 Hours

ATM Makers fix bugs
ATM makers Diebold and NCR have deployed fixes for bugs (CVE-2020-9062 and CVE-2020-10124) that could have been exploited for ‘deposit forgery’ attacks. Such attacks can enable attackers to make quick cash withdrawals.

Google patches a bug
Following the revelation of Proof-of-Concept exploit code, Google took immediate action to patch a major security bug impacting the Gmail and G Suite email servers. The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customers. It could have further opened doors for BEC scammers and malware distributors.  

Cisco patches a critical flaw
Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS). The flaw. tracked as CVE-2020-3446, scores 9.8 on the CVSS scale and can allow attackers to obtain administrator privileges. 

 Tags

cooke county
diebold
malicious ec2 server
fritzfrog botnet
university of utah

Posted on: August 21, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!