Cyware Daily Threat Intelligence, August 26, 2020

Share Blog post

Emerging sophisticated cyberattack campaigns have become a major cause of headache for cyber defenders. A massive spear-phishing campaign, which is believed to have been active since 2018, has finally come under the radar of security researchers. The campaign, backed by the notorious Lazarus threat actor group, has so far targeted the cryptocurrency vertical in more than 14 countries.

That’s not all. A recently discovered DarkSide ransomware has claimed its attacks on Brookfield Residential by stealing confidential information from the firm. The operators have threatened to leak all the stolen files and documents on a website if their ransom demand is not met.

A new phishing attack against Microsoft Office 365 users was also observed in the last 24 hours. The attack, which was primarily aimed at government and security organizations, was executed using a legitimate Box webpage as a bait.

Top Breaches Reported in the Last 24 Hours

Massive spear-phishing campaign
The Lazarus threat actor group has been found using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries. Based on phishing artifacts, researchers believe that the campaign has been running since at least January 2018.

DarkSide ransomware attack
North American land developer and homebuilder, Brookfield Residential is one of the first victims to be infected by the new DarkSide ransomware. To claim the attack, the gang has added a portion of stolen data on its leaked site.

NZX exchange suffers DDoS attack
The operations at Wellington-based NZX stock exchange were temporarily halted due to a DDoS attack. The firm took some countermeasures to mitigate the attack and later resumed its operations.

Top Malware Reported in the Last 24 Hours

Ransomware release data leak sites
Avaddon and Conti have become the latest ransomware family to launch their data leak websites. The ultimate purpose of these ransomware operators is to extort victims by threatening to leak their stolen data online. While Conti’s data leak site currently lists twenty-six victims, Avaddon’s leak site has only the entry of documents stolen from a construction firm.

Malicious 3Ds Max plugins
A newly discovered hacker group was found targeting companies across the globe with malware hidden inside malicious Autodesk 3Ds Max plugins, such as PhysXPluginMfx. The purpose of the malware was to deploy a backdoor trojan to enable hackers to steal sensitive data files and documents.

Top Vulnerabilities Reported in the Last 24 Hours

Faulty set-top boxes
Serious security flaws in two popular set-top boxes - THOMSON THT741FTA and Philips DTR3502BFTA - can leave customers at risk of cyberattacks. The flaws can allow malicious attackers to launch botnet and ransomware attacks. Furthermore, these set-top boxes are shipped by manufacturers with open telnet ports and an unencrypted protocol used for communicating with remote devices or servers.

Top Scams Reported in the Last 24 Hours

FBI alerts about vishing
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory about the rising vishing attacks. According to the advisory, such attacks have spiked since mid-July and are aimed at stealing login details from employees. Attackers can later use these details to conduct research on victims or to fraudulently obtain funds.

Phishing attack observed
A phishing attack aimed at government and security organizations used a legitimate Box webpage to capture victims’ Microsoft 365 credentials. The attack was carried out through emails that appeared to be from a third-party vendor, urging recipients to view a sensitive financial document.

 Tags

nzx exchange
darkside ransomware
microsoft office 365 users
brookfield residential
lazarus threat actor group

Posted on: August 26, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!