Go to listing page

Cyware Daily Threat Intelligence, December 01, 2020

Cyware Daily Threat Intelligence, December 01, 2020

Share Blog Post

Ransom demands are growing in large and tactics are becoming cutthroat. After Delaware County, the online learning company K12 has decided to pay a ransom to cybercriminals who gained unauthorized access to student and employee information before deploying ransomware.

Apart from ransomware threat, the terror of Magecart-themed credit card skimming attack has also come to light in the last 24 hours. The gang has been found injecting convincing PayPal iframes into the checkout pages of online retail sites to steal payment data of users.

Meanwhile, researchers have detailed a cyberattack that was active in November and targeted German users. The attack delivered the Gootkit banking trojan, and in some cases, the REvil ransomware.

Top Breaches Reported in the Last 24 Hours

AspenPointe notifies patients
U.S. healthcare provider Aspen Pointe has notified patients of a data breach that occurred in September. The attack enabled attackers to steal PHI and PII of its patients. Currently, there is no evidence that data stolen during the attack was used by any third-party attackers.

Adopis Pharma leaks data
An unsecured Elasticsearch database associated with Apodis Pharma was under investigation for leaking over 1.7 TB of confidential business data including full names of Apodis Pharma’s partners and employees, shipment details, and addresses.

K12 pays ransom
The online learning solutions provider K12 has decided to pay a ransom to cybercriminals who managed to breach their systems and deploy a piece of ransomware. The company revealed that the attack did not disrupt its major corporate systems. It claimed that accounting, payroll, procurement, enrollment, and shipping systems remained operational, even after the attack.

Top Malware Reported in the Last 24 Hours

Monero coin miner
A threat actor group tracked as Bismuth is responsible for a cyberespionage campaign that was carried out between July and August. The attackers used cryptocurrency miners to stay under the radar and establish persistence in targeted networks. Bismuth, which shares similarities with the OceanLotus threat actor group, has been running complex cyberespionage attacks since 2012.

New credit card skimming
The Magecart gang has been found using postMessage to hijack PayPal transactions during the checkout process of an online purchase. The ultimate purpose of the new credit-card skimming attack is to create a fake PayPal transaction process in order to steal victims’ payment data.

Gootkit or REvil ransomware used 
Users in Germany are targeted in a cyberattack that delivers the Gootkit banking trojan and, in some cases, the REvil ransomware. In the latest campaign, threat actors are relying on compromised websites to trick users into downloading malicious files through fake forum templates.


gootkit trojan
credit card skimming attack
monero coin miner

Posted on: December 01, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.