Cyware Daily Threat Intelligence, December 07, 2020

Share Blog Post

Cybercriminals do not pay attention to the sensitive nature of certain target organizations. In fact, it serves their purpose to target crucial services that affect large numbers of people. In one such instance, an impersonation scam against the Philabundance Community Kitchen robbed the non-profit off of nearly a million dollars of its funds. Meanwhile, Swiss helicopter maker Kopter was attacked by the LockBit ransomware gang and the latter published the stolen files on its data leak site.

The past 24 hours also witnessed a new malware known as MESSAGEMANIFOLD, which was found targeting the Tibetan community through a spear-phishing campaign. Coming to vulnerabilities, QNAP released patches to address eight vulnerabilities affecting its range of network-attached storage devices.

Top Breaches Reported in the Last 24 Hours

Voters’ data stolen
Hackers made off with 113,000 voters’ personal information from online voter registration services in Alaska. The data consisted of names, dates of birth, driving licenses, party affiliations, last four digits of their social security numbers, and mailing addresses.

Egregor hits Randstad
The Netherlands-based staffing agency Randstad was hit by a cyberattack using the Egregor ransomware and its IT services were breached. The hackers published some internal corporate data, including financial reports and legal documents, in an extortion attempt.

LockBit hacks Kopter
The LockBit ransomware compromised the internal network and encrypted the files of the Swiss helicopter maker Kopter. The firm refused to pay the ransom, as a result of which, the ransomware gang published the stolen files on its data leak site. The files include internal projects, business documents, and several aerospace and defense sector benchmarks.

Embraer data leaked
Embraer, the third-largest airplane maker in the world, was hit by a ransomware attack last month. However, the RansomExx operators released some of the firm’s files on their data leak site after the latter refused to pay the ransom.
  
Top Malware Reported in the Last 24 Hours

Raccoon info-stealer in the news
A cybercrime gang infamous for targeting e-commerce websites launched a multi-stage malicious campaign from February to September, as per a Group-IB report. The gang designed phishing pages and lure documents coupled with malicious macros to download the Raccoon and Vidar info-stealers onto the victims’ systems.

Spear-phishing campaign using MESSAGEMANIFOLD malware
A previously unreported malware—MESSAGEMANIFOLD—was discovered being used in a spear-phishing campaign against the Tibetan community. The unknown threat actor was also linked with the targeting of Taiwanese legislators in May. The highly targeted nature of these campaigns points to Chinese hacking groups.

Top Vulnerabilities Reported in the Last 24 Hours

QNAP patches QTS vulnerabilities
Network Access Storage (NAS) maker QNAP released patches to address eight vulnerabilities impacting all QNAP NAS devices with vulnerable software. The vulnerabilities are related to cross-site scripting and command injection.

Top Scams Reported in the Last 24 Hours

MetaMask steals cryptocurrency wallets
A phishing scam allegedly drained thousands of dollars from the users of the MetaMask cryptocurrency wallet. Hackers promoted their phishing domain via Google search ads. The number of affected victims is yet to be determined.

Foodbank suffers BEC scam
BEC scammers ripped Philabundance Community Kitchen off of $923,533 by impersonating the construction company responsible for building the non-profit food bank. The Philabundance team stated that no donor information has been affected.


 Tags

qnap nas devices
impersonation attack
philabundance community kitchen
metamask wallet
embraer
randstad
raccoon stealer
messagemanifold
kopter

Posted on: December 07, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!