Go to listing page

Cyware Daily Threat Intelligence, December 08, 2022

Cyware Daily Threat Intelligence, December 08, 2022

Share Blog Post

Attacks against the cryptocurrency industry intensify as criminals play mediators between VIP clients and the cryptocurrency exchange platforms they are associated with, on Telegram. Scammers attempt to win the clients’ trust which may end up in the remote hijacking of their systems. Among the top threats in today’s round-up includes a ransomware group that has concentrated its attacks against the education sector in the U.S. As observed, hackers timed their campaigns to coincide with this sector’s unique calendar year - the transition period between the beginning and end of the school year.

Separately, a sensitive authentication bypass vulnerability in Fortinet products has opened up devices to a remote login threat by cybercriminals. The bug is triggered during the Radius server authentication process, via a specially crafted message.

Top Breaches Reported in the Last 24 Hours


Ohio restaurants’ FB accounts hacked
Restaurants in Cincinnati, Ohio, were taken aback after a cybercriminal hacked into their social media accounts to steal thousands of dollars while also hurting their reputations. In an incident, criminals took over their Facebook page and misused the owners’ bank accounts associated with the social media platform. They even posted such material from the FB account that earned it a ban for a lifetime.

CommonSpirit Health confirmed massive data leak
At least seven Washington state hospitals associated with Chicago-based CommonSpirit had their patient data blurted out in a ransomware attack. It revealed that an unknown third party penetrated the organization's network between September 16 and October 03. It is estimated that more hospitals and patients may have suffered due to the breach.

Top Malware Reported in the Last 24 Hours


Fantasy, a wiper malware by Agrius APT
ESET researchers attributed a new wiper malware, dubbed Fantasy, and its execution tool to the Agrius APT group. The Iranian group has been targeting diamond industries in South Africa, Hong Kong, and Israel. The malware’s foundations are pretty similar to that of Apostle wiper, except that it (the latter) also posed as a ransomware strain.

Vice Society vs the education sector
The Vice Society ransomware group emerged as a major threat to the education sector, especially in the U.S. As of now, its victim count is over 40 educational organizations, K-12 and higher education institutions in particular, with about 15 in the U.S. Vice Society was first seen in the summer of 2021. Its other targeted sectors are healthcare and NGOs.

Top Vulnerabilities Reported in the Last 24 Hours


IE zero-day exploited
A zero-day bug in Internet Explorer is being abused in attacks by APT37, a North Korean hacking group. The bug, CVE-2022-41128, was located in the browser’s ‘JScript9’ JavaScript engine that remote attackers could exploit for arbitrary code execution on a compromised system. It is a type-confusion flaw, similar to the JScript9 flaw (CVE-2021-34480) patched last year.

Bugs in FortiOS and FortiProxy
Fortinet announced patches for multiple vulnerabilities in FortiOS and FortiProxy products. It involves a critical authentication bypass flaw, CVE-2022-35843, in the SSH login component of FortiOS. The bug is triggered during the use of Radius authentication. By forging an Access-Challenge response from the Radius server, hackers may log into the target’s device.

Top Scams Reported in the Last 24 Hours


Giveaway scam rides on Elon Musk’s wave
A crypto giveaway scam dubbed Freedom Giveaway is targeting new Twitter followers of Elon Musk, Tesla, and SpaceX. Potential victims are being added to a "Deal of the Year" list on Twitter for this operation. Hackers falsely promise them up to 5000 BTC if they deposit small amounts into an attacker's wallet. The list has so far added 155 members.

Crypto-investment firms in the fray
According to Microsoft, cybercriminal group DEV-0139 is approaching cryptocurrency investment firms’ VIP customers to infect their systems with malware. The adversaries took to Telegram chat groups to identify such targets, win their trust, and then share malicious Excel spreadsheets with them. The campaign also delivers a second payload which is an MSI package for a CryptoDashboardV2 app.

 Tags

freedom giveaway
commonspirit health
fortiproxy
fb account
dev 0139
fortios
fantasy
apt37
cryptocurrency investment firms
agrius apt
vice society ransomware
ie zero day bug
elon musk

Posted on: December 08, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.