Cyware Daily Threat Intelligence, December 16, 2020

Share Blog Post

 The volume of newly discovered malware is growing in number and has become a major threat. In the past 24 hours, researchers came across three new malware, two of which are related to new variants of SystemBC backdoor and Gitpaste-12 botnet. While the new variant of SystemBC uses the Tor proxy network to encrypt and conceal the destination of its C2 traffic, the new version of Gitpaste botnet comes with exploits for 31 known vulnerabilities affecting web applications, IP cameras, and routers.

The third new malware is dubbed Goontact spyware which is distributed via third-party sites promoting free instant messaging apps. The malware is capable of collecting data such as phone identifiers, contacts, SMS messages, photos, and location information of victims. 

Top Breaches Reported in the Last 24 Hours

Sonoma Valley Hospital affected
California-based Sonoma Valley Hospital (SVH) has notified its 67,000 patients that their personal data may have been exposed in a cyberattack. The incident occurred on October 11, after which the hospital took immediate action to minimize the impact of the attack. Among the records accessed are names, addresses, dates of birth, and insurer group numbers of patients.

45 million images exposed
Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone. Not only was the sensitive personal information unsecured, but malicious folk had also accessed those servers and poisoned them with apparent malware.

Top Malware Reported in the Last 24 Hours

New Goontact spyware
Goontact is a new spyware that is currently being distributed via third-party sites promoting free instant messaging apps related to escort services. The malware, which is used against Chinese speaking countries, is capable of collecting data such as phone identifiers, contacts, SMS messages, photos, and location information of victims.

Gitpaste-12 botnet enhanced
The Gitpaste-12 botnet has returned in a new wave of attacks targeting web applications, IP cameras, and routers. The new variant, known as X10-unix, is a UPX-packed binary written in the Go language, compiled for x86-64 Linux systems. Researchers discovered that the variant harbors exploits for at least 31 known vulnerabilities, seven of which were present in the previous sample.

SystemBC malware evolves
A commodity malware backdoor, SystemBC, has evolved to use the Tor anonymizing network to encrypt and conceal the destination of command and control traffic. The research also highlighted that the backdoor was used in recent Ryuk and Egregor attacks, often used in combination with post-exploitation tools such as Cobalt Strike.

Top Vulnerabilities Reported in the Last 24 Hours

AIR-FI attack
Researchers have uncovered a new data exfiltration technique called AIR-FI that allows the exfiltration of data from air-gapped systems. The technique leverages memory buses for the generation of covert signals, thus eliminating the need for Wi-Fi hardware. For the interception of these signals, Wi-Fi capable devices such as smartphones, IoT devices, and laptops are used.

More details on Urgent/11 flaws
According to a report from Armis, 97% of industrial devices affected by the Urgent/11 vulnerabilities are not yet patched. Furthermore, 80% of devices impacted with CDPwn bugs are still vulnerable to attacks despite the release of security patches.

Vulnerable Medtronic product
Flaws in Medtronic’s MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device. The flaws are tracked as CVE-2020-25183, CVE-2020-25187, and CVE-2020-27252. They can be exploited by an attacker within the Bluetooth range of the vulnerable product.

Vulnerable WP SMTP plugin
Easy WP SMTP WordPress plugin is affected by a vulnerability that could allow attackers to take control of websites. The flaw affects versions below 1.4.2 of the plugin. It is related to an issue in the debug file that is exposed because of a fundamental error in how the plugin maintains a folder.

Apple releases updates
Apple has released updates for a total of 59 vulnerabilities as part of its December 2020 Patch Tuesday. These include 30 flaws that could lead to the execution of arbitrary code. The impacted components are Audio, App Store, Bluetooth, CoreAudio, FontParser, Graphics Drivers, Kernel, ImageIO, Intel Graphics Driver, libxml2, Ruby, WebRTC, and Wi-Fi.


systembc backdoor
urgent11 flaw
gitpaste 12 botnet
sonoma valley hospital
air fi attack
goontact spyware

Posted on: December 16, 2020

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!