Go to listing page

Cyware Daily Threat Intelligence, December 20, 2021

Cyware Daily Threat Intelligence, December 20, 2021

Share Blog Post

There has been an evolution in fileless techniques employed by threat actors. A new RAT, dubbed DarkWatchman, has emerged in the cybercrime underground that hides in the Windows Registry to slip past security solutions. The malware is distributed via specially-crafted phishing emails to target Russian companies.

In the latest update on Log4j2 vulnerability, Apache has released a new version of the software utility following the discovery of a Denial of Service (DoS) flaw. Meanwhile, lesser-known ransomware named TellYouThePass has resurfaced to exploit the flaw to target both Linux and Windows systems.

Top Breaches Reported in the Last 24 Hours

USCIRF targeted
The U.S. Commission on International Religious Freedom (USCIRF) was reportedly targeted by a backdoor that compromised its internal network. The attack, termed as a classic APT-type operation, was launched to exfiltrate information exchanged with other government agencies.

Sporting websites affected
Around 1.8 million customers’ credit details were stolen following a cyberattack on four popular sporting goods websites. The affected firms are Tackle Warehouse LLC, Running Warehouse LLC, Tennis Warehouse LLC, and Skate Warehouse LLC. Investigations revealed that the stolen information included full names, financial account numbers, and website account passwords of customers.

Clop ransomware targets UK police
Operators of the Clop ransomware stole confidential information from the UK police and leaked it on the dark web. The attack took place in October, and the data gained included the data managed by Dacoll, including that of the Police National Computer (PNC), holding the personal information of 13 million records. 

Top Malware Reported in the Last 24 Hours

New DarkWatchman malware
A new malware named DarkWatchman has emerged in the cybercrime underground. First spotted in early November, the malware is currently distributed via phishing emails with malicious ZIP attachments. It is a highly-capable JavaScript RAT paired with a C# keylogger. 

TellYouThePass ransomware emerges
The TellYouThePass ransomware has re-emerged to exploit the Apache Log4j flaw to target both Linux and Windows systems. The ransomware had remained inactive since the summer of 2020. 

Top Vulnerabilities Reported in the Last 24 Hours

New Log4j patch fixes DoS flaw
A new patch for Log4j has been issued to address a DoS flaw. The flaw affected versions 2.0-alpha1 through 2.16.0. The flaw can be exploited by enabling JavaScript WebSocket connections that trigger the remote code execution attack on unpatched Log4j instances. 
  
Top Scams Reported in the Last 24 Hours

Pfizer impersonated
Threat actors are conducting a highly targeted phishing campaign targeting Pfizer. Believed to have started around August 15, the campaign has been designed to steal business and financial information from victims. The actors use PDF attachments with newly registered domains that appear as official Pfizer sites. The email accounts leverage these domains to bypass email protection solutions.  

 Tags

pfizer inc
clop ransomware
darkwatchman
tellyouthepass ransomware
us commission on international religious freedom uscirf
log4j2 vulnerability

Posted on: December 20, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.