Go to listing page

Cyware Daily Threat Intelligence, December 21, 2021

Cyware Daily Threat Intelligence, December 21, 2021

Share Blog Post

Meet TimeTime ransomware which has added a twist to its double extortion strategy. The ransomware, which is written in C#, asks for ransom in the form of 100 euros via Paysafecard from victims to decrypt their encrypted files. In other news, a new sophisticated phishing campaign that affected millions of users in over 90 countries has come to the notice of researchers. The campaign is estimated to have cost victims approximately $80 million per month.

Coming to the new updates on Log4j threats, hackers have now started distributing the infamous Dridex trojan by exploiting the flaw. The computer network and email services of the Belgian Defense Ministry were also disrupted in a cyberattack involving the exploitation of Log4Shell. 

Top Breaches Reported in the Last 24 Hours

Ubisoft announces a data breach
Ubisoft has announced a data breach that affected Just Dance, one of its popular video game franchises. The incident occurred due to a misconfiguration issue that exposed GamerTags, profile IDs, and device IDs, and dance videos of a limited number of users. 

Belgium’s Defense Ministry hacked
Hackers breached the Belgian Defense Ministry’s network by exploiting the Log4j flaw. This affected its computer network, including the mail system used by the department. The officials roped in a security team to mitigate the issues.

Israeli sites hacked
Two Israeli hiking sites - Tiyuli and Lametayel - were hacked and information of millions of users were put for sale on underground forums. The leaked data includes emails, addresses, photos, and phone numbers of users. 

Top Malware Reported in the Last 24 Hours

TimeTime ransomware
A new ransomware, dubbed TimeTime, has emerged in the threat landscape recently. It uses the double extortion strategy to ask for ransom from victims. The interesting aspect of ransomware is that it asks the victims to pay 100 euros via Paysafecard. 

Dridex trojan emerges
The Log4j vulnerability is currently being exploited to distribute the Dridex trojan on Windows and Linux devices with Meterpreter. The malware is capable of installing additional payloads and taking screenshots, among other malicious actions.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues patches
Microsoft warned customers to patch two privilege escalation flaws affecting Active Directory domains. The flaws, tracked as CVE-2021-42287 and CVE-2021-42278, can be abused by attackers to take over Windows domains. 

Flawed VoIP firmware
A flaw found in the firmware of a widely used VoIP appliance from Auserswald could have allowed attackers to gain full administrative access to the devices. Tracked as CVE-2021-40859, the flaw has a severity rating of 9.8 and affects the firmware of COMpact 5500R PBX. The firmware has been updated to address the flaw.

Flaws in the handover mechanism identified 
Researchers discovered multiple security vulnerabilities in the handover mechanism implemented by all cellular networks. The flaws can be exploited to launch Denial-of-Service (DoS), and Man-in-the-Middle (MiTM) attacks. 

Top Scams Reported in the Last 24 Hours

Phishing campaign costs millions of dollars
A new sophisticated phishing campaign that is estimated to have cost victims approximately $80 million per month, has been uncovered by researchers. The campaign offers fake giveaways and surveys from popular brands in order to steal data from victims. So far, the campaign has targeted users in over 90 countries including the U.S., Canada, and Italy.

 Tags

man in the middle mitm
denial of service dos
handover mechanism
apache log4j vulnerability
dridex trojan
timetime ransomware

Posted on: December 21, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.