Cyware Daily Threat Intelligence, December 22, 2020

Share Blog Post

Cybercriminals are no different than the rest of us when it comes to committing mistakes. In an interesting twist, an unnamed RAT linked to Magecart attackers has inadvertently leaked the names of 41 e-commerce sites due to a configuration issue. The mistake was a part of the dropper feature included in the RAT.

In other news, two major ransomware attack incidents were reported in the past 24 hours. One of them was related to the newly discovered Hades ransomware that targeted Forward Air. The second ransomware attack was launched against the city of Ellensburg, Washington, potentially impacting all government services.

Top Breaches Reported in the Last 24 Hours

Now: Pensions data leak
Workplace pension provider Now: Pensions has emailed around 1.7 million U.K customers about a data leakage caused by contractor error. The compromised records include personal data such as names, email addresses, and dates of birth.

500 GB data leaked
A database of 500 GB belonging to USB Insurance Services has been leaked online for free on a popular Russian hacking forum. The data includes scans of sensitive documents such as social security numbers and account balances.

The city of Ellensburg affected
Officials from the City of Ellensburg, Washington, have confirmed falling victim to a ransomware attack. The impact of the attack is still unknown. However, it is reported that all city departments are affected. This includes the utility billing system, administrative services, and financial services. The city is currently working with both local and federal law enforcement agencies to assess the situation.

Forward Air hit
Trucking giant Forward Air has been hit by the new Hades ransomware gang. The incident occurred on December 15 and affected the functionality of certain computer systems. The company has initiated response protocols and engaged the services of cybersecurity professionals as part of its security measure.

EXMO hacked
British cryptocurrency exchange EXMO has been breached by attackers who withdrew almost 5% of total assets after compromising its hot wallets. The firm has suspended all withdrawals after detecting suspicious withdrawals starting from December 21.

Top Malware Reported in the Last 24 Hours

RAT dropper spills the bean
A stealthy RAT had leaked a list of names of online stores which was included within its dropper code. The unnamed malware was delivered in the form of a 64-bit ELF executable with the help of a PHP-based malware dropper. To evade detection, the RAT was concealed in a DNS or an SSH server daemon. In total, the list included the names of 41 compromised sites.

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched Kubernetes flaw
Kubernetes Product Security Committee has disclosed a yet-to-be-patched vulnerability assigned CVE-2020-8554, The flaw stems from a design issue in two features of Kubernetes Services: External IPs and Load Balancer IPs. Adversaries can exploit the flaw to launch MITM attacks and harvest credentials from network traffic.

Top Scams Reported in the Last 24 Hours

Phishing campaign
Security researchers have discovered a new phishing campaign that uses a message purportedly from the New York’s Department of Labor. The main intention of the campaign is to trick users into sharing their personal information with scammers. To make it more convincing, the email appears to come from a sender address ‘noreply@labor[.]ny.gov’. The message claims that the government will administer a $600 relief fund to those who fill out the indicated form.

 Tags

hades ransomware
usb insurance services
city of ellensburg
forward air
magecart attackers

Posted on: December 22, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!