Cyware Daily Threat Intelligence, December 24, 2020

Share Blog Post

Christmas is knocking at the door and so are threat actors. A new wave of attacks from the notorious UltraRank threat actor group has been detected. The attack campaign, which remains active to date, is being carried out using a JS-sniffer called SnifLite. So far, the card skimming code has been detected on 12 e-commerce sites, out of which eight are still infected.

Apart from this, the comeback of the powerful Emotet trojan was noticed in a series of fresh phishing campaigns. The trojan, which returned after a two-month hiatus, was found to be revamped to better avoid network defenses and spread other malware as secondary payloads.

Talking more about phishing campaigns, researchers reported that users are being targeted with a fake security alert that pretends to be from Chase. The ultimate goal is to steal the banking information of users.

Top Breaches Reported in the Last 24 Hours

Misconfigured AWS S3 bucket
A misconfigured AWS bucket belonging to 21 Buttons has exposed the personal details of hundreds of social media influencers. The bucket comprised 50 million files that contained full names, bank details, national ID numbers, PayPal email addresses, and the value of sales commissions of individuals. Those caught in the data leak included Carlota Weber Mazuecos, Freddy Cousin Brown, Marion Caravano, Irsa Saleem, and Danielle Metz.

Citrix confirms DDoS attacks
Citrix has confirmed that an ongoing DDoS attack is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled. The attack first came to notice on December 21 after customers reported attacks against Citrix NetScaler Gateway devices.

Top Malware Reported in the Last 24 Hours

UltraRank launches a new campaign
A cybercriminal gang known as UltraRank has launched a new campaign, targeting at least a dozen e-commerce sites to steal payment card data using a JavaScript sniffer called SnifLite. This new series of attacks, which began in November, has infected 12 e-commerce sites, out of which eight still remain infected.

Emotet returns
In an alert issued by Cofense, it has been found that the Emotet trojan has returned this week with a fresh spamming and phishing campaign. The malware has been revamped to include more obfuscation techniques and spread other malware like TrickBot as secondary payloads.

Top Vulnerabilities Reported in the Last 24 Hours

QNAP releases security updates
QNAP has released security updates to fix multiple high-severity vulnerabilities impacting NAS devices running the QES, QTS, and QuTS hero operating systems. The vulnerabilities are tracked as CVE-2020-2503, CVE-2020-2504, CVE-2020-2505, CVE-2020-6903, CVE-2020-2499, and CVE-2020-25. They are related to command injection, cross-site scripting, and hard-coded password.

Top Scams Reported in the Last 24 Hours

Chase phishing scam
A large-scale phishing scam is underway that pretends to be a security notice from Chase. The scam is designed to steal the banking information of users. The fake notice alerts recipients that their accounts have been blocked due to the detection of fraudulent activity. To unlock the account, the recipients are prompted to click on the ‘Restore Now’ button in the email.

 Tags

emotet trojan
ultrarank skimming group
sniflite skimmer
21 buttons

Posted on: December 24, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!