Cyware Daily Threat Intelligence, December 29, 2020

Share Blog Post

Beware! you can be the next victim of a phishing scam that involves the use of Facebook ads. It has been found that threat actors have stolen over 600,000 user credentials across the globe by redirecting them to phishing pages. To make it look convincing and trick more users, the crooks used the Bitly URL shortener tool as part of the phishing campaign.

Besides this, a new credential stealer malware written in AutoHotkey scripting language has been used as part of an ongoing campaign that started in early 2020. The primary targets of the campaign are bank users in the U.S. and Canada.

The past 24 hours also witnessed a new turning point in the way skimming attacks take place. Researchers have found a new credit card skimmer that is capable of affecting multiple e-commerce hosting platforms.

Top Breaches Reported in the Last 24 Hours

2.5 million users’ data dumped
A threat actor is selling a database that includes the data of nearly 2.5 million customers of Italy-based service provider Ho Mobile. The compromised data includes customers’ phone numbers and ICCID that can be exploited for SIM swap attacks.

Kawasaki discloses breach
Japan’s Kawasaki Heavy Industries has announced a security breach that occurred due to unauthorized access to a company’s server. The early investigation highlights that some information from overseas offices may have been leaked to external parties. At this time, the company has found no evidence of information leak to the external network.

MP email accounts hacked
The email accounts of multiple Finnish members of parliament were compromised following a cyberattack. The malicious activity was detected by the parliament’s security team during the fall of 2020. It is currently being investigated by the National Bureau of Investigation (NBI).

Sangoma Technologies affected
Sangoma Technologies has fallen victim to the attacks from Conti ransomware. Reportedly, the attackers have posted 26GB of confidential data stolen from the firm online. The attack had occurred on December 24, 2020. Among the leaked data, includes the company’s financial, accounting, acquisitions, employee salary and benefits information, and legal documents.

Broker Freedom Finance data leaked
A cyberattack at Broker Freedom Finance resulted in the data leak of about 16,000 of its clients. The incident occurred after one employee fell victim to a phishing email.

Whirlpool targeted
Nefilim ransomware operators have leaked data belonging to Whirlpool after a failed ransom negotiation. The first batch of data includes documents related to employee benefits, accommodation requests, and medical information requests, among other info.

Top Malware Reported in the Last 24 Hours
 
Multi-platform credit card skimmer
A recently discovered multi-platform card skimmer has been found on e-commerce sites powered by Shopify, BigCommerce, Zencart, and Woocommerce. The attack campaign has been active since August 2020.

New AutoHotkey malware
A new credential stealer malware written in AutoHotkey scripting language has been used as part of an ongoing campaign that started in early 2020. Customers of financial institutions in the U.S. and Canada are among the primary targets, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank. The infection chain commences with a malware-laced Excel file that includes a VBA macro.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches a bug
Google has patched a bug in its feedback tool incorporated across its services. The flaw could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw stems from a lack of X-Frame-Options header in the Google Docs domain.

Top Scams Reported in the Last 24 Hours

Facebook phishing scam
Once again, Facebook ads have been misused by cybercriminals in a large-scale phishing scam to steal victims’ login credentials. The scam redirects users to GitHub where the actual phishing pages reside. The targeted users are from a number of countries including Egypt, the Philippines, Pakistan, and Nepal. So far, more than 615,000 users have been targeted in the scam.

 Tags

facebook ads
nefilim ransomware operators
autohotkey malware
whirlpool
credit card skimmer

Posted on: December 29, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!