Cyware Daily Threat Intelligence December 5, 2018

Top Breaches Reported in the Last 24 Hours

NRCC hack
The National Republican Congressional Committee (NRCC) was hacked and thousands of sensitive emails stolen. Four of NRCC's senior aides' email accounts were surveilled for months by the attackers. GOP House leadership, including House Speaker Paul Ryan and House Majority Leader Kevin McCarthy, were not alerted of the hack until recently. The FBI was alerted of the incident and an internal investigation was launched as well.

Healthcare breach
The websites of four Montreal regional health boards (CIUSSS) were knocked offline by a cyberattack. The sites of the CIUSSS Centre-Ouest-de-l'Île-de-Montréal, Nord-de-l'Îe-de-Montréal, l'Ouest-de-l'Îe-de-Montréal, and Centre-Sud-de-l'Île-de-Montréal have been offline since November end. Fortunately, the attack did not result in compromising the personal data of patients. 

Marijuana hack
A Florida-based medical marijuana provider's website accidentally leaked customer data. AltMed, which does business as MüV, discovered the breach thanks to a customer who sounded the alarm. AltMed's was taken down and remains offline as a precaution. The breach was caused by a website flaw.

Top Malware Reported in the Last 24 Hours

New Ursnif variant
A new variant of the prolific banking malware Ursnif was recently discovered. The new Ursnif variant was found being distributed via a malspam campaign and targeting victims in Italy. The malware's initial dropper is an obfuscated JavaScript. It creates a batch file and generates a lot of noise by attempting to connect to fake domains. The new Ursnif variant also makes debugging harder by making a new copy of itself. It uses registry keys to remain persistent in the infected system. 

Ransomware attack
A new unnamed ransomware variant struck thousands of victims in China. The ransomware infected around 20,000 Windows systems. The attackers operating the ransomware demanded $16 in bitcoins and used mainly Chinese apps to deliver the malware. The ransom payments are requested via WeChat payment service which is only available in China and adjoining region. Victims have complained to be infected with the ransomware after installing social media-themed apps. The ransomware also included an information-stealing component that harvested login credentials for several Chinese online services like Alipay, Baidu Cloud, NetEase 163, Tencent QQ, Tmall, and Jingdong. 

Top Vulnerabilities Reported in the Last 24 Hours

CoAP and MQTT flaws
Researchers have discovered major design flaws and vulnerable implementations in Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). The researchers discovered over 200 million MQTT messages and over 19 million CoAP messages being leaked by servers. The flaws provide attackers with millions of exposed records. Researchers also identified a few vulnerabilities tracked as CVE-2017-7653, CVE-2018-11615, and CVE-2018-17614. 

Top Scams Reported in the Last 24 Hours

London Blue
A group of online scammers, called London Blue, has generated a list of 50,000 CFOs, which then they used to launch BEC scams. The list was discovered by the security firm Agari after the scammers targeted the firm with one of its scams. London Blue is primarily targeting mortgage companies. Such scams are believed to focus on stealing real estate purchases or lease payments. The scammers sent out phishing emails but they didn't contain any malware, which made it difficult to detect the malicious emails. London Blue is likely based in Nigeria but has members in the UK and the US as well. The group operates as a modern corporation. Its members carry out specialized functions, including business intelligence, sales management, email marketing, and more.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.