Go to listing page

Cyware Daily Threat Intelligence, February 03, 2022

Cyware Daily Threat Intelligence, February 03, 2022

Share Blog Post

Cyberattacks due to new malware are intensifying. In the last 24 hours, researchers have uncovered a cryptojacking malware named CoinStomp that is targeting Asian cloud service providers. In another incident, Microsoft has warned about a new variant of UpdateAgent macOS malware that is capable of delivering adware and potentially other threats.

There has also been a report of an SEO poisoning attack campaign that is being actively used to drop BATLOADER and other payloads like Ursnif and Atera Agent malware onto the targeted systems. The attackers are targeting users looking to download video conferencing tools such as TeamViewer, Zoom, or Visual Studio.

Top Breaches Reported in the Last 24 Hours

KP Snacks’ operation disrupted
The manufacturing and distribution operations of British snacks producer Kenyon Produce (KP) Snacks suffered a major disruption following a ransomware attack. The company became aware of the attack on January 28 and immediately took the necessary steps to contain the incident. Conti ransomware group is likely behind the attack.

$322 million stolen
A vulnerability in the Wormhole cryptocurrency platform allowed a threat actor to steal an estimated $322 million worth of Ether cryptocurrency. The attackers exploited the ‘smart contracts’ feature on the platform to hack the portal.

Students’ data impacted
Pellissippi State Community College suffered a ransomware attack that enabled attackers to gain unauthorized access to the personal information of former and current students. However, the incident did not impact the credit card information of students. The compromised personal data included names, email addresses, internal identification numbers, and school passwords.

German oil companies attacked
The BlackCat ransomware group has been held responsible for the recent cyberattacks on two German oil companies. This ultimately affected hundreds of gas stations across northern Germany. The firms took immediate actions as part of their contingency plans.
 
Top Malware Reported in the Last 24 Hours

Newly discovered CoinStomp
A new malware dubbed CoinStomp is targeting cloud services to mine cryptocurrencies. Currently, the malware has targeted multiple cloud service providers in Asia. It employs the Timestomping attack technique and a number of anti-analysis techniques to evade detection. 

SEO poisoning drops malware
A new SEO poisoning campaign is being used in the wild to drop BATLOADER and other payloads like Ursnif and Atera Agent malware onto the targeted systems. The attackers target the victims who are on the lookout for downloading productivity tools like TeamViewer, Zoom, or Visual Studio. The attackers use these software installers as part of their SEO poisoning attack in order to redirect users to false sites.

UpdateAgent evolves
The relatively new macOS malware UpdateAgent has been upgraded to deliver adware and potentially other malicious payloads. One of the latest features also includes its ability to bypass Apple’s built-in Gatekeeper system.

Top Vulnerabilities Reported in the Last 24 Hours

Trend Micro issues patches
Trend Micro recently patches two high-severity vulnerabilities affecting some of its hybrid cloud security products. The vulnerabilities are tracked as CVE-2022-23119 and CVE-2022-23120. They impact Deep Security and Cloud One Workload Security Solutions. The PoC exploits for the same were made available on January 19 and the patches were released last year.

Cisco patches RV routers
Cisco has announced patches for multiple vulnerabilities affecting its Small Business RV160, RV260, RV340, and RV345 series routers. The most severe of these is tracked as CVE-2022-20699 and can allow threat actors to execute arbitrary code on a vulnerable device.

 Tags

ursnif campaign
wormhole cryptocurrency platform
seo poisoning attack
blackcat ransomware
coinstomp
atera agent
batloader

Posted on: February 03, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.