Cyware Daily Threat Intelligence, February 07, 2020

Evading detection while spreading across the network has always been one of the primary objectives of malicious actors. A new wave of attacks that made use of ‘VBA Stomping’ tactic to hide malicious macros, has been uncovered by security experts. The campaign was active throughout January 2020 and relied on new backdoor malware called MINEBRIDGE to target the financial sector in the US.

The past 24 hours also witnessed a change in technique from RobbinHood ransomware operators. The attackers were found exploiting vulnerable GIGABYTE drives to install a second malicious and unsigned driver in Windows. The purpose behind this is to bypass security solutions while the ransomware continues with its infection process.

In another incident, Emotet trojan operators have been observed using phishing emails to trick email security gateways and target financial institutions in the US and the UK. The campaign, which is active since January, is now directed towards the Philippines, Spain, and India.

Top Breaches Reported in the Last 24 Hours

Kobe Steel Ltd. & Pasco Corp. attacked
Kobe Steel Ltd. and satellite data provider Pasco Corp. had reportedly fallen victim to a series of cyberattacks in August 2016 and May 2018 respectively. However, there is no evidence of leakage of classified information from the two companies. The attack occurred after some of their internal network terminals were infected with a computer virus.

University pays the ransom
The University of Maastricht has paid a Bitcoin ransom of $220,000 to hackers to restore its systems affected in a ransomware attack. The attack had occurred during Christmas Eve, 2019. The source of the infection was a phishing email.

Top Malware Reported in the Last 24 Hours

RobbinHood ransomware
Operators of RobbinHood ransomware are exploiting vulnerable GIGABYTE drivers to install a second malicious and unsigned driver in Windows to terminate antivirus and security software. This enables the ransomware to continue its infection process without interference.

MINEBRIDGE backdoor
The financial service sector in the US saw a barrage of phishing campaigns throughout January 2020. The campaigns were designed to download and deploy a backdoor tracked as MINEBRIDGE. Threat actors behind the campaigns had used ‘VBS Stomping’ to avoid detection.

Malicious apps
VPNpro and Trend Micro have made public 24 and four Android apps respectively, that are capable of downloading malware or conducting ad fraud. These apps have been downloaded 348 million times from the Google Play Store. The four apps detected by Trend Micro includes a malware named AndroidOS_BadBooter.HRX.

Emotet targets banks
Emotet trojan is targeting banks and financial institutions in the US and the UK in a new malware campaign. Apart from the organizations in the US and the UK, the campaign is also directed towards entities in the Philippines, Spain, and India. For this, attackers are sending the malware via phishing emails which contain a malicious Microsoft Word document.

Fake movie sites
Cybercriminals have created over 20 phishing websites and 925 malicious files for Oscar-nominated movies as bait to steal sensitive information from users. This ongoing campaign makes use of Twitter to share links for streaming websites. The post promises the online streaming of full movies for free or for a small fee.

Decryptor for Ransomwared
Emsisoft has released decryption keys for a ransomware that appends the encrypted files with ‘.ransomwared’ extension. The ransomware uses the DES algorithm to encrypt a victim’s files. 

Top Vulnerabilities Reported in the Last 24 Hours

Bluetooth flaw patched
A critical vulnerability in the Bluetooth subsystem has been addressed in the Android operating system. The flaw tracked as CVE-2020-0022, is considered critical on Android Oreo (8.0 and 8.1) and Pie (9). It can allow attackers to run arbitrary code on a target device without user interaction. Attackers can also use this security flaw to spread malware from one vulnerable device to another.

Top Scams Reported in the Last 24 Hours

BEC scam targets Real estate
A large number of scammers are targeting real estate businesses to make huge profits. Some of the methods include spoofing Office 365 and DocuSign pages. The ultimate purpose of the scam is to collect sensitive information from targeted users.

PayPal SMS scam
Scammers are using text messages to lure users into visiting phishing websites. The message tells the recipients that their account has been suspended due to a failed payment request. In order to activate the account, they are required to visit the link embedded in the message.


 Tags

robbinhood ransomware
vba stomping
bec scam
minebridge backdoor

Posted on: February 07, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.