Go to listing page

Cyware Daily Threat Intelligence, February 23, 2021

Cyware Daily Threat Intelligence, February 23, 2021

Share Blog Post

DDoS attacks are intensifying. Threat actors are shifting to different attack methods and new vectors to give federal agencies and security experts a headache. While the FBI has warned about the comeback of TDoS attacks targeting emergency dispatch centers, a researcher has raised concern over the abuse of VPN servers from Powerhouse Management for DDoS attacks. The recent outage on Ukrainian security and defense websites was also a part of an attempt to deploy a DDoS bot.

Apart from DDoS attacks, a new attack technique called Shadow attacks has been demonstrated by a group of academics. Several PDF viewers such as Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular are vulnerable to the attack.

Top Breaches Reported in the Last 24 Hours

Security lapse
Over 600 enterprises, universities, and government agencies may have inadvertently exposed their ServiceNow login credentials due to a flaw in the IT support platform. The issue stemmed from the platform’s ‘Help the Help Desk’ feature that left unencrypted passwords publicly viewable on all ServiceNow instances.

DDoS attacks amplify
Botnet operators are abusing VPN servers provided by Powerhouse Management to bounce and amplify junk traffic as part of DDoS attacks. The root cause of the attack is a yet-to-be-identified service that runs on UDP port 20811 on Powerhouse VPN servers.

TDoS attacks aim at emergency services
The FBI has warned that Telephony Denial-of-Service attacks are being used against emergency dispatch centers in an attempt to block legitimate calls for services. The purpose is to keep the distraction calls active for a longer time to delay or block actual calls.

Ukrainian websites targeted
Ukrainian security and defense websites suffered massive attacks that began on February 18. The threat actor attempted to compromise the websites to deploy a DDoS bot.

Top Vulnerabilities Reported in the Last 24 Hours

Shadow attacks
Researchers have demonstrated a new class of attacks called Shadow attacks that could let attackers replace content in digitally signed PDF documents. The attack is successful on 16 PDF viewers, including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular.

SHAREit fixes bugs
Media4U Technology has fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The flaws could have also led to Man-in-the-Disk (MITD) attacks, allowing attackers to manipulate application resources stored on external storage via code injection.

Top Scams Reported in the Last 24 Hours

Silent Stealing fraud
Think tanks in the U.K are warning about a silent stealing fraud that targets online users. The modus operandi of the fraud involves stealing £10 each from 100,000 customers rather than stealing a large amount directly from a bank. Due to the small amount, this theoretically keeps the scammers under the radar. The tactic is being increasingly used against home workers.

Harvesting credentials
A phishing attack carried out in December 2020 had leveraged the Telegram messaging app’s API to steal victims’ credentials. The API was abused to create malicious domains that helped threat actors bypass secure email gateways.

Austin Energy customers scammed
Texas-based Austin Energy has issued a warning about a scam that threatens customers to pay their pending bills. The scammers pretend to be from the company and warn customers that their utilities will be disconnected if they don’t make immediate payment.

Phishing attack
Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users. The emails appear to come from popular mail couriers such as FedEx and DHL Express.


shadow attacks
tdos attacks
foxit reader
austin energy
adobe acrobat
vpn servers

Posted on: February 23, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.