Cyware Daily Threat Intelligence, January 06, 2020

See All
Losses due to Business Email Compromise scams are skyrocketing and it’s no wonder that scammers love this approach. Lately, the Colorado Town of Erie has lost more than $1 million after an unsuspected employee fell victim to a phishing email. The email appeared to come from a construction firm that is involved in the building of the Erie Parkway bridge. The Town of Erie staff along with the Federal Bureau of Investigation are currently working on recovering the funds lost to the BEC scammers.

In malware attacks, a new variant of Clop ransomware that is capable of terminating 663 Windows processes has been uncovered by security researchers. This new malware variant utilizes a new .ClOp extension, rather than the .CIop or .Clop extensions used in previous versions. A new variant of the infamous Rowhammer attack called JackHammer has also been uncovered in the past 24 hours. The attack uses a hybrid FPGA and CPU setup to conduct more efficient attacks on various forms of PC memory.

Top Breaches Reported in the Last 24 Hours

HappyHotel discloses a security breach
HappyHotel, a Japanese search engine for finding and booking hotel rooms, has disclosed a security breach at the end of the last year. The firm has reacted to the incident by suspending its website. The type of data that hackers might have accessed included details such as real names, email addresses, login credentials, birth dates, gender information, phone numbers, home addresses, and payment card details.

Austria’s foreign ministry attacked
Austria’s foreign ministry had fallen victim to a cyberattack which is suspected to have been conducted by a foreign state. The attack took place on January 4 and it was quickly detected. Authorities immediately adopted defensive measures to protect their infrastructure. It is not clear if the hackers gained access to sensitive data.

Website of Federal Depository Library program defaced
A group of Iranian hackers has defaced the website of the Federal Depository Library program and replaced the home page with a page titled ‘Iranian Hackers!’. In the last couple of hours, numerous websites were defaced as revenge against the US.

Top Malware Reported in the Last 24 Hours

Clop ransomware evolves
Clop ransomware has now evolved to terminate 663 Windows processes before encrypting files. The processes include new Windows 10 apps, popular text editors, debuggers, programming languages, terminal programs, and programming IDE software. Apart from disabling a number of processes, this Clop variant also utilizes a new .ClOp extension, rather than the “.CIop” or “.Clop” extensions used in previous versions.

Top Vulnerabilities Reported in the Last 24 Hours

JackHammer attack
A new variant of the Rowhammer attack, called JackHammer, has been demonstrated by security experts. JackHammer uses a hybrid FPGA and CPU setup to conduct more efficient attacks on various forms of PC memory. Such attacks can allow a malicious party to abuse FPGA cards to launch better and faster Rowhammer attacks. The research team has listed several mitigations to secure cloud computing platforms against JackHammer. They include the use of hardware monitoring, partitioning CP cache, CPU cache pinning, increased refresh rates for DRAM memory, and more.

Top Scams Reported in the Last 24 Hours

Colorado Town of Erie loses over $1 million
Colorado Town of Erie has lost over $1 million in a business email compromise (BEC) scam. The phishing email was sent to an unsuspected town’s employee. The fraudsters used an electronic form on the town’s website to request a change to the payment information on the building contract for the Erie Parkway bridge awarded to SEMA Construction in October 2018. Although the town staff had checked some of the information on the form for accuracy, they did not verify the authenticity of the submission with SEMA Construction and hence ended up in the fraudulent transfer of $1.01 million to fraudsters’ accounts.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, January 07, 2020
Next
Cyware Daily Threat Intelligence, January 03, 2020
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.