Cyware Daily Threat Intelligence, January 08, 2020

Share Blog post

The detection of new malware samples indicates the level at which cyber threats are evolving. In the past 24 hours, security researchers have spotted two new malware that are capable of wreaking massive havoc in organizations worldwide. The newly discovered malware are LiquorBot and SNAKE ransomware. While LiquorBot is a Mirai-inspired botnet that incorporates Monero cryptocurrency mining features, the SNAKE ransomware contains a much higher level of obfuscation to evade detection. The ransomware, once installed, kills several processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.

In a major security update, Google Android’s January 2020 Patch Tuesday has issued fixes for 40 vulnerabilities affecting its multiple components. While 33 flaws exist in Kernel, Qualcomm, and Qualcomm closed-source components, there are seven flaws that affect Framework, Media framework, and System.

Top Breaches Reported in the Last 24 Hours

Focus Camera website compromised
The website of the photography and imaging retailer Focus Camera got hacked last year by Magecart attackers. To hide the malicious traffic, the attackers registered a fake domain ‘zdsassets.com’ that resembles the legitimate domain ‘zdassets.com.’ The attackers injected malicious code into the website to steal customers’ payment card details.

Alomere Health affected
Minnesota-based hospital operator Alomere Health has issued a data breach notice that may have impacted nearly 50,000 patients. The incident occurred after a malicious actor gained access to two employees’ email accounts in late October and early November. The compromised data includes names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis, and treatment details information.

Top Malware Reported in the Last 24 Hours

LiquorBot
LiquorBot is a new Mirai-inspired botnet that is still under development. The botnet, which is written in Go language, incorporates Monero cryptocurrency mining features. It spread through SSH brute-forcing or by exploiting unpatched vulnerabilities in selected router models. LiquorBot targets a wide range of CPU architectures ranging from ARM and ARM64 to x86, x64, and MIPS.

SNAKE ransomware
SNAKE is a newly discovered ransomware written in Go language and contains a much higher level of obfuscation to evade detection. Once installed, the ransomware removes the computer’s Shadow Volume Copies and then kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. When encrypting a file, it appends a random five-character string to the file’s extension.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft’s information disclosure flaw
An information disclosure vulnerability affecting Microsoft Access can cause sensitive data from system memory to be unintentionally saved in database files. The flaw tracked as CVE-2019-1463, affects Office 2010, 2013, 2016, 2019, and 365 ProPlus. The vulnerability is also dubbed as ‘MDB Leaker’ and has been fixed in December 2019.

Google patches 40 flaws
Google has released patches for 40 vulnerabilities in the first Android security bulletin for 2020. The patches include a fix for a critical flaw in the Media framework. Apart from this, fixes have been issued for 33 flaws affecting Kernel, Qualcomm, and Qualcomm closed-source components.

Top Scams Reported in the Last 24 Hours

Microsoft phishing scam
An attacker is taking advantage of the recent warnings about possible Iranian cyberattacks in an attempt to collect Microsoft login credentials. The email that pretends to be from ‘Microsoft MSA’, has an email subject of ‘Email user hit by Iran cyber attack’ warning. The email goes on to say that in response to this attack, Microsoft was forced to protect its users by locking their email and data on Microsoft’s servers. To gain full access again to this locked data, the phishing email prompts the recipients to log in to their account by clicking on a ‘Restore Data’ button. This redirects to a phishing landing page that is disguised as a Microsoft login form.

 Tags

alomere health
liquorbot
qualcomm
snake ransomware
information disclosure vulnerability

Posted on: January 08, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!