Cyware Daily Threat Intelligence, January 18, 2021

Share Blog Post

Magecart groups are setting their eyes on more digital skimming attacks as they reshape their evasion tactic. They are now hiding their JavaScript skimmers, phishing domains, and other malicious tools behind a bulletproof hosting service called Media Land.

Not a day in cyberland has passed without news about ransomware attacks. Now, the Scottish Environment Protection Agency (SEPA) has disclosed its struggle for almost a month due to the attack. To add more to the woes, the Conti ransomware gang has published around 1.2 GB of data stolen from the agency.

Top Breaches Reported in the Last 24 Hours

SEPA attacked
After a month of the attack, the ransomware gang has published around 1.2 GB of data stolen from the Scottish Environment Protection Agency (SEPA) on the internet. This includes personal information related to the SEPA staff. The agency is currently struggling with the recovery process.

Top Malware Reported in the Last 24 Hours

Bulletproof hosting service
Several Magecart groups are hiding their JavaScript skimmers, phishing domains, and other malicious tools behind a bulletproof hosting service called Media Land. Researchers have found several domains registered with Media Land since 2018 using at least 2 email addresses and other aliases.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable FTTH ONT routers
At least 28 backdoor accounts and several other vulnerabilities have been found affecting the firmware of a popular FTTH OTN router, widely used across South America and Southeast Asia. The issues include problems related to authentication, hardcoded passwords, and privilege escalation.

VoIP vulnerability
Open source servers that power VoIP platforms have been urged to apply software updates owing to the remote code execution vulnerability in CoTURN. Attackers can exploit the flaw to bypass CoTURN servers’ default access control rules and access network services behind the firewall.

Top Scams Reported in the Last 24 Hours

Sextortion scam on a rise
The U.K Police was warned about the increased rate of sextortion scam during the pandemic. For this, the scammers are leveraging Facebook, Zoom, and popular dating apps. Therefore, the federal authorities have asked the citizens to be vigilant of such scams and not share personal details.

Vishing attacks
The FBI has issued a notification of ongoing vishing attacks that are aimed at stealing corporate accounts and credentials for network access and privilege escalation from employees worldwide. During the attack, the attackers trick the targeted employees into logging onto a phishing webpage.

 Tags

javascript skimmers
scottish environment protection agency sepa
ftth ont routers
digital skimming attacks
voip platforms

Posted on: January 18, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!