Go to listing page

Cyware Daily Threat Intelligence, January 19, 2022

Cyware Daily Threat Intelligence, January 19, 2022

Share Blog Post

There’s a new Golang-based bot in town. Researchers have uncovered details about a new malicious IRC bot, programmed in Golang, that is being used to launch DDoS attacks against Korean users. Attackers are distributing it via file-sharing websites such as Korean WebHards.

A piece of caution for Microsoft Office 365 users to avoid sharing their login credentials as phishers are back with a unique trick in a new phishing campaign. Threat actors are impersonating the United States Department of Labor (DoL) websites to redirect aspiring government vendors to phishing sites. Meanwhile, the FBI has also issued an advisory for QR code scams that cause the loss of personal information and money.

Top Breaches Reported in the Last 24 Hours

Moncler discloses a ransomware attack
Italian luxury fashion giant Moncler disclosed that it suffered a cyberattack from BlackCat ransomware. Following the attack, the operators published the stolen data on the dark web forum. The attack occurred in the last week of 2021. Moncler confirmed that stolen data included information related to its employees, former employees, suppliers, consultants, business partners, and customers.

OpenSubtitles discloses a data breach
OpenSubtitles revealed details about a data breach that occurred last year. The firm eventually had to pay a ransom to the attackers to contain the attack that affected the data of over 6.7 million users. The exposed information included email addresses, usernames, and MD5 password hashes.

Top Malware Reported in the Last 24 Hours

DDoS IRC bot
An IRC bot written in Golang is being used to launch DDoS attacks against users in Korea. The bot is distributed through adult games posted on file-sharing websites such as Korean webhards. Once the malicious game is downloaded, it establishes connections with a remote C2 server to retrieve additional malware, including the malicious IRC bot.

Top Vulnerabilities Reported in the Last 24 Hours

Zoom vulnerabilities impact clients
Two vulnerabilities disclosed in Zoom could have led to remote exploitation in clients and MMR servers. The flaws are related to a buffer overflow issue and an information disclosure issue. Both the vulnerabilities have been patched by Zoom.

Flaws in the MY2022 app
Two flaws detected in the MY2022 mobile app, the official app for the Beijing 2022 Winter Olympics, could have allowed attackers to launch Man-in-the-Middle (MitM) attacks. The issues were disclosed in December 2021 and are yet to be fixed.

Top Scams Reported in the Last 24 Hours

Tenino City loses over $280,000
The City of Tenino fell victim to a fraudulent scheme that resulted in a loss of $280,309. A series of phishing emails were sent to multiple public employees in Washington state who were also members of the Washington Municipal Clerks Association. These emails prompted the recipients to make payments that were not approved by the city council.

New 02 scam
A new cold-calling 02 scam targeted customers in the U.K. with fake discounts and free phone contracts in return for a one-time security code. This enabled scammers to gain access to the personal details of users. The modus operandi of the scam involves scammers asking for phone numbers from users to be entered in the ‘02 sign-in page’, which is used as a lure to avail the discount.

FBI warns about QR code phishing scam
Cybercriminals are taking advantage of QR code scans to redirect victims to malicious sites that steal data or money. The FBI has sent out an advisory to warn users of phishing scams leveraging QR codes. The users must cross-check any URL generated by a QR code before making payments.

Office 365 credentials stolen
A new phishing campaign impersonating the United States Department of Labor (DoL) targeted aspiring government vendors in a bid to pilfer their Office 365 credentials. The campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites. The emails are sent from spoofed domains that mimic the legitimate DoL website.

 Tags

tenino city
moncler
microsoft office 365 users
opensubtitles
ddos irc botnet
united states department of labor dol

Posted on: January 19, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.