Go to listing page

Cyware Daily Threat Intelligence January 21, 2019

Cyware Daily Threat Intelligence January 21, 2019

Share Blog Post

Top Breaches Reported in Last 24 Hours

Russian hackers blamed for DNC hack
The Democratic National Committee(DNC) announced that it was hit by a cyber attack, days after the 2018 midterm elections. According to reports, the hackers posed as State Department Officials to conduct the attack. Dozens of DNC email addresses received spear-phishing emails that contained a PDF attachment. Once the attachment was downloaded, it enabled the attackers to gain access to systems. Investigation shows that the attack was similar to the one launched by Cozy Bear APT during the Presidential election. 

Zero-day virus
Hospital officials at Sudbury's Health Science North disclosed that a computer virus had affected medical record systems. Apart from HSN, this software system is used by 24 other hospitals. Around 75% of systems in HSN are impacted by the zero-day virus. There is no evidence if any patient data was breached in the infection process.

Top Malware Reported in Last 24 Hours

GandCrab returns
The GandCrab ransomware has been spotted with a set of trojans in its recent attack campaign. According to researchers, the attack is initiated by Powershell which is used to launch the first stage of the infection process. Here, the attackers are distributing two variants of GandCrab along with a variant of BetaBot and AZORult. The variant of BetaBot is responsible for gathering information about a machine, looking for analysis and debugging tools and disabling anti-virus and firewall tools. The AZORult sample acts as a secondary payload and its characteristics include harvesting cryptocurrency wallets, extracting credentials saved in FTP/IM/Email clients and listening to C2 server while remaining dormant.

Top Vulnerabilities Reported in Last 24 Hours

Flaw in Cisco Small Business Switch
A critical flaw has been discovered in the Cisco Small Business Switches software. It could allow an unauthorized, remote attacker to bypass the user authentication mechanism and gain full admin control over a device. The flaw is dubbed as CVE-2018-15439 and exists due to the default configuration on the devices - related to the initial login process which cannot be removed. Cisco Small Business 200 Series Smart Switches, 300 Series Managed Switches and 500 Series Stackable Managed Switches are some of the devices affected by the flaw. 

Flaw in Marvel Avastar Wi-Fi
A vulnerability in Marvell Avastar Wi-Fi that can allow threat actors to remotely compromise devices has been discovered by researchers. The flaw can affect devices like laptops, smartphones, gaming tools, routers and IoT devices. Experts found that attackers can exploit ThreadX firmware which is installed on Marvell Avastar 88W8897 wireless chipset and inject malware without any user interaction.

 Tags

azorult infostealer
betabot
gandcrab ransomware
spear phishing emails
zero day virus

Posted on: January 21, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite