Having the right cyber security posture is the need of the hour as the threat landscape is continuously witnessing a rise in new malware. In a concerning revelation, two new malware - DazzleSpy and Graphite - have been associated with two different sophisticated attack campaigns that occurred in 2021. While the Graphite malware was used by the Fancy Bear APT to target government officials in Asian countries, the new DazzleSpy malware was part of a watering hole attack that targeted Windows, Android, and macOS users.
Furthermore, a new TianySpy malware has also been linked to a malware infection chain attack that dates back to September 2021. Meanwhile, a new ransomware named DeadBolt became the latest malware to target QNAP NAS devices. The ransomware appends .deadbolt extension to the encrypted files.
Top Breaches Reported in the Last 24 Hours
Fancy Bear targets government officials
Threat actors have been found leveraging Microsoft OneDrive services for Command-and-Control (C2) purposes to target high-ranking government officials in West Asia. The campaign is believed to be the work of APT28 aka Fancy Bear group. The campaign exploits the recently discovered remote code execution flaw in MSHTML. The malware used in the campaign is dubbed Graphite.
Hackers hijack Instagram accounts
Cybercriminals are hijacking the Instagram accounts of companies and influencers in a new campaign with an aim to extort the targeted users with a ransom. The attack starts with threat actors sending a message pretending to be from Instagram, and notifying the users of a purported instance of copyright infringement. It is believed that the campaign has been active since 2021 and hackers are selling access to the hijacked accounts for $40,000.
Top Malware Reported in the Last 24 Hours
New DazzleSpy malware
A new malware dubbed DazzleSpy has come to light during the investigation of a watering hole attack targeting Windows and Android users. ESET researchers found that the attack also targeted macOS users and visitors of a pro-democracy radio station website in Hong Kong. Apart from leveraging Chrome and Windows zero-day flaws, the attackers had also exploited a WebKit flaw in the Safari browser as part of the infection chain.
AsyncRAT operators update their tactic
Researchers backtraced an attack campaign in September 2021 and found that the operators of AsyncRAT had used a technique to evade the radar of many security vendors. The campaign which went undetected for 4 to 5 months, leveraged email phishing tactics with an HTML attachment in the initial stage of the infection chain.
New DeadBolt ransomware
New DeadBolt ransomware is encrypting QNAP NAS devices by exploiting a zero-day flaw in the device software. The ransomware appends .deadbolt extension to the encrypted files and drops a ransom note, demanding a ransom of 0.03 bitcoin.
New TianySpy malware
A mobile malware infection chain dating back to September 2021 was used to distribute a new malware dubbed TianySpy. The malware was designed to steal credentials associated with membership websites of major Japanese telecommunication services. It targeted both Android and iPhone users.
Top Vulnerabilities Reported in the Last 24 Hours
PoC for 12-year-old Polkit flaw disclosed
The PoC for a 12-year-old security vulnerability affecting Polkit system utility has been disclosed. Dubbed Pwnkit, the flaw exists in the pkexec component of the system utility and has been assigned the identifier CVE-2021-4034. The flaw was reported to Linux vendors in November 2021, following which patches have been issued by RedHat and Ubuntu.
PrinterLogic patches RCE flaw
PrinterLogic has issued security updates for a total of nine vulnerabilities impacting its Web Stack and Virtual Appliance. Three of these are marked ‘High-Severity’ and are tracked as CVE-2021-42631, CVE-2021-46235, and CVE-2021-42638.