Cyware Daily Threat Intelligence, January 27, 2020

Share Blog post

New details have surfaced regarding the massive cyberattack that occurred at Mitsubishi Electric Corp. Sources close to the investigation have revealed that Chinese hackers had exploited a Trend Micro OfficeScan zero-day to plant malicious files on Mitsubishi Electric servers. As a result of the attack, files with corporate technical materials, sales materials, and others were compromised.

A new version of the notorious Ryuk ransomware has also been detected by security researchers. The new variant is being used against the government, military, and finance sectors to steal confidential files. It implements a new file content scanning feature to search additional keywords in the filenames for data exfiltration.

In other developments, Cisco has patched a ‘high-severity’ vulnerability found in its Webex Meetings Suite sites and Cisco Webex Meetings Online sites. The vulnerability could allow unauthenticated users to join Webex meetings without the need for any authorization.

Top Breaches Reported in the Last 24 Hours

Tillamook county attacked
A cyberattack has knocked out the phone lines and internet for Tillamook county in Oregon. The incident has forced the local government agencies, news reports, and official accounts to use pen and paper. The IT department has confirmed that computers in various departments have been hit with encrypting malware.

Update on Mitsubishi attack
A new investigation reveals that Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus to launch attacks against Mitsubishi. Trend Micro has now patched the vulnerability, but it did not comment if the zero-day was used in other attacks beyond Mitsubishi Electric.

Tampa Bay Times hit 
The Florida-based US news organization, Tampa Bay Times, has been affected in a Ryuk ransomware attack on January 23, 2020. It is unclear how the attack occurred. However, the company has reported that malicious hackers did not compromise any data such as payment or customer information. The Tampa Bay Times expects to recover by restoring its systems from backup files.

The city of Postdam affected
The German city of Potsdam suffered a major cyberattack that took down its servers earlier this week. However, the incident has not affected the city’s emergency services such as the fire department and the finance department.

Top Malware Reported in the Last 24 Hours

Ryuk evolves
A new version of Ryuk ransomware has been found targeting the government, military, and finance sectors. The malware has been enhanced to steal confidential files from these sectors. The new variant implements a new file content scanning feature to search additional keywords in the filenames for data exfiltration.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco Webex vulnerability
Cisco has patched a ‘high-severity’ vulnerability discovered in its Webex Meetings Suite sites and Cisco Webex Meetings Online sites. The vulnerability, tracked as CVE-2020-3142, could allow unauthorized users to join password-protected Webex meetings. For the authentication bypass, attackers would need to initiate the connection from iOS or Android versions of the Webex mobile app.

Updates on Citrix ADC bug
Citrix has released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its appliances. However, researchers warn that even if a Citrix software is no longer vulnerable, it does not necessarily mean that no harm was done before patching. In one incident, the attackers had exploited the vulnerability to NOTROBIN backdoor which gained persistence via a cron entry.

 Tags

ryuk ransomware
citrix adc bug
cisco webex
mitsubishi electric

Posted on: January 27, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!