Go to listing page

Cyware Daily Threat Intelligence, January 27, 2021

Cyware Daily Threat Intelligence, January 27, 2021

Share Blog Post

The world’s most resilient malware in the wild, Emotet, is finally down. Kudos to the joint effort of law enforcement agencies and authorities from different countries who made it possible in a coordinated operation that lasted two years. The damage caused by the trojan is estimated to be in millions of dollars.

While one trojan is down, another trojan is roaring back to relevancy after laying dormant for seven months. According to researchers, a new variant of the DanaBot is active, since October 2020, with an updated C2 server and anti-analysis features.

A new version of the NAT Slipstreaming attack has also been unfolded by researchers that can expand attackers’ reach into devices within internal networks.

Top Breaches Reported in the Last 24 Hours

New report on SolarWinds attack
A new report reveals that up to 18,000 SolarWinds customers may have received the trojanized updates for its Orion monitoring product. As a result, this enabled the attackers to deploy backdoor on victims’ systems, allowing them to plant more malware.

Dairy Farm attacked
Retail giant Dairy Farm was attacked by the REvil ransomware, following which the attackers demanded $30 million in ransom. Allegedly, the attackers had access to information for 7 days after the attack.

Top Malware Reported in the Last 24 Hours

Emotet’s infrastructure destroyed
The infrastructure of the Emotet botnet has been taken down in a coordinated effort between law enforcement authorities from several countries. Two of the main servers for the infrastructure were based in the Netherlands and a third in another country. The damage caused by the malware is estimated to be in hundreds of millions of euros. The investigation into Emotet and identifying the cybercriminals responsible for running it is still ongoing.

New variant of DanaBot
A new version of DanaBot trojan has been found to be active since October 2020. The trojan includes an updated C2 server and several anti-analysis features.

Top Vulnerabilities Reported in the Last 24 Hours

NAT Slipstreaming attack 2.0
A new variant of the NAT Slipstreaming attack, that can bypass mitigations for the previous version of the attack and expand the attacker’s reach, has been uncovered by researchers. The devices at risk to the latest version include printers exposed through the default printing protocol, industrial controllers using unauthenticated protocols, and IP cameras that have an internal webserver secured with default credentials. 

Apple releases updates
Apple has released emergency updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities. The flaws are tracked as CVE-2020-1782, CVE-2020-1870, and CVE-2020-1871. They could allow an attacker to elevate privileges and achieve remote code execution.

Baron Samedit flaw
A 10-year-old flaw, named Baron Samedit, impacting a large chunk of the Linux ecosystem has been patched in the Sudo app. The flaw, which has received the CVE identifier CVE-2021-3156, can allow an attacker with a low privilege account to gain root access to the system.

Cisco patches a DNA bug
A cross-site request forgery vulnerability in the Cisco Digital Network Architecture (DNA) Center can open enterprise users to remote attack and takeover. The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center. It has been fixed in the software releases 2.1.1.0, 2.1.2.0, 2.1.2.3, and 2.1.2.4, and later.

 Tags

emotet
baron samedit flaw
danabot trojan
nat slipstreaming attack
solarwinds attack

Posted on: January 27, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.