Email phishing attacks are never out of fashion for cybercriminals. Now, researchers have detected a cyberespionage campaign that went unnoticed for over a year. The campaign, which was targeted against the oil and gas sector, was used to distribute a variety of RATs such as Agent Tesla, AZORult, Formbook, Loki, and Snake Keylogger.
Zloader and Hancitor malware operators have also been found adding a new twist to the infection processes by modifying the phishing email attacks. In another form of a phishing attack, users were duped via live chat platforms that ultimately caused the download of malware.
Top Breaches Reported in the Last 24 Hours
Maryland town impacted
A Maryland town was taken offline following the massive ransomware attack at Kaseya. This occurred due to the town’s IT management company, JustTech, that was using the vulnerable VSA server.
CNA reports a data breach
Insurance giant CNA Financial Corporation is notifying customers about an attack by Phoenix CryptoLocker ransomware in March, which affected over 75,000 individuals. CNA reported that threat actors stole a limited amount of information, such as names and social security numbers before deploying the ransomware.
Morgan Stanley reports a breach
Morgan Stanley has disclosed a data breach that occurred following the hack into a third-party Accellion FTA server. The documents stolen during the incident include names, addresses, dates of birth, SSNs, and company names of stock plan participants.
Top Malware Reported in the Last 24 Hours
Hancitor’s new technique
Researchers have spotted a new infection technique employed by threat actors using Hanictor malware. This involves recipients receiving an email with a fake DocuSign template that includes a link to a malicious Google site.
Zloader’s new technique
A new technique associated with the delivery of Zloader has also been introduced. The initial attack vector is a phishing email with a Microsoft Word document attachment. When the document is opened, the macros get enabled to further activate the infection process.
Agent Tesla returns
A sophisticated campaign that targets large companies in the oil and gas sectors has been underway for more than a year. The campaign, which begins with spear-phishing emails, is being used to drop various RATs on infected machines, including Agent Tesla, AZORult, Formbook, Loki, and Snake Keylogger.
Spreading malware through phishing
A phishing scheme that originates via live chat platforms has been found spreading malware. The tricksters pretend to be customers and contact online support agents for problems that actually do not exist. They trick the agents into opening malicious websites that cause the download of the malware.
Top Vulnerabilities Reported in the Last 24 Hours
Dell patches flaws
Dell has patched bugs in the Wyse Management Suite (WMS) that could have put administrative sessions at risk. The flaws are tracked as CVE-2021-21586 and CVE-2021-21587.
Coursera API vulnerabilities
Coursera has resolved a set of API vulnerabilities found in its platform. The issues included an enumeration via password reset function error and misconfiguration issues in GraphQL and REST API. One of the main issues was related to a Broken Object Level Authorization (BOLA) flaw that could expose endpoints handling object identifiers to wider attacks.
Cisco issues patches
Cisco has addressed high severity flaws in Business Process Automation (BPA) and Web Security Appliance (WSA) that could have exposed users to privilege escalation attacks. The flaws are tracked as CVE-2021-1574 and CVE-2021-1576.