Go to listing page

Cyware Daily Threat Intelligence, June 01, 2022

Cyware Daily Threat Intelligence, June 01, 2022

Share Blog Post

FluBot’s down! The FluBot infrastructure that hackers would use to send tens of thousands of SMS messages in an hour to Android users is under the clutches of Dutch police. The situation around the recently disclosed Microsoft bug, Follina, is tense. Several reports have surfaced claiming Chinese hackers are at the forefront of exploiting the bug.

Operations came to a standstill for hospitals and clinics in Costa Rica and at a Foxconn factory in Mexico in the wake of distinct cyberattacks. The latter is being blackmailed for $34 million in BTC.


Top Breaches Reported in the Last 24 Hours


Costa Rica's hospitals and clinics hit
The Costa Rican Social Security Fund (CCSS) was hacked in a major cyberattack. The incident forced the agency to shut its digital record-keeping system down, which impacted nearly 1,200 hospitals and clinics. Patients were advised to cooperate as there could be a delay in carrying out procedures during this situation of emergency.

Lockbit 2.0 encrypts Foxconn’s network
Hackers used the LockBit 2.0 ransomware to lock sensitive personal and company data at a Foxconn factory in Mexico. Threat actors have threatened to leak stolen files on June 11 if the victim doesn’t pay up. The cybercriminals have allegedly demanded more than $34 million in BTC.


Top Malware Reported in the Last 24 Hours


Europol Chasened FluBot
An international law enforcement operation—involving 11 countries—has reportedly curbed the activities of the infamous FluBot Android malware, which had also started infecting iOS devices to steal sensitive information, such as passwords and banking details. The malware’s top attack vector was smishing.


Top Vulnerabilities Reported in the Last 24 Hours


Chinese APT exploits Follina 
The Windows zero-day vulnerability, identified as CVE-2022-30190 or Follina, is being exploited by China-linked TA413 APT to target the International Tibetan community by impersonating its “Women Empowerments Desk.” The SANS Institute also found a document abusing the same flaw. The file’s name was written in a Chinese dialect.

The flaw that’s flawless 
SEC Consult noted a backdoor account on Korenix JetPort industrial serial device servers, through which an unauthorized user can gain full control of the infected devices. Tracked as CVE-2020-12501, the flaw was only made public after a lengthy disclosure process that began in 2020. Reportedly, the backdoor account has the same password on all devices as it’s stored in the firmware. However, it’s no threat, says the vendor.

Zero-day grips Horde Webmail
Threats hover over the users of Horde Webmail as an RCE vulnerability (CVE-2022-30287) may allow attackers to infiltrate the webserver and compromise servers. It can also enable them to intercept emails, and access password-reset links and sensitive documents, which can lead to credential theft of users.


Top Scams Reported in the Last 24 Hours


Faking U.K’s home delivery service
Scammers have erected a fake site (only responsive to mobile browsers) impersonating a home delivery company in the U.K called Evri. The bait includes messages containing an apology for not delivering the latest parcel. The phishing page asks for personal ID, credit card number, and bank details. If entered, one can lose card data and even bank account details to a damagingly ambitious scam.

Non-directed, Runescape-themed phishing
A new phishing email spoofs players of Runescape, the popular free MMORPG title from Jagex. It aims to create a panic by conveying to the players that their address has been accidentally added to someone else’s account and that it needs a quick fix. The victims are requested for the visitor’s authenticator code and also their bank PIN, where players essentially store their valuable items.

 Tags

law enforcement efforts
evri
flubot
costa rican government
rce vulnerability
korenix jetport
foxconn
ta413
home delivery scam
lockbit 20
horde webmail
follina
runescape

Posted on: June 01, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.