Go to listing page

Cyware Daily Threat Intelligence, June 08, 2022

Cyware Daily Threat Intelligence, June 08, 2022

Share Blog Post

After an alliance with QBot threat actors, the Black Basta ransomware group threw another surprise with its ability to target VMware ESXi servers. Users also need to watch out for the new FakeCrack malware campaign that can rob them of crypto assets.

Breaches made it worse for a Massachusetts-based healthcare organization that exposed the sensitive data of millions of individuals. A couple of gun shops also revealed card skimming attacks on their e-commerce sites.


Top Breaches Reported in the Last 24 Hours


Data Leak at a major healthcare group
Personal records of nearly two million people directly-indirectly associated with Shields Health Care Group were laid bare by a cyberattack. Hackers accessed databases that contained names, SSNs, house addresses, diagnosis, billing information, insurance information, medical records, and other medical or treatment information. 

??Data looted off gun retailers
Online shops of Rainier Arms and Numrich Gun Parts, gun shops in America, suffered card skimmer infections. Hackers stole payment details of customers from Rainers Arms between June 1, 2021, and January 19, 2022, whereas they entered Numrich’s network between January 23, 2022, and April 5, 2022.

Top Malware Reported in the Last 24 Hours


Black Basta aims at VMs on Linux servers
The Black Basta ransomware can now encrypt data stored on VMware ESXi Virtual Machines (VMs) running on the Linux network. Uptycs analysts opine that attackers are expanding the attack surface. Black Basta is active since April and practices a double-extortion attack model. Recently, its partnership with QBot came to the spotlight.

New strains of Cuba ransomware
Trend Micro noted updates in a Cuba ransomware strain during March and April. The samples from that period used a custom downloader for the staging phase of the infection routine, dubbed BUGHATCH. Meanwhile, researchers found a new variant in late April that was directed at two organizations based in Asia. While there is a slight difference in their ransom notes, they follow the same onion site.

CCleaner users on the target
Avast disclosed a new malware distribution campaign, dubbed FakeCrack, that distributes pirated copies of the CCleaner Pro Windows optimization program. It is capable of stealing users’ passwords, credit cards, and crypto-wallets. Researchers claimed to have found a daily average of 10,000 infection attempts at its customers. A large chunk of victims is located in France, Indonesia, Brazil, and India.

Top Vulnerabilities Reported in the Last 24 Hours


Dogwalk: Another zero-day in MSDT
Free unofficial patches were released against a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT). The security bug has not been assigned any CVE number but is referred to as Dogwalk. It is described as a two-click RCE attack that an attacker can exploit to copy an executable to the Windows Startup folder when a victim opens a maliciously crafted file.

 Tags

rainier arms
card skimmer attack
fakecrack
ccleaner malware
msdt
vmware esxi servers
black basta ransomware
bughatch
numrich gun parts
shields health care group
dogwalk vulnerability
cuba ransomware

Posted on: June 08, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.