Cyware Daily Threat Intelligence, June 09, 2020

Share Blog post

Newly discovered malware and vulnerabilities continue to remain a key component of the evolving cyber threat landscape. In the past 24 hours, security researchers came across two new malware - FlowCloud and Avaddon - that were used in different cyberespionage campaigns. While FlowCloud was used against U.S utility providers, the Avaddon ransomware was distributed in a spam campaign targeting users worldwide.

Coming to new vulnerabilities, it has been found that IoT devices are vulnerable to a new flaw, named CallStranger. It resides in the Universal Plug and Play (UPnP) protocol and can allow attackers to launch DDoS attacks.

Top Breaches Reported in the Last 24 Hours

Life Healthcare attacked
The South Africa-based Life Healthcare is investigating a cyberattack that affected some of the group’s IT systems. According to the organization, it immediately took systems offline to contain the incident. It is yet to ascertain the extent to which sensitive data has been compromised.

Honda suffers an attack
Honda Motor Co. has halted production at some of its factories following a cyberattack. It is currently working on fixing the systems and internal networks that were disrupted in the attack.

Columbia College hit
Columbia College is the third US college to have fallen victim to a cyberattack by Netwalker ransomware operators. The attack had occurred on June 3 and had resulted in the compromise of sensitive data like social security numbers.

Top Malware Reported in the Last 24 Hours

Jqueryapi1oad
New details related to a Magecart attack campaign carried out through misconfigured S3 buckets have emerged lately. It has been found that along with the skimming code, the compromised buckets were also used for delivering a malicious redirector, referred to as ‘jqueryapi1oad’. The malware is linked to a long-running Hookads malvertising campaign. So far, the 277 sites have been identified as affected by jqueryapi1oad malware.

FlowCloud malware
Researchers have discovered a new modular malware named FlowCloud that was used against U.S. utility providers in August 2019. The malware shares similarities with LookBack malware and enables its operators to take complete control over a compromised system. Its capabilities include accessing installed applications, the keyboard, mouse, screen, files, services, and processes on an infected system.

New Avaddon ransomware
A new ransomware strain, named Avaddon, has been found in a massive spam campaign targeting users worldwide. The campaign relies on phishing emails that are sent with subject lines like ‘Your new photo?’ or ‘Do you like my photo?’ Attached to these emails is a JavaScript file masquerading as a JPG photo with names like IMG123101.jpg.

Credential harvesting attack
A large-scale phishing campaign targeting high-profile executives of German multinational corporations associated with the task of procuring PPE kit, has come to notice. So far, the cybercrooks have attempted to steal credentials of more than 100 senior executives working in 40 different organizations. Some of the targeted organizations include FIEGE, Deutsche Bahn, Bayer, Daimler, DHL, Lufthansa, Otto, and Volkswagen.

Top Vulnerabilities Reported in the Last 24 Hours

CallStranger vulnerability
A severe vulnerability, dubbed CallStranger, residing in the UPnP protocol can allow attackers to hijack smart devices and launch DDoS attacks. Additionally, the flaw can enable attackers to successfully bypass network security solutions and firewalls. The CallStranger flaw is tracked as CVE-2020-12695.

Top Scams Reported in the Last 24 Hours

HMRC impersonated
Scammers have launched a new phishing scam designed to steal personal and financial details from self-employed workers using the Self-Employment Income Support Scheme (SEISS). The phishing email informs victims that they are eligible for a tax rebate from Her Majesty's Revenue and Customs (HMRC). It redirects the victims to a fake HMRC site which asks them to enter their email address, postcode, and HMRC login details. In order to get the promised refund amount, they are further asked to enter their card number, name on card, account numbers, security code, and expiry date.

 Tags

callstranger vulnerability
upnp protocol
flowcloud malware
avaddon ransomware
her majestys revenue and customs hmrc

Posted on: June 09, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!