Cyware Daily Threat Intelligence, June 16, 2020

Share Blog Post

Amidst the COVID-19 pandemic, cybercriminals are now piggybacking on the ‘Black Lives Matter’ movement to persuade people to open email attachments that contain malware. In the past 24 hours, researchers have uncovered massive spam campaigns around this subject that deliver the TrickBot trojan among other malware. The top five countries targeted in these campaigns are Canada, the United States, France, Thailand, and Cyprus.

A set of vulnerabilities collectively called Ripple20, that affects millions of IoT devices manufactured by HP, Schneider Electric, Intel,  Rockwell Automation, Caterpillar, and Baxter has also come to notice in the last 24 hours. These 19 zero-day vulnerabilities exist in the TCP/IP software library developed by Treck Inc.

A newly discovered Java-based STRRAT malware was also found infecting German users. The malware includes a ransomware module apart from information-stealing capabilities.

Top Breaches Reported in the Last 24 Hours

PostBank replaces 12 million cards
PostBank is replacing 12 million bank cards after rogue employees stole its 36-digit master key. The incident had occurred in December 2018 wherein the culprits used the key to steal around $3.35 million from beneficiaries who received social grants every month.

Foodora data breach
Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. The incident has exposed the account details of 727,000 customers in 14 different countries. Information breached in the incident includes names, addresses, phone numbers, and hashed passwords.

NHS’s phishing campaign
The NHS disclosed that 113 email accounts were compromised and used to send malicious spam outside the health service between May 30, and June 1, 2020. The subject lines of these emails either included the recipient’s names or were left blank. Furthermore, these emails contained a link to a fake log-in page featuring the NHS logo. Following the incident, NHS changed the passwords of the compromised accounts.

Top Malware Reported in the Last 24 Hours

TrickBot trojan
Several spam campaigns around ‘Black Lives Matter’ have been detected by security researchers. The campaigns are executed using phishing emails that have a variety of subject lines and an attached malicious Microsoft Word document. These documents work as a delivery channel for malware like TrickBot trojan. The campaign is spread across Canada, the United States, France, and Cyprus.

STRRAT malware
A newly discovered Java-based STRRAT malware includes a ransomware module apart from information-stealing capabilities. Telemetry shows that the malware has infected many users in Germany. It is distributed via spam emails that include a malicious attachment named “NEW ORDER.jar”.

Qbot evolves
The Qbot has added a new evasion capability to its arsenal. It has included a new packing layer that scrambles and hides the code from scanners and signature-based tools. It also includes anti-virtual machine techniques, which helps it resist forensic examination.

Top Vulnerabilities Reported in the Last 24 Hours

Ripple20 vulnerability
A total of 19 vulnerabilities, collectively known as Ripple20, have been found affecting millions of IoT devices. The flaws exist in the low-level TCP/IP software library developed by Treck Inc. They can be exploited to take control of devices and steal data from infected ones. Some of the affected vendors include HP, Schneider Electric, Intel,  Rockwell Automation, Caterpillar, and Baxter.

Hackable security cameras
Wireless security cameras manufactured by Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, and QZT are affected by serious vulnerabilities that can expose users’ data to attackers. These vulnerabilities, which are tracked as CVE-2019-11219 and CVE-2019-11220, exist in the P2P feature of the CamHi app that is used by the cameras.

Oracle fixes two flaws
Oracle has patched two vulnerabilities found in its E-Business Suite solution. The flaws, tracked as CVE-2020-2586 and CVE-2020-2587, can allow attackers to take control of the EBS environment. The flaws can also enable unauthorized hackers to alter financial data held in the solution.


strrat malware
trickbot trojan

Posted on: June 16, 2020

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!