Cyware Daily Threat Intelligence, June 17, 2020

Share Blog post

The last 24 hours witnessed a sophisticated spamdexing campaign used to distribute malware and scams. Cyber crooks are leveraging the attack method to push fake data breach notifications for big companies, such as Chegg, EA, and Canva, among others. These notifications redirect users to malicious links.

Furthermore, researchers have found a highly-targeted BEC attack campaign associated with the Lazarus group. Termed as ‘Operation In(ter)ception’, the campaign was carried out by attackers posing as recruiters from Collins Aerospace and General Dynamics (GD). They targeted executives in European organizations in an attempt to steal information and money.

Top Breaches Reported in the Last 24 Hours

Misconfigured S3 bucket
An unsecured Amazon S3 bucket belonging to Ariix Italia was taken offline after it exposed over 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The buckets also contained personal information such as full names, addresses, tax identification numbers, and signatures of Italian citizens.

MaxLinear hit
Chipmaker, MaxLinear, has suffered an attack by Maze ransomware, leading to the failure of some of its systems. Additionally, hackers have released some proprietary information about the company online.

DraftKings discloses an attack
DraftKings disclosed that SBTech was hit by ransomware on March 27, 2020. This had disrupted the operations of the sports betting and iGaming services. Following the attack, SBTech had informed relevant regulatory authorities and notified affected customers.
 
Top Malware Reported in the Last 24 Hours

Cryptocurrency mining
As a part of a DLL hijack attack, from May, attackers were found leveraging two legitimate vendor applications - CrystalBit and Apple - to mine cryptocurrencies. The actors abused the APSDaemon vulnerability in these apps to evade detection during the infection process.

Fake data breach notifications
Cybercriminals have been found using specific search keywords to push fake data breach notifications for companies such as Chegg, EA, Canva, Dropbox, Hulu, Ceridian, Shein, PayPal, Target, Hautelook, Mojang, InterContinental Hotels Group, and Houzz. The ultimate goal of the attackers is to distribute malware and launch scams.

Operation In(ter)ception
Researchers have detected a highly-targeted cyber espionage campaign, ‘Operation In(ter)ception,’ linked with the North Korea-based Lazarus threat actor group. As part of the campaign, the attackers impersonated Collins Aerospace and General Dynamics (GD) to target people working in sales, marketing, tech, and admin roles in different European organizations. The attack was carried out by contacting the executive via LinkedIn.

Top Vulnerabilities Reported in the Last 24 Hours

Adobe releases patches
Adobe has released out-of-band security updates to address 18 critical flaws affecting its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. All of these flaws are rated as ‘Critical’ and can lead to arbitrary code execution following successful exploitation.

VLC’s issue fixed
VideoLan has released VLC Media Player 3.0.11 with fixes for several security issues that could allow attackers to remotely execute commands or crash VLC on a vulnerable computer. The flaw is a buffer overflow vulnerability and tracked as CVE-2020-13428. It can be exploited by tricking a user into opening a specially-crafted file with VLC.

Plex fixes bugs
Plex has patched three vulnerabilities affecting its Media Server for Windows. These flaws could enable attackers to take full control of the systems using the software. The three vulnerabilities are tracked as CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742.


 Tags

vlc media player 3011
draftkings
lazarus group
operation interception
dll hijack attack

Posted on: June 17, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!