Cyware Daily Threat Intelligence, June 22, 2020

Share Blog post

Cybercriminals are now using a new technique to up the ante of web skimming attacks. They have registered several domains resembling the name of Google Analytics in order to collect users’ data from different sites. So far, about two dozen retail sites spread across Europe and America have been infected in the attack campaign. The victim organizations include stores selling digital equipment, cosmetics, food products, and spare parts.

The past 24 hours also saw the discovery of a new malware called NitroHack that spreads via Discord client for Windows. In this attempt, the attackers are sending malicious direct messages from compromised accounts to spread the malware. They are informing the victim’s friends that they could obtain free access to the Premium Discord Nitro service by downloading a file.

Top Breaches Reported in the Last 24 Hours

UPMC data offered for sale
A 29-year-old Michigan man was arrested for allegedly selling the PII and W-2 tax form information of over 65,000 University of Pittsburgh Medical Center (UPMC) employees. The hackers had broken into the networks of UPMC in 2014. The compromised data included names, social security numbers, addresses, and salary of employees.

BlueLeaks
An activist group, which goes by the name of DDoSecrets, has published 269 GB of data stolen from US law enforcement agencies and fusion centers. The data, which is available on BlueLeaks portal, contains more than ten years-worth of files belonging to over 200 police departments across the US. Some of these files include personal information such as names, bank account numbers, and phone numbers.

COVID-19 Patient Data on sale
A threat actor has been found selling over 230,000 Indonesian COVID-19 patients’ records on the dark web. The leaked data includes names, addresses, telephone numbers, diagnosis data, result dates of patients.

Database of MMO Stalker Online on sale
A database containing over 1.2 million user records from the popular MMO Stalker Online was put up for sale on dark web forums. The compromised records included players’ usernames, passwords, email addresses, phone numbers, and IP addresses.

Top Malware Reported in the Last 24 Hours

NitroHack malware
Security researchers have discovered a new malware called NitroHack that modifies the Discord client for Windows into an infostealing trojan. For this, the attackers are using messages on Discord users as a distribution vector. They are informing the victim’s friends that they could obtain free access to the Premium Discord Nitro service by downloading a file.

New web skimming attack
Attackers are misusing Google Analytics to conduct web skimming attacks. A dozen fake sites were found to have been registered with an intention to steal data from different e-commerce sites. The victim organizations include stores in Europe and America selling digital equipment, cosmetics, food products, spare parts, etc.

Top Vulnerabilities Reported in the Last 24 Hours

AMD issues patches
AMD has issued patches for a callout privilege escalation vulnerability affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The flaw, which is tracked as CVE-2020-12890, resides in AMD’s Mini PC and can allow attackers to manipulate secure firmware and execute arbitrary code. It can be exploited by attackers only if they have privileged physical or administrative access to a system that includes one of the affected AMD notebook or embedded processors.

 Tags

nitrohack
university of pittsburgh medical center
blueleaks
google analytics
discord client

Posted on: June 22, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!