Cyware Daily Threat Intelligence, June 24, 2020

Share Blog post

Ransomware continues to dominate the cyber threat ecosystem, with attackers aiming for fast cash. Security researchers have tracked two new ransomware strains - WastedLocker and CryCryptor - that are being used in targeted attacks. While WastedLocker ransomware is distributed via fake software update alerts from the SocGholish fake update framework, the new CryCryptor ransomware propagates by posing as COVID Alert app.

Furthermore, the notorious Sodinokibi ransomware has expanded its malicious activities by now targeting Point of Sale (PoS) systems used in the healthcare and food sectors. The attackers are using the Cobalt Strike commodity malware to deliver the ransomware to victims.

Top Breaches Reported in the Last 24 Hours

CryptoCore steals $200 million
A threat actor group, named CryptoCore, has managed to steal around $200 million from online cryptocurrency exchanges. The victim organizations are located in the United States, Japan, and the Middle East. A new report highlights that all these attacks were initiated with an information-gathering stage wherein the attackers gathered all necessary details to target an exchange’s management, IT staff, and other employees.

Frost & Sullivan breached
Several databases containing details of employees and customers associated with Frost & Sullivan have been put up for sale on a hacker forum. The customer database includes information, such as the client name, email address, the company contact, whether they are confidential, and other non-sensitive data.

Top Malware Reported in the Last 24 Hours

New WastedLocker ransomware
The Russian cybercrime group, Evil Corp, has added a new ransomware to its arsenal, called WastedLocker. The malware is distributed via fake software update alerts from the SocGholish fake update framework. Once launched, WastedLocker attempts to encrypt drives with specific extensions on the computer. Files with size less than 10 bytes are ignored and in case of a large file, the ransomware encrypts them in blocks of 64 MB.

New CryCryptor ransomware
Researchers have detected a new CryCryptor ransomware that targets Android users in Canada. It is distributed via two websites under the guise of an official COVID-19 tracing app - COVID Alert - provided by Health Canada. Fortunately, a decrypting tool is available for victims.

Sodinokibi expands operations
Operators of Sodinokibi ransomware are scanning the networks of targets for PoS data in their latest attack campaign. The campaign is targeted against healthcare, services, and food sectors, among other victims. The attackers are using the Cobalt Strike commodity malware to deliver the ransomware.

Magnitude exploit kit evolves
Researchers analyzed the sophisticated Magnitude exploit kit for a whole year and have found that it continues to deliver ransomware in Asia Pacific countries via malvertising. In February 2020, the exploit kit had switched to exploit a vulnerability, tracked as CVE-2019-1367, affecting Internet Explorer.

 Tags

magnitude exploit kit
wastedlocker ransomware
crycryptor ransomware
frost sullivan
sodinokibi ransomware

Posted on: June 24, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!