Cyware Daily Threat Intelligence, June 29, 2020

Share Blog post

Phishing emails are back in fashion for delivering ransomware. Researchers have noted that several ransomware operators had used it as a channel in the past few months to infect numerous industries in the United States, France, Germany, Greece, and Italy. Some of the ransomware families that were delivered via this method include Avaddon, Buran, Darkgate, Mr.Robot, Philadelphia, and Ranion.

In other news, the University of California paid a ransom of over $1 million to NetWalker ransomware operators to restore its network. The university was attacked earlier this month, wherein the attackers had encrypted a limited number of servers that are used for Coronavirus research.

Top Breaches Reported in the Last 24 Hours

The University of California pays a ransom
The University of California, San Francisco has paid over $1 million as a ransom to NetWalker ransomware operators following a cyberattack that took place on June 1, 2020. The attackers had encrypted a limited number of servers that are important for Coronavirus research.

Private details leaked
Private information relating to the President of Brazil and several other ministers was leaked earlier this month. The leak was claimed by the hacktivist group Anonymous Brazil. Apart from ministers’ data, the data leak had also affected details of over 200,000 public servants.

Top Malware Reported in the Last 24 Hours

Email-based ransomware attacks
In the past few months, there has been a rise in email-based ransomware attacks. The attackers have used phishing emails as a first-stage payload to target numerous industries in the United States, France, Germany, Greece, and Italy. The ransomware families that were delivered through such tactics included Avaddon, Buran, Darkgate, Mr.Robot, Philadelphia, and Ranion. The phishing emails were designed in native languages to lure victims.

Top Vulnerabilities Reported in the Last 24 Hours

Yesteryear vulnerabilities targeted
The Australian government has released an advisory about increased cyber activity from China-based threat actors. They are heavily relying on yesteryear vulnerabilities to target agencies and companies in the country. Some of the vulnerabilities include CVE-2019-0604, CVE-2019-19781, CVE-2019-18935, CVE-2017-9248, CVE-2017-11317, and CVE-2017-11357.

 Tags

ranion ransomware
buran
mrrobot
university of california
avaddon ransomware
darkgate malware

Posted on: June 29, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!