Go to listing page

Cyware Daily Threat Intelligence, March 01, 2021

Cyware Daily Threat Intelligence, March 01, 2021

Share Blog Post

The booming cybercrime-as-a-service scheme in the threat landscape is witnessing a new type of hacking skill from a bunch of threat actors. Dubbed as Gootloader, the technique involves abusing search engines to deploy malware payloads such as Gootkit trojan, Kronos, Cobalt Strike, and REvil ransomware. So far, the infection process has been used against online users in South Korea, Germany, France, and the U.S.

Meanwhile, Ryuk ransomware has become more powerful as its operators have added a new worm-like module in the latest version. This gives the ransomware the ability to self propagate between Windows-based machines on the same local networks.

DDoSecrets hacktivist group is back in action after a long gap with a massive trove of data stolen from Gab. This has put more than 40 million public and private posts, messages, as well as user profiles and hashed passwords at risk of exposure.

Top Breaches Reported in the Last 24 Hours

T-Mobile hit again
American telecommunications provider T-Mobile has warned its users to change their login credentials after being hit by a data breach. While there is no evidence as to whether the attackers gained access to the employees’ accounts, T-Mobile claimed that there is a chance of SIM swapping attacks as the attackers were able to port mobile numbers.

Gab hacked
DDoSecrets hacktivist group has stolen around 70 GB of personal data from Gab, the Twitter-like social networking service. This has put more than 40 million public and private posts, messages, as well as user profiles and hashed passwords at risk of exposure.

Top Malware Reported in the Last 24 Hours

A new variant of Ryuk ransomware
A new variant of Ryuk ransomware that includes self-propagation capabilities has been uncovered by researchers. It makes use of a privileged account and machines based on the Windows domain only for propagation. The files are encrypted using Microsoft CryptoAPI with the AES256 algorithm.

New Gootloader technique
Threat actors leveraging Search Engine Optimization (SEO) techniques in a newly found Gootloader technique to distribute malware to as many victims as possible. The technique spread the Gootkit banking Trojan, Kronos, Cobalt Strike, and REvil ransomware, among other malware variants, in South Korea, Germany, France, and the United States.

Top Vulnerabilities Reported in the Last 24 Hours

SaltStack vulnerability
The Salt Project has patched a privilege escalation bug impacting SaltStack Salt minions. The vulnerability, CVE-2020-28243, has a severity rating of 7.0 and impacts Salt versions before 3002.5.

Flawed firewall appliance
A critical vulnerability discovered in a firewall appliance designed by Germany-based cybersecurity company Genua can allow attackers to gain access to an organization’s networks. Dubbed as authentication bypass vulnerability (CVE-2021-27215), the flaw exists in the product’s administration interfaces.

Top Scams Reported in the Last 24 Hours

AOL phishing
Attackers are targeting AOL users in an attempt to steal their login credentials. The attack begins with a phishing email that warns recipients about the suspension of their accounts. They are asked to verify their details to prevent the deactivation of their accounts. The prime target of the attack is older people.

 Tags

revil ransomware
gootkit trojan
gootloader
ddosecrets threat actor group
cobalt strike

Posted on: March 01, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!