Go to listing page

Cyware Daily Threat Intelligence, March 24, 2021

Cyware Daily Threat Intelligence, March 24, 2021

Share Blog Post

Phishers are finding success in using compromised accounts to send malicious emails. As if this is not enough, they are now leveraging legitimate services to stay under the radar. These two conditions have proved favorable for a phishing campaign dubbed ‘Compact’ that has been active since 2020. Having got hold of more than 400,000 Office 365 Outlook Web Access credentials, the phishers are in the process of expanding the campaign by using Amazon Simple Email Service (SES) and the Appspot cloud computing platform.

The new Purple Fox’s worm-like capabilities are turning out to be a danger for Windows machines. The malware is being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. Adding more troubles for online users, two dozen malicious Chrome browser extensions and 40 associated malicious domains have been discovered distributing adware with an aim to steal credentials.

Top Breaches Reported in the Last 24 Hours

Forex Broker
Over 20TB of sensitive data belonging to Forex Broker was leaked online due to an unprotected Elasticsearch database. The database contained over 16 billion records of customers’ personally identifiable information.

Attack on Flagstar Bank 
Michigan-based Flagstar Bank reportedly fell victim to a ransomware attack in January this year. Following the attack, the ransomware operators not only encrypted the database but also, siphoned banking data that includes social security numbers. In another incident, Stratus Technologies disclosed a ransomware attack that forced the company to take the systems offline. 

Hobby Lobby exposes data
Arts and crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing   
138GB of sensitive information of around 300,000 customers. The exposed details include customers’ names, partial payment card details, phone numbers, and email addresses.

6.5 million Israel citizens affected
A threat actor calling itself ‘The Israeli Autumn’ took credit for leaking registration and personal details of millions of Israeli citizens. The details include full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences.

Honeywell’s IT systems disrupted
Industrial giant Honeywell revealed that some of its IT systems were disrupted as a result of malware attacks. Although an investigation into the incident is ongoing, Honeywell stated it has found no evidence of data being exfiltrated from systems.

University of Colorado’s data leak
The Clop ransomware group has posted online sensitive data belonging to students of the University of Colorado and patient data of University of Miami patient data. The universities are victims of a breach that affected Accellion FTA servers.

Top Malware Reported in the Last 24 Hours

Malicious Chrome extensions
Researchers have discovered two dozen malicious Chrome browser extensions and 40 associated malicious domains that are being used to distribute adware on victim systems. The adware is designed to steal credentials or quietly redirect victims to malicious sites.

Purple Fox malware evolves
An upgraded variant of Purple Fox malware with worm capabilities has been found to be deployed in an ongoing attack campaign. The malware is being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. The malware targets Microsoft Windows machines and repurposes compromised systems to host malicious payloads.

Top Scams Reported in the Last 24 Hours

Compact phishing campaign
A phishing operation dubbed ‘Compact’ that has been active since early 2020 has now expanded to abuse new legitimate services—Amazon Simple Email Service (SES) and the Appspot cloud computing platform—to bypass secure email gateways. By the end of December, scammers managed to pilfer more than 400,000 Office 365 Outlook Web Access credentials. The phishing emails are sent on the pretext of notifications from video conferencing services, various security solutions, and productivity tools. The campaign also leverages compromised accounts for SendGrid and MailGun email delivery services to evade detection.


 Tags

forex broker
purple fox
flagstar bank
compact phishing campaign
appspot cloud computing platform

Posted on: March 24, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.