Cyware Daily Threat Intelligence, May 05, 2020

Share Blog post

Twenty years ago, the ILoveYou virus showed the destructive potential of malware by infecting 50 million systems worldwide. The rampage of malware attacks continues with the discovery of the Kaiji botnet, new LockBit variant, and the VCrypt ransomware in the last 24 hours. The Kaiji botnet targets Linux-based, and IoT devices to use them for DDoS attacks. While the new LockBit variant was upgraded with the ability to spread itself across the network using the SMB protocol, the new VCrypt ransomware was found encrypting users’ data folders using the 7zip command-line utility.

Coming to security breaches, GoDaddy alerted several users of unauthorized access to their web hosting accounts via SSH, which occurred on October 19, 2019. On the other hand, Australia’s migration system leaked the details of 774,000 individuals who applied for immigration to the country.

Top Breaches Reported in the Last 24 Hours

GoDaddy user accounts breached
The domain name and web hosting provider, GoDaddy, notified some of its customers of unauthorized access to their web hosting accounts. The incident, which took place on October 19, 2019, involved attackers accessing hosting accounts by exploiting user credentials to connect via SSH. In response to the incident, GoDaddy reset the affected user passwords to prevent further malicious activity.

Australian migrants exposed
Australia's migration system laid bare personal details of 774,000 individuals in a data breach. The exposed data—which also included details of people aspiring to migrate to Australia—was made publicly available via the Home Affairs Department's SkillsSelect platform. Partial names, ADUserIDs, and the outcome of applications got exposed in the incident.

Massive leak by an adult site
CAM4, an adult live streaming website owned by Granity Entertainment, was found exposing around 11 billion emails and private chats via an unsecured server, putting them at risk of blackmail and identity theft. The database server was hosted in the Netherlands and contained over 7TB of personal data and production logs dating from March 16, 2020.

Top Malware Reported in the Last 24 Hours

A ‘Go’ programming malware
Security researchers have discovered Kaiji malware, a specifically built malware to infect Linux-based servers and IoT devices. Spotted last week, the new malware abuse compromised systems to launch DDoS attacks. However, the malware is written in the Go programming language, rather than C or C++, which makes it stand out from other existing IoT malware strains.

Swift encryption of corporate network
Researchers uncovered a unique feature of the LockBit ransomware that allows cybercriminals to hack into a corporate network and spread the malware laterally using the SMB protocol. LockBit is a relatively new Ransomware-as-a-Service (RaaS). Researchers observed the hackers infiltrating a corporate network and encrypting approximately 25 servers and 225 workstations in just 3 hours.

New VCrypt ransomware detected
Security researchers detected the new VCrypt ransomware targeting French users in a recent attack campaign. The ransomware uses the legitimate 7zip command-line program to create encrypted archives of users’ data folders. It names the encrypted files as “username_foldername.vxcrypt” and leaves behind a ransom note, asking users to visit the attackers’ website to make the ransom payment.

Top Vulnerabilities Reported in the Last 24 Hours

Airplane safety system hacked
Security researchers found that the aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be hacked to manipulate the movement of the aircraft mid-air. The researchers spoofed the system using a cheap USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft.

OpenSSL vulnerability exploit
A proof-of-concept (PoC) exploit was released for a recently patched vulnerability in OpenSSL. The vulnerability, tracked as CVE-2020-1967, can be exploited by hackers to perform denial-of-service (DoS) attacks. The researcher who published the exploit stated that the flaw could also be exploited via a man-in-the-middle (MitM) attack or by tricking vulnerable clients into connecting to a malicious TLS server.

Top Scams Reported in the Last 24 Hours

Phishing investment brokers
The US Financial Industry Regulatory Authority (FINRA) has warned member organizations of an ongoing phishing campaign trying to trick investment brokers into revealing their Microsoft Office or SharePoint login credentials by impersonating officers at the regulatory.

 Tags

aircraft safety system
australian immigration department
kaiji botnet
godaddy accounts
lockbit ransomware
openssl vulnerability
vcrypt ransomware

Posted on: May 05, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!