Cyware Daily Threat Intelligence, May 18, 2020

Share Blog post

Crypto-miners have taken on supercomputers in a massive cryptojacking campaign. After taking down ARCHER, one of Britain’s supercomputers, the attackers have now infected about a dozen other supercomputers - some of them used for COVID-19 research - in Germany and Switzerland. These include bwUniCluster 2.0, ForHLR II, Hawk, and bwFORCluster JUSTUS.

Details of a new malicious app that distributes Android.Trojan.Infostealer.UQ has also come to notice in the past 24 hours. The trojan is used against Algerian users to steal their personal data.

Meanwhile, the FBI has issued an alert to inform organizations about vulnerable decryptor provided by ProLock ransomware operators. It was found that the decryptor does not decrypt files with a size larger than 64MB.

Top Breaches Reported in the Last 24 Hours

New PUA system breached
The Illinois Department of Employment Security (IDES) confirmed a security breach that occurred due to a flaw in the new Pandemic Unemployment Assistance (PUA) system. A PUA claimant was able to access personal identifying information of a limited number of claimants. Upon discovery, the claimant immediately notified the Department of the issue and within an hour, it was rectified.  

TxDOT attacked
After the Texas court system, the Texas Department of Transportation (TxDOT) has become the latest victim of a ransomware attack. The authorities detected the attack on May 14, after finding unauthorized access to the agency’s network. The department took immediate action to isolate the affected computers and block further unauthorized access.    

Supercomputers hacked
Several supercomputing centers operating in Germany, the U.K, and Switzerland were shut down following a series of security incidents. Some of these were compromised as early as January. The affected supercomputers included ARCHER, bwUniCluster 2.0, ForHLR, Hawk, and bwForCluster JUSTUS. They were infiltrated to mine cryptocurrencies.   

BlueScope hit
Australian steel producer BlueScope was hit by a ransomware that disrupted some of the company’s operations. The incident had mainly affected manufacturing and sales operations in Australia. The company plans to restore systems from backups. 

Top Malware Reported in the Last 24 Hours

Decryptor for ProLock fails
The FBI has issued an alert to inform organizations that the decryptor of ProLock ransomware does not work for files larger than 64MB. The issue will prolong the downtime for an organization even if they agree to the ransom demand. 

Android.Trojan.Infostealer.UQ
A trojan, called Android.Trojan.Infostealer.UQ, is targeting Algerian users to steal personal data, including SMS messages, call logs, contacts, and more. It is distributed via an app named ‘Covid’. The trojan uses an old Jawa Barat certificate to sign malicious packages into the app.   


Top Vulnerabilities Reported in the Last 24 Hours

Buggy Edison Mail app
A faulty software update for the Edison Mail app exposed the email accounts of 6,480 iPhone users. However, no Android or Mac users were affected due to the issue. Edison patched the flaw by releasing an updated app on the iOS App Store.    

Flawed WP Product Lite Review plugin
A critical XSS vulnerability in the WP Product Review Lite WordPress plugin could allow attackers to inject malicious code and potentially take over vulnerable sites. Therefore, admins are advised to update the plugin to version 3.7.6 to mitigate the issue. 

 Tags

bluescope
androidtrojaninfostealeruq
texas department of transportation txdot
prolock ransomware
illinois department of employment security ides
edison mail app

Posted on: May 18, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!