Go to listing page

Cyware Daily Threat Intelligence, May 31, 2021

Cyware Daily Threat Intelligence, May 31, 2021

Share Blog Post

Watch out, there is a new threat looming on vulnerable Microsoft Exchange servers. A new ransomware dubbed Epsilon Red has been found targeting the servers in an attempt to make fast cash for its operators. Written in Go language, the ransomware resembles the REvil ransomware and has already ensnared a firm in the hospitality sector.

The tricky Facefish backdoor that can take over Linux systems and steal sensitive data has come under the scanner of researchers. Composed of two parts: a dropper and a rootkit, the backdoor uses BlowFish for encrypting communication data with the C2 server.

Also, look out for spam emails that make claims for unknown subscriptions and trick users with further spam.

Top Breaches Reported in the Last 24 Hours

JBS attacked
The world’s largest meat processing company, JBS Foods, has fallen victim to a cyberattack that resulted in the shut down of its operations around the world, including in Australia, Canada, and the U.S. Federal authorities are currently investigating the incident.

Mexico Walls lottery websites down
Access to Mexico’s Lotería Nacional and Pronósticos lottery websites is blocked after a ransomware gang threatened to perform denial of service attacks. The Avaddon ransomware gang claimed responsibility for the attacks on the Pronosticos Deportivo, a program of Lotería Nacional, by stealing data and then encrypting devices.

Top Malware Reported in the Last 24 Hours

Facefish backdoor
Researchers have published details about a new backdoor dubbed Facefish that could allow attackers to take over Linux systems and steal sensitive data. The backdoor targets Linux x64 systems and is able to drop multiple rootkits at different times. It uses the Blowfish encryption algorithm for C2 communications.

New Epsilon Red ransomware
A new piece of ransomware named Epsilon Red has targeted a U.S. company in the hospitality sector. The ransomware is similar to the REvil ransomware. Victims are informed that their files have been encrypted and that their data has been stolen and will be leaked unless they pay the ransom. Written in Go language, the ransomware is distributed via unpatched Microsoft Exchange servers.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for PatchGuard bug published
A PoC exploit for a bug found in Microsoft Kernel Patch Protection (KPP) has been published. The flaw can allow threat actors to load malicious code into the Windows operating system kernel. Discovered by a Japanese researcher, the issue remains unfixed.

Top Scams Reported in the Last 24 Hours

Fake unsubscribed spam email
Scammers are using fake unsubscribed spam emails to confirm valid email accounts to be used in future phishing and spam campaigns. These emails that ask the recipients to subscribe or unsubscribe, do not mention anything about the service. The subjects of these emails read ‘We_need your confirmation asap’, ‘Request, please confirm your unsubscription’, or ‘Verification’. Once the recipients send unsubscribe/subscribe responses, their email accounts are bombarded with spam messages.

Walmart phishing campaign
A Walmart phishing campaign is underway that attempts to steal users’ personal information. The email pretends to be from Walmart and uses the subject line ‘Your Package delivery Problem Notification ID#’ to inform recipients that their package could not be delivered to the address. The ultimate goal of the campaign is to collect information to conduct identity theft attacks.


epsilon red
jbs foods
facefish backdoor
spam emails
avaddon ransomware

Posted on: May 31, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.