Cyware Daily Threat Intelligence November 02, 2017

BitPaymer
Recently, when BitPaymer ransomware was discovered, it left security researchers in a fix because it isn’t the typical ransomware. It employs complex code to obfuscate its performance. Cybersecurity experts who analyzed the malware found complex code that made it very difficult to study how the malware worked—how the intrusion/infection occurred, and how further encryption of data took place.

Silence Trojan
In the recent cyber heists executed on banks in Russia, Armenia, and Malaysia was using the new ransomware--Silence. The technique used is similar to Carbanak group. Attackers used the bank employee's compromised account to send spear-phishing emails to other bank workers. These emails contain a compiled HTML file attachment that could download the payload.

CryptoShuffler Trojan
The CryptoShuffler Trojan is stealing funds from cryptocurrency wallets. It has targeted a whole range of popular cryptocurrencies including Bitcoin, Ethereum, Zcash, Dash, Monero, and others. Users should pay close attention during transactions, and always check the wallet number listed in the destination address line against the one they are intending to send coins to. Heap Overflow vulnerability
The vulnerability exists in the Circle with Disney’s tinysvcmd library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. All an attacker needs to do is send a DNS packet to trigger this vulnerability.

Google Docs bug
Google Docs users reported bugs yesterday that caused them to get locked out from their documents. Most of the issues centered on a mysterious Terms of Service violation. However, later Google stated the problem was caused by a code push that incorrectly flagged a small percentage of Google docs as abusive.

WordPress security patch
WordPress has released a security patch for a programming error. The fix addresses a flaw that can be potentially exploited by hackers to hijack and take over WordPress-powered websites, by injecting malicious SQL database commands. Data breach at Hetzner
In a worrisome cybersecurity incident, Hetzner’s konsoleH platform has been hacked. The platform is Hetzner’s proprietary control panel, which merges all service administration tools into an integrated management system. Hetzner is a major South African data center operator and website hosting service provider.

Former Iowa University student arrested
The University found out that a former Chemistry student used keystroke-logging gadgets to steal tutor’s passwords and improve the grades of his classmates. Also, he was able to get his hands on the exam questions in advance. The crime could cause the accused to spend up to 10 years of his life in prison. Real Estate cybercrime
Lately, the US has witnessed a lot of potential homeowners are being targeted in the fastest-growing real estate scams. Hackers assume the identity of realtors and contact their clients through emails and pretend to be an escrow agent. Thereby, trick homeowners into wiring the money to the hacker-controlled account.

CRA scam
In Canada, fake emails and call related to tax funds are popular tricks involved in phishing scams according to Anti-Fraud Centre (CAFC). In addition, Canada Revenue Agency is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts.