Go to listing page

Cyware Daily Threat Intelligence, November 09, 2021

Cyware Daily Threat Intelligence, November 09, 2021

Share Blog Post

Ransomware attackers seem to have no bounds to their greed. In the latest attack on MediaMarkt, the Hive ransomware group demanded a whopping, unrealistic $240 million ransom to offer a decryptor for the encrypted files of the electronics retail giant. Meanwhile, two different ransomware groups and an APT group have associated with a common initial access broker, dubbed Zebra2104, to conduct their malware campaigns. In other news, an Iranian hacking group, Lyceum, was spotted targeting ISPs and telecoms to deploy two different types of malware.

While researchers discovered multiple vulnerabilities in BusyBox that could allow DoS attacks, remote code execution, and leak information, a patched vulnerability in Sitecore XP was exploited again. Online scammers are on a roll; a group of threat actors was found forcing victims to be money mules by entrapping them through fraudulent websites that offered low-priced consumer electronic products. Moreover, scammers are tricking victims into leveraging cryptocurrency ATMs and QR codes to make payments. The FBI warned the public against such scammers.

Top Breaches Reported in the Last 24 Hours

MediaMarkt hit by Hive ransomware
Electronics retail giant, MediaMarkt, was attacked by Hive ransomware group that demanded an initial ransom of $240 million, resulting in the shut down of IT systems and disrupting store operations in the Netherlands and Germany. The affected stores fail to accept credit cards or print receipts.

Robinhood experiences a data breach
The mobile stock trading platform, Robinhood, witnessed a security breach that exposed names and email addresses for millions of users and account details of specific targets. The hackers stole names, email addresses, zip codes, dates of birth, and additional personal information from its customer data trove.

Top Malware Reported in the Last 24 Hours

BlackBerry uncovers initial access broker
Three different ransomware groups—MountLocker, Phobos, and StrongPity—are all using a common initial access broker (IAB) to conduct malware campaigns. The BlackBerry Research & Intelligence Team discovered that the three ransomware groups have all partnered with an IAB threat actor, dubbed Zebra2104.

Lyceum targets telecoms and ISPs
An Iranian threat group, Lyceum, was spotted targeting ISPs and telecoms across Israel, Morocco, Tunisia, and Saudi Arabia. The APT also conducted a campaign against an African ministry of foreign affairs. Reportedly, the group will attempt to deploy two different types of malware—Shark and Milan.

Top Vulnerabilities Reported in the Last 24 Hours

BusyBox Bugs threaten embedded Linux devices
Researchers discovered 14 critical vulnerabilities in BusyBox, a popular program leveraged in embedded Linux applications. All these vulnerabilities allow for denial of service (DoS) and 10 of them could also enable remote code execution (RCE). Moreover, one of the bugs could allow devices to leak information.

Sitecore XP patched flaw exploited
In October, Sitecore disclosed and released a patch for a pre-authentication RCE vulnerability tracked as CVE-2021-42237 affecting the Sitecore Experience Platform. Now, the ACSC is alerting web admins of the active exploitation of the RCE flaw in the Sitecore XP. 

Top Scams Reported in the Last 24 Hours

Victims forced to be money mules
The Spanish police arrested 45 people associated with an online fraud group that operated 20 different fraudulent websites to defraud at least 200 people for $1.73 million. The threat actors offered various consumer electronic products at low prices on the fraudulent web portals. When the victims made purchases, the money went to the bank accounts of other victims who were forced to act as money mules by the attackers.

Fraudulent schemes using crypto ATMs and QR codes
After witnessing an increase in scammers tricking victims into using physical cryptocurrency ATMs and QR codes to facilitate payment transactions, the FBI alerted the public of fraudulent schemes using cryptocurrency ATMs and QR codes. Typically, the scammers make constant online communication with the victims and guide them through step-by-step instructions to complete the payment.


sitecore xp
lyceum apt
initial access brokers

Posted on: November 09, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.