Cyware Daily Threat Intelligence November 12, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

New cryptominer
A new cryptominer dubbed Coinminer.Linux.KORKERDS.AB has been discovered. The malware targets Linux systems and leverages a rootkit to hide its presence on the infected systems. Without the rootkit, admins can detect the malicious activity. However, once the rootkit is installed, the process causing the high CPU is not visible even though the total system utilization is still shown as 100%.

New Trickbot campaign
A new Trickbot campaign has been detected. The malware now has new capabilities - it can steal credentials and browser data, including cookies, browser histories and more. Trickbot is now distributed via a malicious Excel document. It also uses several anti-analysis techniques to evade detection. Trickbot’s new module “pwgrab32”, is designed to steal credentials from applications such as Microsoft Outlook, Filezilla, and WinSCP, as well as steal system information. The new additions to Trickbot indicate that the cybercriminals operating the malware have no intention of hanging up their boots.

Top Breaches Reported in the Last 24 Hours

Nordstrom
Nordstrom's flagship store in Seattle was hit by a breach that exposed the sensitive and personal data of some of its employees. The data compromised includes Social Security numbers, dates of birth, checking account and routing numbers, salaries and more. It is still unclear as to how many people were affected by the breach. Nordstrom claims that no data was misused. The firm is still investigating the breach. Nordstrom claims said that the breach was caused by a contract worker who improperly handled some Nordstrom's employees' data.

Health breach
Florida's Department of Health suffered a data breach that may have comprised the personal information of some patients in Escambia, Santa Rosa, Okaloosa and Walton counties. The breach occurred after a cybercriminal hacked into a Microsoft Outlook account of an employee of the Children’s Medical Services. The attack is believed to have taken place between October 8 and October 16. Officials said that no payment card information or personal data, like social security numbers, were compromised. 

 Tags

data breaches
health breach
trickbot
nordstrom
cryptominers

Posted on: November 13, 2018

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!