Cyware Daily Threat Intelligence, November 13, 2020

Share Blog Post

In any security breach, customers are always at the receiving end. In the last 24 hours, the cyber domain has witnessed a data breach on millions of Vertafore customers due to a human error. The insurance software provider exposed details of its customers who were Texas drivers. Meanwhile, details on CostaRicto, a new hacker-for-hire mercenary group were published by a security team. Reportedly, the group could be based in South Asia.

In addition to breaches and other cybercriminal activities, researchers discovered security flaws that could revive DNS cache poisoning attacks. These flaws can allow off-path threat actors to inject a malicious DNS record into a DNS cache. 

Top Breaches Reported in the Last 24 Hours

Texas drivers exposed
An insurance software provider, Vertafore, admitted undergoing a breach that exposed the details of 27.7 million Texas drivers. The exposed data included drivers’ names, license numbers, addresses, dates of birth, and vehicle registration histories. The incident took place as a result of human error in data files that were inadvertently stored in an unsecured external storage service.

Retailer suffers credential stuffing attack
Following a credential stuffing attack, outdoor retail giant, The North Face, has reset the passwords for its customers. The attackers could gain access to personal information stored on customers’ accounts at the retailer’s website. Information that may have been compromised includes customers’ names, telephone numbers, billing and shipping addresses, email preferences, and more.

Top Malware Reported in the Last 24 Hours

A secure data leak service
Reportedly, the DarkSide ransomware operators are creating a distributed storage system in Iran to store and leak the stolen data. Till now, the ransomware group has deposited $320,000 on a hacker forum, and receives a 10-25% cut of any ransom payment they generate whereas an affiliate gets 75-90%.

The crawl of Ant and Cockroach
Researchers have uncovered a Magecart threat group responsible for a series of attacks against e-commerce websites. Links to the unique skimmer, dubbed Ant and Cockroach, have been identified with Magecart group 12 via Svyaz, a Russian hosting provider that has hosted domains connected to the skimmer.

Another hacker-for-hire discovered
BlackBerry has published details about CostaRicto, a new hacker-for-hire mercenary group that they discovered earlier this year. The group has launched attacks across different countries in the Americas, Europe, Australia, Asia, and Africa. The attackers primarily rely on stolen credentials or spearphishing emails as the initial entry vector to deliver a malware backdoor named Sombra or SombRAT.

Top Vulnerabilities Reported in the Last 24 Hours

Revival of DNS cache poisoning attacks
A group of academics has uncovered a series of security flaws that could revive DNS cache poisoning attacks, which can allow an off-path threat actor to inject malicious DNS records into DNS cache. Dubbed SAD DNS and tracked as CVE-2020-25705, the findings of the vulnerability were demonstrated this week at the ACM Conference on Computer, and Communications Security (CCS ‘20).

Bugs can enable network takeover
Three remote code execution security vulnerabilities were found in Silver Peak’s Unity Orchestrator, an SD-WAN management platform. These bugs can be chained together and allow network takeover by unauthenticated attackers.

Advisories for flaws in PLCs
Schneider Electric released security advisories for several vulnerabilities affecting multiple products, including four issues that can be abused by attackers to take over Modicon M221 programmable logic controllers (PLCs). Failure to apply the mitigations provided by the company can enable unauthorized users to replay authentication sequences.

Top Scams Reported in the Last 24 Hours

Fake endorsements for bitcoin investments
Advertisements run by Bitcoin Era, a cryptocurrency trading platform, claimed that Bear Grylls, a popular television celebrity, made huge sums of money by using their unique trading algorithm. In reality, the celebrity did not invest in the platform and their algorithm is just another way to trap people into cryptocurrency scams.

Are you buying a gift card?
State employees are being targeted by email phishing and text message campaigns in which the scammer poses as a Massachusetts government leader. In such campaigns, threat actors designed email addresses to spoof Commonwealth leadership by using social engineering tactics, asking the target to buy a gift card.


 Tags

silver peak unity orchestrator
bitcoin investment scam
darkside ransomware
ant and cockroach skimmer
costaricto
the north face
credential stuffing attack
driver information leak
dns cache poisoning
vertafore
schneider electric modicon plcs

Posted on: November 13, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!