Cyware Daily Threat Intelligence November 16, 2018

Security experts have discovered that Trickbot has overtaken Emotet as the top-ranking malware threat. Trickbot has infected numerous victims across Europe, the Middle East, and Africa. However, the US was hit the hardest by the banking malware. Trickbot targets a wide array of international banks via its webinjects, it is also capable of stealing cryptocurrency from Bitcoin wallets. Trickbot typically spreads via malicious spam campaigns. It can spread via spear-phishing emails disguised as unpaid invoices or requests to update account information. 

The TA505 threat group, which is considered to be one of the most prolific financially motivated hacker group, has been observed delivering the Khalesi malware. tRAT is a new remote access trojan that is believed to contain reconnaissance functionalities. Experts believe that TA505 may be testing out tRAT to determine its effectiveness. TA505 is responsible for cyber attacks using the banking Trojan Dridex in 2014 and the Locky ransomware in 2016 and 2017.

the Dutch branch of the French Film production and distribution company Pathe suffered a data breach. The firm lost over 19 million euros to BEC scammers and the lost funds may or may not have been recovered. The cybercriminals targeted the email IDs of the CEO and tricked the firm into paying out over 19 million euros. The BEC scammers are believed to have had a good idea of the company’s internal workings in order to carry out this attack. They were successful in hindering the Chief Financial Officer from confirming the transactions via phone. 

Midlands Regional Hospital in Tullamore was hit by a ransomware attack. The attack affected the organization's Laboratory Information System and associated IT infrastructure. The organization said that no patient records and the wider health services remained unaffected. It is still unclear whether the organization received a ransom demand or whether they ended up paying the cybercriminals.