Cyware Daily Threat Intelligence November 16, 2018

The Malware Reported in the Last 24 Hours

Trickbot vs Emotet
Security experts have discovered that Trickbot has overtaken Emotet as the top-ranking malware threat. Trickbot has infected numerous victims across Europe, the Middle East, and Africa. However, the US was hit the hardest by the banking malware. Trickbot targets a wide array of international banks via its webinjects, it is also capable of stealing cryptocurrency from Bitcoin wallets. Trickbot typically spreads via malicious spam campaigns. It can spread via spear-phishing emails disguised as unpaid invoices or requests to update account information. 

tRAT
The TA505 threat group, which is considered to be one of the most prolific financially motivated hacker group, has been observed delivering the Khalesi malware. tRAT is a new remote access trojan that is believed to contain reconnaissance functionalities. Experts believe that TA505 may be testing out tRAT to determine its effectiveness. TA505 is responsible for cyber attacks using the banking Trojan Dridex in 2014 and the Locky ransomware in 2016 and 2017.

Top Breaches Reported in the Last 24 Hours

Pathe
the Dutch branch of the French Film production and distribution company Pathe suffered a data breach. The firm lost over 19 million euros to BEC scammers and the lost funds may or may not have been recovered. The cybercriminals targeted the email IDs of the CEO and tricked the firm into paying out over 19 million euros. The BEC scammers are believed to have had a good idea of the company’s internal workings in order to carry out this attack. They were successful in hindering the Chief Financial Officer from confirming the transactions via phone. 

Health data breach
Midlands Regional Hospital in Tullamore was hit by a ransomware attack. The attack affected the organization's Laboratory Information System and associated IT infrastructure. The organization said that no patient records and the wider health services remained unaffected. It is still unclear whether the organization received a ransom demand or whether they ended up paying the cybercriminals. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.