Go to listing page

Cyware Daily Threat Intelligence, November 28, 2022

Cyware Daily Threat Intelligence, November 28, 2022

Share Blog Post

The threats surrounding the COVID-19 pandemic are still relevant, at least to those who track information related to COVID-19 infection. Recently, researchers took the wraps off of the Punisher ransomware strain that is being used by cybercriminals against users tracking information related to Covid-19 infection. Meanwhile, a new advisory warns about the ‘Bleed You’ campaign wherein hackers are sharing exploits on underground forums to launch attacks against Windows Internet Key Exchange (IKE) Protocol Extensions.

In yet another incident, scammers abused the website of a top European football club to spike traffic for a likely fraudulent online gaming website. While the official website is hosted on AWS, the suspicious subdomain was on Google Cloud DNS.

Top Breaches Reported in the Last 24 Hours


Twitter records for sale
It is estimated that personal records pertaining to over 5.4 million Twitter users, containing non-public information, are being shared for free on the dark web. The data was reportedly extracted by exploiting an API flaw that was fixed in January. The leaked information includes the phone numbers and email addresses of the users.

Iran’s top news agency targeted
Hacker group Black Reward penetrated the networks of Fars News Agency in Iran and claimed to have deleted about 250TB of data from its servers and systems. According to sources, hackers accessed the confidential bulletins and directives sent by the news agency to the office of Supreme Leader Ali Khamenei.

Ransomware attack on Belgium police
All data with the Zwijndrecht police in Antwerp, Belgium, from 2006 until September 2022 was published by the Ragnar Locker ransomware group. The leak exposes thousands of car number plates, fines, personnel details, investigation reports, crime report files, and more. This particular attack was originally planned against the municipality of Zwijndrecht.

Canadian menswear suffers breach
Canadian retailer Harry Rosen revealed it fell victim to a cyberattack. Ransomware group BianLian has listed the company as a victim on its leak site and released a 1GB file as proof of its attack. Written for Windows systems in the Go language, the ransomware presumably runs its encryption at a much greater speed. The lesser-known ransomware group was initially spotted in August.

Top Malware Reported in the Last 24 Hours


Punisher ransomware use COVID-19 theme
Cyble Research and Intelligence Labs (CRIL) laid bare a variant of Punisher ransomware that has been propagating through a COVID-19 theme-based phishing website. Disguised as a COVID tracking application, it targeted Chilean users and demanded the equivalent of $1000 in BTC for decrypting the files of the victims.

Top Vulnerabilities Reported in the Last 24 Hours


‘Bleed You’ abuses critical Windows flaw
Security company Cyfirma outlined a series of exploits in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions for CVE-2022-34721. The critical bug may have been exploited to target almost 1000 systems. Microsoft added that IKEv2 is not impacted, however, all Windows Servers are vulnerable as they accept both V1 and V2 packets.

Top Scams Reported in the Last 24 Hours


Scammers hit FC Barcelona Website
Cyber adversaries used FC Barcelona’s official website in a sophisticated third-party fraud campaign. The analysis by Cybernews exposed a nameserver (NS) record mismatch between the second and third-level domains, meant to redirect visitors to a potentially fraudulent online gaming platform. FC Barcelona’s website has 5.4 million monthly visitors and ranks among the most visited football club websites.


 Tags

twitter records
covid 19 themed attacks
punisher ransomware
internet key exchange ike
fc barcelona
zwijndrecht
fars news agency
harry rosen
bleed you campaign

Posted on: November 28, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.