Cyware Daily Threat Intelligence, November 29, 2019

See All
The hospitality sector continues to be a high-value target for cybercriminals as it possesses a huge trove of customers’ Personally Identifiable Information (PII). In the past 24 hours, security experts have uncovered two new threat actor groups targeting hotels, restaurant chains, and tourism services. These groups are RevengeHotels and ProCC. Though different, these groups have been found using similar tools, techniques, and procedures to launch attacks.

Apart from RevengeHotels and ProCC, another threat actor group called RedCurl has been detected conducting cyberespionage campaigns against insurance, consulting, mining, ironworks, retail, and construction companies. The primary purpose of this group is to steal agreements and information about payments and contracts.

In other development, the National Cyber Security Center (NCSC) in the Netherlands has informed that at least 1,800 companies are affected by three ransomware strains across the world. The ransomware in question are LockerGoga, MegaCortex, and Ryuk.

Top Breaches Reported in the Last 24 Hours

Palo Alto Networks suffers a breach
Palo Alto Networks has suffered a security breach which resulted in the leakage of personal data of both past and present employees. The incident occurred after a third-party vendor inadvertently shared the details online. The compromised information includes names, dates of birth, and social security numbers of employees.

Datrix suffers a breach
Cloud services provider Datrix has suffered a phishing attack that resulted in the compromise of some of its customers’ contact details. Upon discovery, Datrix had shut the compromised email account within 15 minutes, preventing any further compromise of emails. The phishing attack was designed to defraud the company and appropriate company funds.

Job portal data hacked
Threat actors have managed to access an unprotected database containing login credentials for 500,000 users of the portal jobinmoscow.ru. Experts note that along with login credentials, the database also included resumes containing personal information of applicants.

Top Malware Reported in the Last 24 Hours

RevengeHotels and ProCC
Researchers have uncovered two new threat actor groups targeting the hospitality sector. The groups called RevengeHotels and ProCC have been found using separate but similar infrastructure, tools, and techniques to launch attacks. One of the tactics used by these groups is highly targeted spear-phishing messages. They register typo-squatting domains impersonating legitimate companies to trick victims. The emails sent by these groups include details regarding hotel bookings.

Ransomware attack makes a huge impact
National Cyber Security Center (NCSC) in the Netherlands has informed that at least 1,800 companies are affected by three ransomware strains across the world. The ransomware trio named by the NCSC are LockerGoga, MegaCortex, and Ryuk. Although the names of affected companies are not known, NCSC has reported that victim sectors include the automotive industry, construction, chemical, health, food, and entertainment.

RedCurl threat actor group
Attacks from a new group called RedCurl have been detected in 2019. The group has launched attacks against insurance, consulting, mining, ironworks, retail, and construction companies for espionage and financial theft purposes.

Thanksgiving phishing attack
New email campaigns are underway that are disguised as Thanksgiving Day greeting cards and office closing notices with last-minute invoices. The campaign is being used to distribute Emotet trojan and other malware. The malware is delivered in a Word document attached within emails.

Top Vulnerabilities Reported in the Last 24 Hours

FBI warns about unsecured smart TVs
The Federal Bureau of Investigation (FBI) has issued security guidelines for new smart TV buyers with an aim to keep hackers away from hacking smart TVs. The law enforcement agency has warned customers that hackers can gain access to TVs through the internet, allowing them to spy through the camera and microphone or change channels. The criminals can further abuse smart TVs to play inappropriate videos. As a part of the security measures, customers have been asked to change the security settings that are on the default option.

Top Scams Reported in the Last 24 Hours

Black Friday scam
Black Friday and Cyber Monday shoppers are being warned about an online scam that involves rare sneakers. The scam involves the promotion of the item in the form of an advertisement or post that pops up on Instagram’s promotion sale. Victims have been tricked into paying hundreds of dollars for this rare pair of sneakers which actually does not exist. To make the ads look legitimate, the scammers have been found running an account that has good photos and a lot of followers.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, December 02, 2019
Next
Cyware Daily Threat Intelligence, November 28, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.