Cyware Daily Threat Intelligence November 30, 2018

Top Malware Reported in the Last 24 Hours

KingMiner
A new and improved form of cryptomining malware called KingMiner was recently discovered. The malware targets Windows servers, brute forcing the servers to gain access to credentials. The malware was first seen in mid-June 2018 and now has two improved versions. Various evasion techniques are employed to bypass emulation and detection. The cryptominer has already infected victims from Mexico to India, and Norway to Israel. 

CARROTBAT
CARROTBAT is a newly discovered malware family that contains around 29 payloads, including the SYSCON malware or OceanSalt malware. CARROTBAT and its associated payloads are dubbed the ‘Fractured Block’ campaign. CARROTBAT is a dropper that supports 11 decoy file formats ranging from cryptocurrencies to timely political events.

DDoS-capable RATs 
Hackers have been spotted stealthily deploying DDoS-capable RATs via brute-force Butter attacks. The attackers have been targeting already hacked Linux systems, leaving behind a backdoor named Butter. Butter deploys the Samba malware, which can cryptomine, launch DDoS attacks, and more. 

Top Vulnerabilities Reported in the Last 24 Hours

NSA exploits
Cybercriminals have been spotted leveraging the leaked NSA bug - a Universal Plug and Play flaw - UPnProxy. Although patches were released shortly after a cache of NSA exploits were leaked in 2016, researchers estimate that 277,000 devices still remain vulnerable. Experts believe that around 45,000 devices have been compromised via UPnProxy. The campaign, dubbed EternalSilence, appears to be targeting the service ports used by SMB. The flaw can be leveraged in attacks such as spam, phishing, and DDoS.

Zero-day bug
A zero-day vulnerability in the Nuuo NVRmini 2 Network Video Recorder firmware and software has been discovered. The vulnerability could allow hackers to access and modify the camera recordings and tamper with the feeds. The bug exists due to a lack of URI length checks on data combined with a failure to properly sanitize user-supplied inputs.The vulnerable version is NVRmini 2 firmware version 3.9.1 and prior. A patch was released by the company which addresses the flaw.

Top Breaches Reported in the Last 24 Hours

ElasticSearch 
A misconfigured ElasticSearch server leaked the personal information of 57 million US citizens. The database was left online for nearly two weeks. The leaky database contained over 73GB data, including first names, last names, employer IDs, job titles, email addresses, physical addresses, state, ZIP codes, phone numbers, and IP addresses.

Marriott breach
Marriott suffered a massive data breach that impacted over 500 million customers. An unauthorized access to the hotel’s guest database took place on or before September 10. However, the attacker(s) is believed to have been accessing the hotel chain's database since 2014. The breach compromised customers' names, email addresses, passport numbers, and payment information. Affected customers, including the ones from the UK, USA, and Canada, are being notified.

SKY Brazil
SKY Brazil accidentally leaked around 32 million customers' personal information. ElasticSearch server exposed on the Internet without a password. Researchers found 28.7GB of log files and a whopping 429.1GB of API data. The exposed data contained names, home addresses, phone numbers, birth dates, billing details, and encrypted passwords. 

Top Scams Reported in the Last 24 Hours

Microsoftg tech support scam
The Indian police shut down an elaborate tech support scam after complaints were raised by Microsoft. Scammers sent a pop-up on people’s systems using a fake Microsoft logo. The victims were prompted to contact the call center, where the operator, pretending to be a Microsoft employee, tells them that their system had been hacked or attacked by a virus. The victims would then be offered a package of services ranging from $99 to $1,000 to fix the problem. Delhi police raided 16 fake tech-support centers and arrested about three dozen people. Last month, the Delhi authorities arrested 24 people in similar raids on 10 call centers.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.