Cyware Daily Threat Intelligence November 5, 2018

IoT botnets Fbot and Trinity are locked in a turf war over unsecured Android devices with exposed ADB ports. These exposed ADB ports can allow attackers to gain control over vulnerable Android devices and steal data and mine for cryptocurrencies. On any given day, there are around 30,000 to 35,000 Android devices that have their ADB ports exposed. This indicates that both Fbot and Trinity have a substantial number of potential devices that they can infect and use to mine for cryptocurrencies. 

A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots the computer. DiskCryptor encrypts the whole disk and then prompts the user to enter a password on reboot. The cybercriminals operating the new ransomware are likely hacking into Remote Desktop Services and installing the ransomware manually onto targeted devices. To stay safe, users are advised to disable RDPs or use VPNs to ensure that remote access is limited only to the VPN account holder. 

Veeco Instruments Inc., a company that manufactures equipment used to make semiconductors, was recently hacked. The firm believes that the attack was orchestrated by a highly sophisticated threat actor. The Securities and Exchange Commission filing did not specify when the intrusion happened but said the attack ‘may have an adverse effect’ on the company's financial condition.

EasyDNS accidentally leaked cloaked contact details of around 1,500 domain owners in Whois query results for a little over 24 hours. The breach exposed identity and contact details, such as names, phone numbers, email addresses, and postal addresses. The breach was caused by a bug in the software used by EasyDNS. The software provider Tucows is the second largest domain registrar in the world and its software is used by EasyDNS to manage domain names. EasyDNS is giving a $7.50 credit for all domains affected. Anyone who paid for Whois privacy as an add-on can contact the support team to get a refund.