Go to listing page

Cyware Daily Threat Intelligence, October 05, 2021

Cyware Daily Threat Intelligence, October 05, 2021

Share Blog Post

The versatile and powerful Python language is bearing fruits for cybercriminals as well. A new strain of Python-based ransomware has enabled its operators to achieve the encryption process on a corporate network in less than three hours. Researchers claim it to be one of the fastest recorded attacks achieved by exploiting VMware virtual machines.

An undocumented UEFI bootkit named ESPecter has left researchers puzzled as the discovery reveals its roots going back all the way to at least 2012. It is interesting to note that the newly found ESPecter has undergone significant changes during this time period, which raises a question about the extent of the attack.

On the brighter side, this month’s first Patch Tuesday updates is out with Google releasing security patches for over 50 flaws affecting several Android components.

Top Breaches Reported in the Last 24 Hours

Two Indiana hospitals affected
Two hospitals in Indiana—Johnson Memorial Health in Franklin and Schneck Medical Center—are recovering from cyberattacks that occurred last week. The attacks had affected their IT systems.

Syniverse discloses a breach
A major telecom service provider Syniverse has revealed a five-year-long data breach incident that impacted hundreds of its customers. The unauthorized access to its operational and IT systems was subsequently found to be ongoing since May 2016.

AvosLocker auctions stolen data
The operators of AvosLocker ransomware have updated their tactics in which they plan to auction the stolen data stolen from victim companies. This is the second ransomware after REvil ransomware to sell stolen data instead of releasing it for free.

APT41 espionage
Chinese cyberespionage group APT41 has been linked with a new malware campaign that leveraged different themes to target users in India. These lures either promised information regarding income taxation rules or COVID-19 advisories.

Top Malware Reported in the Last 24 Hours

ESPecter bootkit
A previously undocumented UEFI bootkit, ESPecter, has been found to be in use by attackers since 2012. The bootkit enabled threat actors to deploy backdoor on Windows systems by hijacking the Windows Boot Manager. The bootkit can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates the attackers to carry on with their espionage activities.

New ransomware discovered
A new ransomware written in Python language includes the capability to encrypt virtual machines hosted on VMware ESXi servers. It works by shutting down the virtual machines, overwriting the original files stored on the datastore volumes, and later encrypting files.

Top Vulnerabilities Reported in the Last 24 Hours

New LANtenna Attack
A newly discovered LANtenna Attack can enable attackers to stealthily siphon highly sensitive data from air-gapped systems. The attack employs Ethernet cables as a transmitting antenna to pilfer the data.

Google patches over 50 flaws
Google has patched over 50 serious vulnerabilities affecting its Android system components. These include a privilege escalation flaw, two information disclosure flaws, and a denial of service issue. The affected components include Media Framework and Kernel components.

Apache fixes two critical flaws
Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities. One of these flaws, tracked as CVE-2021-41773, is being exploited in the wild and enables actors to launch a path traversal attack.

 Tags

apt41
lantenna attack
vmware virtual machines
python based ransomware
avoslocker
especter

Posted on: October 05, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.