Go to listing page

Cyware Daily Threat Intelligence, October 06, 2022

Cyware Daily Threat Intelligence, October 06, 2022

Share Blog Post

RatMilad has surfaced as new spyware in the Middle East and is being distributed through a fake virtual number generator app. Researchers opine that the threat actors can use the stolen data to access private corporate systems, perform extortion, and more. In another update, Blackbyte introduced the new Bring Your Own Driver technique to cripple more than 1,000 drivers, preventing multiple EDR and antivirus products from operating normally.

Malware threats were galore in the past 24 hours. A new malware variant has been observed exploiting Microsoft SQL servers, impacting hundreds of systems. The campaign has widespread impact in South Korea, China, Russia, India, Vietnam, Thailand, Germany, and the U.S.

Top Breaches Reported in the Last 24 Hours


Financial institutions in Egypt under attack
Cybersecurity firm Resecurity spotted a campaign EG Leaks, blurting out payment card details stolen from financial institutions in Egypt. In a disclosure on a Telegram channel, cybercriminals laid bare details from 12,229 credit cards, including PII of customers of major banks in Egypt. Researchers warn that data released by the cybercriminals could be used for identity theft and financial fraud via various phishing techniques.

Arizona disclosed data breach
The City of Tucson, Arizona, confirmed a breach leaking the personal information of 123,513 individuals. Hackers reportedly accessed an undisclosed number of files containing sensitive information, including SSNs. Officials claim adversaries may have copied certain files. The threat actors had access to the network between May 17 and May 31.

DDoS attack on government sites
State-government website of Colorado, Kentucky, Mississippi, and others, were offline in the the wake of a cyberattack. Killnet, a russian threat group, claimed responsibility for website outages. Images, as a proof of crime, was shared on the group’s Telegram channel, showing sites run by dozens of U.S. state governments. 

Top Malware Reported in the Last 24 Hours


Free decrypter for Hades ransomware
Avast dropped a free decryptor for victims of Hades ransomware. The decryptor works against its variants tracked as MafiaWare666, Jcrypt, BrutusptCrypt, and RIP Lmao. Victims of these ransomware strains will now be able to recover their files without paying the ransom. It was made possible after the security company found a bug in the ransomware’s encryption process.

RatMilad Spyware in the Middle East
Mobile security firm Zimperium uncovered a new Android spyware, dubbed RatMilad, sneaking into users’ mobile devices in the Middle East. Researchers have warned that the malware could be used by cybercriminals for numerous purposes ranging from cyberespionage to eavesdropping on victims' conversations. On a victim’s device, RatMilad hides behind a VPN connection to steal data.

Bring Your Own Driver
The BlackByte ransomware group began to leverage a new technique - Bring Your Own Driver. Through this, hackers can bypass security walls of over 1,000 drivers used by security solutions. It also involved a version of the MSI Afterburner RTCore64.sys driver that was vulnerable to a privilege escalation and code execution bug identified as CVE-2019-16098. The vulnerable drivers are signed with a valid certificate and run with high privileges on the system.

Maggie malware face off Microsoft servers
A new malware strain named Maggie is targeting Microsoft SQL servers and has already backdoored hundreds of machines globally. The malware boasts simple TCP redirection functionality that can allow a remote hacker to connect to any IP address the infected MS-SQL server can reach. The malware’s capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers.

Top Vulnerabilities Reported in the Last 24 Hours


Details out for a macOS flaw
Apple device management firm Jamf shared details about a now-addressed security flaw in Apple's macOS operating system. Tacked as CVE-2022-32910, the bug lies in the built-in Archive Utility that could lead to execution of unauthorized apps without displaying any security prompts. Archive files downloaded on infected systems are tagged with the ‘com.apple.quarantine’ extended attribute.

 Tags

ratmilad spyware
microsoft sql servers
macos flaw
the city of tucson
blackbyte
bring your own driver
eg leaks

Posted on: October 06, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.