Cyware Daily Threat Intelligence, October 12, 2020

Share Blog post

Security experts have made a big catch in the cyber landscape! After several months of investigation, a team of security experts from FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, Symantec, and the Microsoft Defender have finally taken down the infrastructure of TrickBot trojan. The experts claimed that the trojan had infected more than one million devices before it was dismantled.

In addition to this, a new threat has also been observed in the past 24 hours. Researchers have tracked a new voice phishing scam that uses the deepfake technology. As a result, a U.K.-based energy firm has lost $250,000 to fraudsters.

Top Breaches Reported in the Last 24 Hours

Software AG attacked
IoT specialist, Software AG, is the latest tech company to fall victim to a Clop ransomware attack that lasted for almost a week. There are no indications of services to the customers, including the cloud-based services, being disrupted. As per the notification on October 8, the company was struggling to fully contain the attack. Meanwhile, the hackers have claimed to have obtained more than one million files.

HomeWAV exposes data
HomeWAV, which serves a dozen prisons across the U.S, left a dashboard for one of its databases exposed to the internet without a password. This allowed anyone to read, browse, and search call logs between inmates and their family members. The call logs also showed phone numbers of the callers and the duration of calls.

NATO data leaked
A threat actor going by the online name Spectre123 has shared sensitive documents of NATO and Haveslan online. The documents include Statement of Work files, proposals, contracts, 3d designs, resumes, excel sheets containing raw materials information, and financial statements. It is unclear if the attack is a case of hacktivism or cyber espionage.

Top Malware Reported in the Last 24 Hours

Trickbot down
A team of security experts from FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, Symantec, and the Microsoft Defender took down the backend infrastructure of the Trickbot malware in a coordinated effort. The experts made it possible after spending months collecting more than 125,000 TrickBot samples. According to the coalition members, the trojan had infected over one million computers, including many IoT devices.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Confluence plugins
Several Cross-Site Scripting (XSS) vulnerabilities found in five of Confluence plugins have been fixed by vendors. The flaws could allow attackers to inject malicious JavaScript code into pages within the corporate collaboration platform. The affected plugins in question are PlantUML, Refined, Linking, Countdown Timer, and Server Status. The vendors have urged customers to update their installations to the latest versions.

Top Scams Reported in the Last 24 Hours

Deepfake phishing
A U.K.-based energy firm has lost almost $250,000 in a voice phishing scam using deepfake audio technology. The crime was executed by tweaking the machine learning technology, utilizing spyware, and using devices that allowed fraudsters to gather several hours of recordings of their victim. After creating the voice model, the fraudsters used it against the target.

 Tags

symantec antivirus
fs isac
software ag
deepfake technology
homewav
lumens black lotus labs

Posted on: October 12, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!