Cyware Daily Threat Intelligence, October 13, 2020

Share Blog post

Even after the fall of the TrickBot, the operators are in the news for their another creation, the BazarLoader malware. It has been found that the gang is using the backdoor to deploy Ryuk ransomware on high-value targets.

The Qbot trojan has also returned in a new campaign that uses a fake Windows Defender antivirus theme as part of its defense evasion strategy. The malware is capable of stealing bank credentials, Windows domain credentials, and providing remote access to threat actors.

A heist of over $22 million from Electrum wallet app users has also come to light in the last 24 hours. The campaign, which lasted for around two years, involved victims receiving an unexpected request via a popup message that asked them to update their wallets.

Top Breaches Reported in the Last 24 Hours

Virginia Public School data exposed
Hackers have posted information stolen from a Virginia public school district online. The breached data includes the personal data of students and employees. The school district is currently working to restore its affected systems.

Over $22 million stolen
Cybercriminals have made away with over $22 million from the Electrum wallet app users in multiple campaigns that were carried out over the past two years. The modus operandi involved victims receiving an unexpected request via a popup message that asked them to update their wallets.

London’s Hackney Council targeted
London’s Hackney Council has been targeted in a cyberattack affecting many of its services and IT systems. The investigation is at an early stage and limited information is currently available.

Seyfarth Shaw affected
International law firm Seyfarth Shaw LLP has shut down many of its systems after being hit with ransomware. The firm notes that there is no evidence that client or firm data was accessed in the attack.

The U.S. Census Bureau targeted
The DHS has revealed that threat actors attempted to target the network of the U.S. Census Bureau last year. The attackers were also found conducting vulnerability scans and attempts of unauthorized access.

Intcomex leaks data
Intcomex has leaked nearly 1 TB of its users’ data in a major data breach. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information, and more. Following a failed ransom negotiation, threat actors have leaked almost all data stolen from the firm.

Top Malware Reported in the Last 24 Hours

Qbot botnet returns
Researchers have discovered a new campaign that uses a fake Windows Defender antivirus theme to trick users into enabling Excel macros and distributing Qbot. The malware is capable of stealing bank credentials, Windows domain credentials, and providing remote access to threat actors.

BazarLoader’s new partner
The TrickBot gang has been found using BazarLoader malware to deploy Ryuk ransomware on high-value targets. The infection process starts with a phishing email. After infecting a computer, BazarLoader will use process hollowing to inject the BazarBackdoor component into legitimate Windows processes such as cmd.exe, explorer.exe, and svchost.exe.

Top Vulnerabilities Reported in the Last 24 Hours

Acronis patches flaws
Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges. The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals. Tracked as CVE-2020-10138 (CVSS score 8.1), the first of the bugs affect Acronis Cyber Backup 12.5 and Cyber Protect 15 and resides in a privileged service that uses “an OpenSSL component.

 Tags

trickbot malware
ryuk ransomware
electrum wallet app
bazarloader malware
qbot trojan

Posted on: October 13, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!