Go to listing page

Cyware Daily Threat Intelligence, October 21, 2022

Cyware Daily Threat Intelligence, October 21, 2022

Share Blog Post

The BlackByte ransomware group appears to have hit a key milestone with Exbyte, a new custom data exfiltration tool deployed by the affiliates. Experts aren’t sure who developed the tool but it was identified in at least two attacks involving the ransomware. Separately, operators behind Mirai, RAR1ransom, and GuardMiner have been abusing a vulnerability in VMware products namely VMware Workspace ONE Access and Identity Manager. A patch for the flaw was issued in April, but vulnerable devices continue to expose the patch model of impacted organizations. 

In other news, the exploitation of Text4Shell bug was found under way. WordPress security company Wordfence said that the critical bug, which is being compared with the Log4Shell bug, may have less scope of impact in comparison to the latter.

Top Breaches Reported in the Last 24 Hours


EnergyAustralia fell victim to cyberattack
Australian energy company EnergyAustralia was hit by a cyber incident, affecting the data of hundreds of customers. Unauthorized access was detected to its My Account online platform. All impacted accounts were locked and reviewed for potential data theft. The company claimed no data appears to have been transported outside of the company’s systems.

Top Malware Reported in the Last 24 Hours


One bug targeted by three malware campaigns
Hackers were seen abusing a critical bug in VMware Workspace ONE Access and Identity Manager Attacker to deploy a variety of malware threats. A cybercriminal group was seen dropping a Mirai variant on exposed Linux systems. RAR1ransom operators took the opportunity for encryption-based attacks. Lastly, hackers used GuardMiner for cryptomining attacks.

Meet Exbyte by BlackByte
BlackByte ransomware affiliates have started using a new data exfiltration tool, dubbed Exbyte. It is designed to speed up the process of data stealing from the victim’s network and uploading it to an external server. Written in Go, the Exbyte exfiltration tool helps upload the stolen files to the Mega[.]co[.]nz cloud storage service.

Top Vulnerabilities Reported in the Last 24 Hours


Text4Shell under attack
Wordfence collected evidence of attacks targeting the newly disclosed flaw in Apache Commons Text named Text4Shell. Tracked as CVE-2022-42889, it was assigned a score of 9.8 on the CVSS scale. An attacker could abuse the flaw to open a reverse shell connection with the buggy application simply via a specially crafted payload.

F5’s quarterly security notification
Security and application delivery firm F5 has fixed as many as 18 vulnerabilities affecting its range of products. About a dozen of these bugs were assigned ‘high severity’ rating. A majority of these high-severity bugs could allow a remote, unauthenticated attacker to initiate DoS attacks. BIG-IP users were urged to patch these on priority as flaws in these are frequently targeted in attacks.

 Tags

vmware products
exbyte
energyaustralia
cve 2022 42889
rar1ransom
f5 big ip system
guardminer
mirai variant
blackbyte
text4shell

Posted on: October 21, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.