Go to listing page

Cyware Daily Threat Intelligence, October 22, 2019

Cyware Daily Threat Intelligence, October 22, 2019

Share Blog Post

Malware authors are constantly upgrading existing malware in order to launch more catastrophic attacks worldwide. In the past 24 hours, security researchers have identified new versions of Remcos RAT and Gustuff banking trojan. While the new Remcos RAT variant is distributed via phishing emails, the new version of Gustuff trojan primarily relies on malicious SMS messages to infect Android device users. 

A massive data leak incident affecting sensitive data of millions of patients across the globe has also been observed in the past 24 hours. The data leak occurred due to unsecured databases. The nine organizations in question are Biosoft, ClearDent, DeepThink Health, Essilor, NAIIS, Stella Technology, Tsinghua University Clinical Medical College, VScript, and Sichuan Lianhao Technology Group.

Top Breaches Reported in the Last 24 Hours

Medical companies breached
Unsecured databases belonging to 9 different medical companies have leaked sensitive medical information of their patients. The victim organizations are Biosoft, ClearDent, DeepThink Health, Essilor, NAIIS, Stella Technology, Tsinghua University, VScript, and Sichuan Lianhao Technology. The exposed data includes contact information, prescriptions, treatment information, and medical observations of patients.

NordVPN’s security breach
Hackers have breached the systems used by NordVPN and leaked the private keys used to secure their web servers and VPN configuration files. The company revealed that the incident took place in March 2018 when an unauthorized person accessed a server NordVPN rented from a third-party data center in Finland. Upon discovery, NordVPN launched an investigation and immediately terminated the contract with the server provider.

Home Group data breach
Personal details of thousands of people have been stolen after a data breach at a  Newcastle-based housing association named Home Group. The breach affected customers in properties all over England, including those in North East, North West, and Yorkshire. The data breach involved customer names, addresses, and contact information, but did not compromise any financial data.

Pilz hit by an attack
Germany-based automation tool producer, Pilz, has been down for more than a week after suffering a ransomware infection. The company was infected with the BitPaymer ransomware in mid-October. All servers and PC workstations, including the company's communication, have been affected worldwide in the ransomware attack.

Top Malware Reported in the Last 24 Hours

New Remcos RAT variant
A new variant of Remcos RAT has been found to be distributed via phishing emails. The email purports to be from a valid domain. The email body includes a payment advisory that is part of a social engineering technique to convince victims to access the attached ZIP file. The ZIP file is actually a Windows Shortcut (.LNK) that is disguised as a TXT file.

New version of Gustuff
Gustuff banking trojan has returned with a set of new features. It uses malicious SMS messages to compromise systems. It has been observed primarily targeting Australian banks and digital currency wallets, just like the older campaigns.

Buran ransomware
Security researchers have spotted a new malspam campaign that targeted German organizations with samples of the Buran ransomware. The campaign leveraged phishing emails that impersonated the online fax service eFax. These emails contained hyperlinks to a PHP page that served up malicious Word documents.

SIM-jacking is a new crime where perpetrators obtain important details about their victims to get new SIM cards. They obtain their details either by scouring social media or conning the victims into divulging personal information. The purpose of such attacks is to steal money from a victim’s bank account.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft rolls out a new feature
Microsoft has rolled out a new Office 365 feature dubbed ‘Unverified Sender’ to help users identify potential spam or phishing emails. The indicator is shown in the user's Outlook inbox for messages where the client couldn't verify the sender's identity using email authentication techniques. If Unverified Sender is toggled on, all emails that come from unverified senders will have the sender’s photo or initials replaced with a question mark in the people card.


sim jacking
gustuff banking trojan
buran ransomware
remcos rat

Posted on: October 22, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.