Cyware Daily Threat Intelligence, October 23, 2019

See All
The cybersecurity landscape is full of surprises, especially when it comes to new malware and attack methods. The past 24 hours saw security researchers uncovering an attack method named CPDoS attack and a malware called MedusaLocker. 

CPDoS is a new form of a web attack that aims at two components of the modern web - web servers and content delivery networks. The attack primarily works by sending an HTTP request with a malformed header. On the other hand, MedusaLocker is a newly discovered ransomware that used the AES algorithm to encrypt victims’ files. Depending on the variants, the ransomware appends the encrypted files with different extensions.

In vulnerabilities, Cisco has issued a security update for a critical flaw affecting REST API virtual service container for IOS XE software. The flaw has a score of 10 on the CVSS scale and can allow attackers to bypass authentication on managed devices.

Top Breaches Reported in the Last 24 Hours

The Heat Group attacked
A ransomware attack at the cosmetic business ‘The Heat Group’ had caused the firm to shut down its entire operation. The incident had occurred earlier this year, causing the business to lose $2 million. The attackers had compromised online documents and files and asked a ransom equivalent to $40,000 in Bitcoins.

Kalispell Regional Healthcare data breach
Kalispell Regional Healthcare has suffered a data breach resulting in the leak of 129,000 health records. The leak happened after multiple employees had unknowingly provided their email login credentials to the phishers. This had enabled the scammers to access patients’ personal information including names, addresses, medical record numbers, email addresses, dates of service, medical bill account numbers, and health insurance information.

AWS suffers DDoS attack
Amazon Web Services has been hit by a DDoS attack, resulting in an outage that affected many websites. This allowed miscreants to overwhelm systems with junk network traffic, thereby rendering services inaccessible. An investigation revealed that there were intermittent Domain Name System (DNS) resolution errors with Route 53 and its external DNS providers such as ELB, RDS, and EC2.

Billtrust suffers an outage
U.S. financial services provider Billtrust experienced an outage affecting all of its services. This occurred after some of the company’s computing systems were impacted by a malware attack on October 17, 2019. The company revealed that none of its customers’ data was compromised in the attack.

Top Malware Reported in the Last 24 Hours

CPDoS attack
CPDoS or Cache-Poisoned Denial-of-Service is a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages. The attack process begins after an attacker sends a simple HTTP request containing a malicious header targeting a victim resource provided by some web servers.

MedusaLocker ransomware
New ransomware called MedusaLocker is being actively distributed all over the world. When encrypting files, it skips all files that have the extensions  .exe, .dll, .sys, .ini, .lnk, .rdp, and .encrypted. It uses the AES algorithm to encrypt the files.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco issues a software update
Cisco has issued a software update to address a vulnerability in its IOS XE software. The vulnerability has scored a critical 10 out of 10 on the CVSS scale. The vulnerability resided in the REST API virtual service container for the Cisco IOS XE software. It can be exploited to bypass authentication and execute privileged actions on the affected device.

Vulnerable robots at HIS Group
A zero-day flaw has been uncovered in the robots used at Henn na Hotel managed by the Japanese hotel chain HIS Group. The flaw could allow attackers to access video footage via the streaming app of their choice by tapping an NFC tag to the back of the robot’s head.  

Top Scams Reported in the Last 24 Hours

BEC fraud scam
Three people, who stole roughly $11,900,000 from 12 different companies were arrested in Spain. The affected businesses were located in Belgium, Venezuela, Bulgaria, Norway, the United States, Germany, Luxembourg, Portugal, Chile, and the United Kingdom. The convicts have been sentenced with multiple charges like a continued scam, money laundering, disclosure of secrets, documentary falsehood and more. So far, $1,660,662 has been recovered from the stolen amount.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, October 24, 2019
Next
Cyware Daily Threat Intelligence, October 22, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.