Cyware Daily Threat Intelligence October 25, 2017

BadRabbit ransomware
BadRabbit is a recently found ransomware that is spreading rapidly throughout Russia, Ukraine, and other Eastern European countries. This malware is said to be a variant of NotPetya malware. The malware makes reference to Game of Thrones characters Daenerys Targaryen’s dragons and Grey Worm, indicating that its author is a fan of this TV Series.

Reaper IoT botnet
The new IoT botnet codenamed IoT_reaper has grown massively in a recent couple of months. The botnet is built from IP-based security cameras. Network video recorders (NVRs), and digital video recorders (DVRs). The botnet exploits and coercively takeover unpatched devices.

Tyrant ransomware
A security alert has been issued on Tyrant ransomware from the Iran Computer Emergency Response Team Coordination Center. The distribution of Tyrant ransomware is currently active in Iran and has posed a serious threat the Middle-East country. Also, the ransom note is only in Farsi in addition to using two local payment processors. Appleby data breach
The offshore law and fiduciary firm, Appleby, has admitted to a breach that happened way back in 2016. The firm has clients ranging from the super-rich individuals and international corporations. The Bermuda-based firm has said some of its data had been compromised in the last year’s cyber incident.

CoinHive hijacked
An unknown attacker has hijacked Coinhive's DNS server and replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker's own wallet. Although the company didn’t disclose the loss it incurred it revealed that no account information was leaked during the attack.

Dark Web offers remote access credentials
Some of the hackers who have accessed Remote Desktop Protocol (RDP) credentials via brute force attacks against weak systems, are now selling them on the Dark Web. The Remote Desktop Protocol allows users to remotely connect to computers over a network and is used for remote management. It was reported that the hackers sold the credentials for as low as $3. Korean banks scammed
South Korean banks have claimed that Newegg Inc., the computer parts and accessories retailer, conspired with a South Korean hardware manufacturer to defraud the banks of hundreds of millions of dollars. As a result, four banks who have been victims of the fraud have filed a lawsuit against Newegg Inc.

Hazy QR code cracked
A French entrepreneur put up an interesting contest on a TV program, where he announced a prize money of $1000 to read a partially revealed, hazy QR code and claim the money. To his and everybody’s surprise, two French hackers used their computer skills to reconstruct the blurred-out QR code and claimed the prize.