Cyware Daily Threat Intelligence, October 28, 2020

Share Blog Post

This year, ransomware has been among the most frequently observed threats. Ransomware attacks have become more sophisticated and potent, wreaking havoc on organizations across various sectors. Now, the Australian media monitoring giant—Isentia—was reportedly hit by a not-yet-known ransomware, disrupting some of its online services.

In another camp, North Korean hackers don’t seem to give up. This time, the FBI, CISA, and the US Cyber Command have warned of vicious cyberespionage campaigns launched by the Kimsuky hacker group against several government agencies. Meanwhile, TrickBot is not completely gone even though most of its critical infrastructure has been taken down. The trojan has shifted some of its codes to Linux in an attempt to widen its scope of targets.

Top Breaches Reported in the Last 24 Hours

Ransomware attack on Isentia
Isentia, a media monitoring organization, has allegedly suffered a ransomware attack that disrupted its online services. The firm has reported the incident to the Australian Securities Exchange and is in the process of restoring entire services. Apart from the private sector, the affected customers include federal government entities. 

Global hacking campaign
The North Korea-based Kimsuky hacker group has launched several campaigns with an aim to gather intelligence pertinent to the North Korean regime, as warned by a joint alert published by the FBI, the CISA, and the US Cyber Command. Also known as Velvet Chollima, the group usually leverages spear-phishing emails and watering hole attacks.  

Ransomware attack hits Steelcase
A multibillion-dollar furniture maker, Steelcase, has reportedly fallen victim to a ransomware attack. Although the firm claimed to be unaware of any data theft, it is taking measures to contain the situation by temporarily shutting down the impacted systems and associated operations. 

Another attack on Enel
Enel Group, a multinational energy company, underwent a ransomware attack for the second time this year. The attack has been conducted by Netwalker, who is demanding a ransom of $14 million for the decryption key. The group has, presumably, stolen 5TB of data and has threatened to leak it in the upcoming week in case of non-payment of ransom.

Top Malware Reported in the Last 24 Hours

TrickBot moves to Linux
Efforts to disrupt TrickBot may have not been completely gone to waste with the shut down of most of its critical infrastructure, however, the operators have transferred portions of the trojan’s code to Linux in an attempt to broaden the attack surface. This latest development has been disclosed by Netscout, stating that the Linux Anchor module can implement detection evasion techniques, such as process howling and doppelgänging.

Top Vulnerabilities Reported in the Last 24 Hours

Security issues in link previews
Link previews in popular chat apps, such as LINE, Slack, Facebook Messenger, Twitter, and Zoom, are a treasure trove of privacy and security issues. In the case of LinkedIn and Instagram, the preview feature can allow an attacker to execute remote code on the companies’ servers. The feature can, moreover, lead to the leakage of IP addresses and exposure of end-to-end encrypted chats.

Smart-irrigation systems at risk
More than 100 smart-irrigation systems deployed worldwide were installed without changing the default password, making them vulnerable to malicious attacks. Designed by Mottech Water Management, these irrigation systems were found to be visible on the open internet across Israel, South Korea, the U.S., Switzerland, and France. As per the firm, only 20% of the detected devices have implemented mitigation efforts. 

Top Scams Reported in the Last 24 Hours

Targeted spear-phishing incident
Iranian state-sponsored threat group, Charming Kitten, has been sending spear-phishing emails to high-profile probable attendees of the upcoming Munich Security Conference and Think 20 Summit in Saudi Arabia. As per research by Microsoft, these attackers are impersonating conference organizers fake invitations with malicious links to a large number of attendees.


 Tags

enel group
isentia
spearphishing campaign
kimsuky
steelcase
smart irrigation systems
link previews
charming kitten apt
trickbot trojan

Posted on: October 28, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!