Cyware Daily Threat Intelligence October 3, 2018

New DanaBot campaigns have been discovered targeting victims in the US. The banking trojan was first discovered in May 2018 and has since undergone several upgrades, adding new modules. The malware's latest version makes reverse engineering extremely challenging. Since the malware first emerged, it has targeted countries such as Australia Germany, Poland, Italy, and Austria.

The North Korean threat actor Hidden Cobra has been spotted using the FASTCash to target banks in Asia and Africa. The group has been targeting retail payment systems within banks to enable fraudulent ATM cash withdrawals. Experts believe that the actors used spear-phishing emails in targeted attacks against bank employees. The actors also used Windows-based malware to explore a bank’s network to identify the payment switch application server. The cybercriminals also moved laterally across the network using stolen credentials. 

Apollo, a sales engagement startup acknowledged having suffered a data breach that saw hackers steal a database that contained over 200 million contact records. The contacts pertained to clients from over 10 million companies. The compromised data could include name, email address, company names, and other business contact information. Some client-imported data was also accessed without authorization during the breach. 

Canadian restaurant chain Recipe Unlimited was hit by a malware attack that took down thousands of its restaurants across the country. Certain restaurants such as Swiss Chalet, Harvey's, Milestones, Kelseys, Montana's, Bier Markt, East Side Mario's, The Landing Group of Restaurants and Prime Pubs were affected by the breach. Some restaurants were temporarily shut down while others were unable to process credit and debit card payments. As a precaution, Recipe Unlimited took a number of its systems offline and suspended internet access at affected locations.