Cyware Daily Threat Intelligence October 4, 2018

Top Malware Reported in the Last 24 Hours

Betabot
Security researchers have recently observed an uptick in Betabot malware infections. Betabot is a data-stealer and allows attackers the ability to hijack targeted systems. Betabot has been updated since it first appeared and now also contains modules that can steal banking data and cryptomining. Betabot also contains detection evading features such as anti-debugging and anti-sandbox techniques. 

APT10 malware attacks
The Chinese threat actor group APT10 has been conducting new campaigns against cloud service providers across the globe. The hacker group has been using a new bespoke malware dubbed RedLeaves. Over the past few years, APT10 has used several malware strains - SOGU, HAYMAKER, SNUGRIDE, and QUASARRAT. Over the years, APT10 has evolved from using common malware to deploying customizes module-packed malware in its attacks. The most recent campaign against cloud service providers suggests that the threat group will continue expanding its scope of attacks.

Top Breaches Reported in the Last 24 Hours

Gwinnett Medical Center
The non-profit healthcare organization Gwinnett Medical Center suffered a data breach that exposed some of its patients' personal information. 40 patients had their information accessed and exposed online. The names, dates of birth, and gender were accessed by an unauthorized party and exposed on Twitter. Although the identity of the attackers is still unknown, some believe that the attack may the work of a threat group known as Particle Matrix. 

SBM Holdings 
Mauritius-based SBM Holdings acknowledged that Indian operation unit suffered a breach that saw cybercriminals make away with around $14 million. Although it is still unclear as to how the breach occurred, the incident is being classified as cyber fraud. The bank said that no customers were affected by the breach and that its Indian operations would continue functioning as normal. SBM Holdings has launched an investigation into the incident and has also initiated recovery efforts to reclaim access to the stolen funds.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.