Go to listing page

Cyware Daily Threat Intelligence September 06, 2021

Cyware Daily Threat Intelligence September 06, 2021

Share Blog Post

Ransomware operators are on the top of their big hunting game. With several exploits, cybercrime tools, and attack techniques readily available at attackers’ disposal, dark web marketplaces have piqued the interest of ransomware gangs. Research reveals that several ransomware operators are willing to spend up to $100,000 to purchase access to companies’ networks.  

Meanwhile, the now-defunct REvil ransomware group has likely reappeared in new attack campaigns targeting two internet service providers in the U.K. The gang had launched a series of DDoS attacks against the organizations with an aim to make huge profits through ransom demands.  

Top Breaches Reported in the Last 24 Hours

Ransomware gangs’ new tactic
Research reveals that ransomware operators are heavily relying on dark web marketplaces to purchase the network access of large companies. The result is drawn after analyzing 48 forum posts in which researchers found that 40% of the ads were created by ransomware gangs. One of the posts was linked to BlackMatter ransomware operators who were willing to spend between $3,000 and $100,000 to buy network access. 

Irish Gardaí seizes a cyber gang
Dubliln law enforcement agencies seized the cyber infrastructure of attackers responsible for the HSE cyberattack. The operation is believed to have prevented more than 750 potential ransomware attacks by seizing targeted websites, domain names, and servers.  
Pacific City Bank hit
Pacific City Bank was hit by AVOS Locker ransomware operators who claim to have stolen multiple sensitive documents from the financial institution. The attackers have published some screenshots as proof of the hack.  

Data breach at Dallas school
A data breach at the Dallas public school system affected the personal information of students, parents, teachers, and staff. The breach occurred earlier this month and the exposed data dates back to 2010. Social security numbers, birth dates, contact information, and grades were among the data exposed.

Top Malware Reported in the Last 24 Hours

REvil ransomware reappears
REvil ransomware has made a comeback with a new attack technique to extort its victims. The gang had launched a series of DDoS attacks against two Internet and Telephony Service Providers (ITSP) in the U.K with an aim to extract huge ransom from them.

Top Vulnerabilities Reported in the Last 24 Hours

ProxyShell vulnerabilities exploited
Several threat actors including Conti ransomware affiliates are exploiting three unpatched ProxyShell vulnerabilities to compromise Microsoft Exchange Servers. The flaws—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207—can allow threat actors to conduct remote code execution attacks on Exchange servers. 

Top Scams Reported in the Last 24 Hours

Hurricane Ida-related scam
The US Security and Exchange Commission has warned investors to be wary about the latest investment scams that promise huge returns for those affected in the recent hurricane, Ida. Scammers are luring victims to receive compensation from insurance companies. 

 Tags

dallas public school
servers ddos attacks
revil ransomware group
proxyshell vulnerabilities
pacific city bank

Posted on: September 06, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.