Cyware Daily Threat Intelligence, September 10, 2020

Share Blog post

The discovery and evolution of new malware and attack techniques is an indication that the cyber threat landscape is becoming increasingly sophisticated, year over year. Several such threats have come to light in the past 24 hours. One of these is a newly discovered CDRThief malware that targets a specific VoIP system to steal call data records from telephone exchange equipment.

Two new attacks - Raccoon and BLURtooth - that abuse TLS cryptographic protocol and Bluetooth Classic and Low Energy (LE), respectively, have also been demonstrated by researchers. While the Raccoon attack can allow access to sensitive communications, BLURtooth can reduce the encryption key strength to give additional access to profiles or services.

Top Breaches Reported in the Last 24 Hours

$5.4 million worth crypto stolen
Slovak cryptocurrency exchange, ETERBASE, has fallen victim to a cyberattack where attackers stole cryptocurrency funds worth $5.4 million. Threat actors pilfered the funds from the exchange’s hot wallets, following which the company suspended all transactions until September 10.

SeaChange International hit
SeaChange International, a U.S.-based video delivery software company, disclosed that it had suffered an attack by REVil ransomware during the first quarter of 2020. After the attack, the malicious actors had posted screenshots of affected files to claim ransom from the company.

Inova Health Systems affected
Inova Health Systems has notified its customers about a security breach that occurred due to a ransomware attack on Blackbaud. As a result, the attackers exfiltrated PII of patients and donors of Inova.

Top Malware Reported in the Last 24 Hours

Docker containers attacked
An attack campaign targeting Docker containers has been uncovered recently. The primary purpose of the attackers was to drop both cryptocurrency miners and DDoS bots on a Docker container built using Alpine Linux as its base image. The vulnerabilities exploited in the campaign include CVE-2017-5638 and CVE-2019-3396.

Zeppelin ransomware
Zeppelin ransomware marked its comeback in a wave of attacks spotted in August 2020. The ransomware was distributed via About1.vbs trojan downloader that came hidden inside a macro. The latest campaign has affected around 64 known victims.

New CDRThief malware
A new malware, dubbed CDRThief, has been found targeting specific VoIP systems (Linknat VOS2009/3000 softswitches) to steal call data records from telephone exchange equipment. The stolen data comprises IP addresses of the callers, phone numbers, start time, and duration of the call, its route, and type. The malware sends this information to a C2 server using JSON over HTTP after the compression and encryption process.

Top Vulnerabilities Reported in the Last 24 Hours

Raccoon attack
A team of academics has disclosed a new attack technique that abuses TLS cryptographic protocol to decrypt the HTTPS connection between users and servers. Termed as Raccoon, it can allow attackers to gain access to sensitive communications. The attack primarily targets the Diffie-Hellman key exchange process with an aim to recover several bytes of information. Some vendors such as Microsoft, Mozilla, OpenSSL, and F5 Networks have released security updates to block Raccoon attacks.

BLURtooth flaw
A flaw existing in certain implementations of Bluetooth 4.0 through 5.0 can allow attackers to overwrite or lower the strength of the pairing key, thus giving them access to authenticated services. Named BLURtooth, the flaw affects ‘dual-mode’ Bluetooth devices.

Samsung fixes Android flaws
Samsung has rolled out updates for its Android devices as part of the September 2020 Tuesday Security Updates. All vulnerabilities addressed by this update have either a 'High' or 'Critical' severity, thereby making the update very crucial.

Google fixes 53 CVEs
Google has issued security patches for 53 CVEs affecting Android systems. The most severe of these is a critical RCE vulnerability in the Media Framework. It can enable a remote attacker to execute arbitrary code using specially-crafted files.

89 zero-day vulnerabilities
Researchers are warning users about 89 zero-day vulnerabilities found in plugins of popular Content Management Systems (CMSes). These flaws can be abused to execute a wide range of attacks. The affected CMSes include WordPress, Joomla, Drupal, and Opencart.

SAP announces updates
SAP has released 10 new security notes in this month’s Security Patch Day. Two of these flaws, which are rated ‘Critical,’ affect SAP Marketing - Mobile Channel Servlet, NetWeaver (ABAP Server), and ABAP Platform. The flaws are tracked as CVE-2020-6320 and CVE-2020-6318.

 Tags

blurtooth vulnerability
seachange international
raccoon attack
eterbase
zeppelin ransomware

Posted on: September 10, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!