Go to listing page

Cyware Daily Threat Intelligence September 10, 2021

Cyware Daily Threat Intelligence September 10, 2021

Share Blog Post

Meet Meris, the new and sophisticated DDoS botnet that has emerged to terrorize the internet. Responsible for some of the biggest DDoS attacks recorded in the last three months, the botnet is capable of infecting around 250,000 devices. Several financial institutions and internet service providers across Russia, the U.K., the U.S, and New Zealand are already bearing the brunt of the Meris botnet attacks. One of the significant attacks was targeted against Yandex that observed a record of 21.8 million requests per second.  

Not just botnets. There have also been reports on threats from the recently discovered SideWalk backdoor and SOVA trojan. While the SideWalk has been found targeting a range of organizations across Vietnam, Taiwan, the U.S, and Mexico, the new version of the SOVA trojan comes with a myriad of features to target Android users.       

Top Breaches Reported in the Last 24 Hours

Update on UN network data breach
A threat actor used the stolen credentials of a United Nation employee to gain unauthorized access to networks and steal information from the organization in April. This happened after the threat actors hacked the organization’s proprietary project management software, Umoja. The stolen data can be used in the future to target other agencies within the UN.

MyRepublic suffers a breach
MyRepublic has suffered a security breach due to a third-party data storage platform. The incident had affected almost 80,000 mobile subscribers in Singapore. The affected systems contained scanned copies of national identity cards and residential addresses of foreign residents.

Virginia Defense department affected
Email accounts belonging to the Virginia Defense Force and the Virginia Department of Military Affair were impacted in a cyberattack in July. However, the officials claim that the Virginia Army National Guard and Virginia Air National Guard IT infrastructure were not affected by the attack. 

Top Malware Reported in the Last 24 Hours

New variant of SOVA malware 
A new version of the SOVA banking trojan comes with a myriad of features to target Android devices. This includes stealing credentials and session cookies through web overlay attacks, recording keystrokes, and manipulating the clipboard to insert modified cryptocurrency wallet addresses. The malware was first discovered in August 2021 and researchers believe that attackers plan to incorporate DDoS attack modules, ransomware, and an interception for two-factor authentication codes in the future. 

New Meris botnet
Meris is a new botnet that was used as a part of recent DDoS extortion attacks against internet service providers and financial institutions across Russia, the U.S, the U.K., and New Zealand. The botnet is capable of infecting around 250,000 devices to launch some of the biggest DDoS attacks recorded in the last three months. One of the significant attacks was targeted against Yandex that observed a record of 21.8 million requests per second. 

New SideWalk campaign
The SideWalk backdoor has been linked to a new attack campaign launched by a lesser-known Chinese threat actor group Grayfly. The campaign was used against multiple organizations in Taiwan, Vietnam, the U.S, and Mexico.   
 
Top Vulnerabilities Reported in the Last 24 Hours

New Spook.js attack
A newly discovered side-channel attack dubbed Spook.js can be used against Google Chrome to bypass the web browser’s security defenses and retrieve sensitive information. A group of researchers demonstrated the attack method by stealing a wide range of information such as phone numbers, bank account information, credit card details, usernames, passwords, and even Google Photos of users.   

 Tags

meris botnet
myrepublic
ddos botnet
sidewalk backdoor
sova trojan
spookjs attack

Posted on: September 10, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.