Cyware Daily Threat Intelligence September 12, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

Kronos/Osiris
Security researchers have discovered a new variant of the Kronos banking trojan called Osiris. The malware is already being leveraged in three different campaigns targeting Germany, Poland, and Japan. The new variant contains features like TOR network command and control (C2), keylogging, and remote control via VNC. This is present alongside with older features like form grabbing and web-injection. Meanwhile, the Kronos malware's source code is being sold on the dark web for a whopping $7,000.

Lazarus backdoor
The prolific North Korean APT group Lazarus is continuing its barrage of attacks, despite the recent charges leveled at a member of the group by the US DoJ. The group was spotted using command-line backdoors and installers. In later years, wiper samples deployed by Lazarus group also contained command line forms of wiper tools. These wipers may have been designed to wipe traces of the attacker’s activities after the campaign has been completed, to leave as little evidence as possible. Researchers fear that the group is getting bolder and cleaning up its operational security to continue with the cyber espionage.

Top Breaches Reported in the Last 24 Hours

FreshMenu
India-based food delivery platform FreshMenu suffered a data breach in July 2016. The breach exposed personal data of over 110,000 customers. The exposed data includes customers' names, email addresses, phone numbers, home addresses, and order histories. It is currently not known whether any customer payment information was leaked from FreshMenu's database.
FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.

Veeam data leak
Veeam, the data backup, and recovery firm, inadvertently exposed over 200 GB of customer records that were stored in an unsecured database. The data exposed included names, email addresses, and some IP addresses. The breach also resulted in over 400 million Veeam customers' emails being leaked. Fortunately, the leaky database, which contained no password protection, was secured shortly after Veeam was notified about the breach. 


 Tags

the lazarus group
lazarus backdoor
osiris
kronos banking malware
veeam
freshmenu
kronososiris malware

Posted on: September 12, 2018



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.