Cyware Daily Threat Intelligence September 17, 2018

Top Malware Reported in the Last 24 Hours

Kraken Cryptor
A new version of the Kraken ransomware called Kraken Cryptor 1.5 was found disguised as the legitimate anti-malware program - SuperAntiSpyware. The ransomware has a list of modules and when enabled, the public encryption key, emails, extensions are encrypted by it. The cybercriminals behind the ransomware have been demanding 0.25 bitcoins as ransom.

WannaMine
WannaMine is a fileless, PowerShell-based, Monero-mining malware attack which originated a year ago. The malware is still spreading, now targeting Fortune 500 companies. WannaMine has already infected around 2,000 endpoints. The malware also uses the same leaked NSA exploits that were used by the WannaCry and the NotPtya ransomware variants in 2017.

SAVEfiles ransomware
A newly discovered ransomware variant called SAVEfiles is being distributed by the Fallout exploit kit (EK). Attackers use this EK by hacking into sites or generating new ones that they then host the exploit kit scripts on. It attempts to exploit vulnerabilities in VBScript and Flash Player on visitors’ machines. The ransomware is currently targeting Japan, France, and other nations. 

Top Breaches Reported in the Last 24 Hours

Bristol Airport cyberattack
Bristol Airport suffered a ransomware attack that took down the airport's flight display screens for two days. The attack left the information screens completely blank and inoperable. No ransom had been paid to get the systems working again. An airport spokesman said the information screens were taken offline early to contain the attack. Flights were unaffected and there had been no concerns over the safety or security systems installed in the airport. Experts believe that this attack was a speculative attempt rather than a targeted attack. 

EOSBet app hacked
The blockchain-based gambling app EOSBet was hit by hackers who stole over $200,000 worth of EOS. Following the attack, the app was taken offline. Experts believe that the attackers exploited a vulnerability in the app's smart contracts system to carry out the attack. The attackers managed to transfer funds to a wallet they controlled, which was designed to look similar to the EOSBet wallet. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.