Cyware Daily Threat Intelligence, September 17, 2020

Share Blog post

Cerberus’ source code, one of the most dangerous trojans, has been released on underground hacking forums following a failed auction. The leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector at large.

The past 24 hours also witnessed a ransomware attack on University Hospital New Jersey (UHNJ). The attack was carried out by SunCrypt ransomware attackers who stole around 240 GB of data from the organization, 1.7 GB of which was leaked on the website.

Moreover, researchers discovered that the Mozi botnet accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020.

Top Breaches Reported in the Last 24 Hours

UHNJ hit by ransomware
University Hospital New Jersey (UHNJ) has suffered a massive attack from SunCrypt ransomware that encrypted around 48,000 documents. Following the attack, the attackers have stolen around 240 GB of data, 1.7 GB of which is leaked on the website. The leaked data includes patient information such as copies of driving licenses, Social Security Numbers (SSNs), dates of birth, and records about the Board of Directors.

Cyberattack on Quebec DoJ
The Quebec Department of Justice (DoJ) was hit in a cyberattack in which malicious actors used Emotet trojan to infect 14 inboxes under the Department’s jurisdiction. As a result, the attackers were able to access the emails sent to these addresses.

Windeln.de data breached
A misconfigured Elasticsearch database exposed 882 GB worth of data from 70 dating and e-commerce sites before it was secured. The exposed data included invoices, full names, IP addresses, internal logs, phone numbers, email addresses, home addresses, and hashed passwords.

Artech Information Systems affected again
Artech Information Systems has been hit for the second time in nine months. This time, the firm has suffered an attack from Maze ransomware. Attackers deployed the ransomware three days after gaining unauthorized access to some of the company’s systems.

Top Malware Reported in the Last 24 Hours

Mozi botnet
Researchers discovered that the Mozi botnet accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020. The botnet’s capabilities include performing DDoS attacks, stealing data, and sending spam.

Source code of Cerberus trojan leaked
The source code of the Cerberus banking trojan has been released on underground hacking forums following a failed auction. The trojan is capable of conducting covert surveillance, intercepting communications, tampering with device functionality, and stealing data.

Top Vulnerabilities Reported in the Last 24 Hours

h2c smuggling
Security researchers have discovered a new type of HTTP request smuggling attack called ‘h2c smuggling’ It can be used to bypass security controls by slipping in malicious web requests alongside legitimate ones. The attack occurs when a hacker uses h2c to send requests to an intermediary server, which can then evade the server access controls.

Top Scams Reported in the Last 24 Hours

Fake Zoom alerts
Taiwan’s CERT detected cybercrooks impersonating medical authorities to attack the country’s tech industry during the early stages of the COVID pandemic. The spoofed organizations include the World Health Organization and America’s Centers for Disease Control. Phishers also targeted the National Health Commission that existed in mainland China.

 Tags

cerberus banking trojan
university hospital new jersey uhnj
mozi botnet
h2c smuggling

Posted on: September 17, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!