Cyware Daily Threat Intelligence September 18, 2018

Top Malware Reported in the Last 24 Hours

Cryptojacking in India
Several Indian government websites were found infected with cryptocurrency mining malware. The cryptojacking attacks targeted three websites that are subdomains of the Andhra Pradesh state government and receive around 16,000 visitors every month. The affected sites were running the popular CoinHive script, built for mining anonymous currency Monero. Alongside the affected government domains, a further 119 Indian websites have been identified as running the notorious CoinHive script.

Monero malware
Security researchers recently observed a couple of Monero malware attacks targeting Windows and Android users. The malware variants are disguised as legitimate apps and updates, in efforts to hide in plain sight and deceive users. While one campaign involves an "invisible" Monero miner targeting Windows users, the other campaign "Hidden miner" targeting Android users. 

XBash
A new malware family called XBash has been discovered targeting Windows and Linux users. The malware contains ransowmare, botnet, cryptoming and worm-like features and is attacking servers using a combination of exploitable flaws and weak password brute-forcing.

Top Breaches Reported in the Last 24 Hours

Iran hacks UK universities
Some of Britain's top universities including Cambridge, Oxford, and Edinburgh, have recently suffered severe data breaches. The attacks have resulted in sensitive information relating to cybersecurity defense and nuclear power plants being stolen by suspected Iran-linked hackers. The stolen data is now being sold on several Iranian websites. The attack targeted 140 universities and the accounts of around 8,000 professors were hacked. 

GovPayNow 
The Government Payment Service Inc. leaked over 14 million customer records dating back to at least 2012. The data leaked includes names, addresses, phone numbers and the last four digits of the payer’s credit card. A bug in the GovPayNow site allowed attackers to view millions of customer records simply by altering digits in the Web address. 

State Department breach
The US State Department's unclassified email system suffered a data breach that exposed the personally identifiable information (PII) of some of the department's employees. The State Department said that the breach affected less than 1% of employee inboxes. It's not clear when the breach occurred or how long the system was vulnerable.

Top Scams Reported in the Last 24 Hours

BEC scams
A Nigerian man was recently arrested for running a multi-million dollar BEC scam from inside an immigration detention center in Sydney. The scammers allegedly made over $2 million. The scam was allegedly run through 16 phones and 17 SIM cards out of Sydney's Villawood Immigration Detention Centre. Three other people were charged over the alleged crimes, which included identity theft and romance scams. 

Fake IRS phishing scam
A new IRS phishing campaign was discovered by security experts. The scam has been targeting non-resident Americans and involves the scammers sending out phishing emails that pose as coming from the IRS. The phishing email is loaded with grammatical issues and spelling errors. It is believed that the intended targets are those who requested a six-month extension on filing their income taxes back in April.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.