Cyware Daily Threat Intelligence September 18, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

Cryptojacking in India
Several Indian government websites were found infected with cryptocurrency mining malware. The cryptojacking attacks targeted three websites that are subdomains of the Andhra Pradesh state government and receive around 16,000 visitors every month. The affected sites were running the popular CoinHive script, built for mining anonymous currency Monero. Alongside the affected government domains, a further 119 Indian websites have been identified as running the notorious CoinHive script.

Monero malware
Security researchers recently observed a couple of Monero malware attacks targeting Windows and Android users. The malware variants are disguised as legitimate apps and updates, in efforts to hide in plain sight and deceive users. While one campaign involves an "invisible" Monero miner targeting Windows users, the other campaign "Hidden miner" targeting Android users. 

XBash
A new malware family called XBash has been discovered targeting Windows and Linux users. The malware contains ransowmare, botnet, cryptoming and worm-like features and is attacking servers using a combination of exploitable flaws and weak password brute-forcing.

Top Breaches Reported in the Last 24 Hours

Iran hacks UK universities
Some of Britain's top universities including Cambridge, Oxford, and Edinburgh, have recently suffered severe data breaches. The attacks have resulted in sensitive information relating to cybersecurity defense and nuclear power plants being stolen by suspected Iran-linked hackers. The stolen data is now being sold on several Iranian websites. The attack targeted 140 universities and the accounts of around 8,000 professors were hacked. 

GovPayNow 
The Government Payment Service Inc. leaked over 14 million customer records dating back to at least 2012. The data leaked includes names, addresses, phone numbers and the last four digits of the payer’s credit card. A bug in the GovPayNow site allowed attackers to view millions of customer records simply by altering digits in the Web address. 

State Department breach
The US State Department's unclassified email system suffered a data breach that exposed the personally identifiable information (PII) of some of the department's employees. The State Department said that the breach affected less than 1% of employee inboxes. It's not clear when the breach occurred or how long the system was vulnerable.

Top Scams Reported in the Last 24 Hours

BEC scams
A Nigerian man was recently arrested for running a multi-million dollar BEC scam from inside an immigration detention center in Sydney. The scammers allegedly made over $2 million. The scam was allegedly run through 16 phones and 17 SIM cards out of Sydney's Villawood Immigration Detention Centre. Three other people were charged over the alleged crimes, which included identity theft and romance scams. 

Fake IRS phishing scam
A new IRS phishing campaign was discovered by security experts. The scam has been targeting non-resident Americans and involves the scammers sending out phishing emails that pose as coming from the IRS. The phishing email is loaded with grammatical issues and spelling errors. It is believed that the intended targets are those who requested a six-month extension on filing their income taxes back in April.

 Tags

cryptojacking attacks
bec scams
xbash
us state department
monero malware
govpaynowcom

Posted on: September 19, 2018

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!