Cyware Daily Threat Intelligence September 21, 2018

Top Malware Reported in the Last 24 Hours

Chainshot
Chainshot is a new string of malware along with network infrastructure that links to various targeted attacks. The malware is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. Users are advised to use the Factoring as a Service (FaaS) to calculate the decryption key and access the Chainshot malware. Users are also advised to use the latest anti-malware tools in order to prevent attacks from the similar malware.

Black Rose Lucy
The newly discovered Russian botnet Black Rose Lucy, developed by the Russian cybercrime group The Lucy Gang, can allow cybercriminals to target Android devices. The botnet cropped up in the malware-as-a-service (MaaS) arena. 86 devices from Russia was found to be affected by this. The botnet package contains the  Lucy Loader dashboard and the Black Rose dropper.  The new version of the botnet has victims from France, Israel, and Turkey.

Top Breaches Reported in the Last 24 Hours

NCIX breach
Canadian gadget retailer NCIX's servers turned up on Craigslist without being wiped. The privacy breach occurred after the retailer closed its stores in 2017 and retired old servers and employee workstations. A security expert gained access to 300 desktop computers from NCIX's corporate offices and retails stores, 18 DELL PowerEdge servers, as well as at least two Supermicro server's running StarWind iSCSI Software that NCIX had used to back up their hard disks. 

Democrate candidate's website breached
California Democratic congressional candidate Bryan Caforio's website was hit by repeated DDoS attacks during the primary election process. Access to the website was blocked four times before the primary election season. The campaign tried upgrading the website’s hosting services and adding specific DDoS protections. But, in the end, all failed to perform.

AdGuard breach
AdGuard reset the passwords of all its users after it discovered a brute force attack targeting its servers. The attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies. The attackers were able to access some of the accounts but the company does not know which accounts were exactly accessed.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.