Go to listing page

Cyware Daily Threat Intelligence September 21, 2018

Cyware Daily Threat Intelligence September 21, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Chainshot is a new string of malware along with network infrastructure that links to various targeted attacks. The malware is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. Users are advised to use the Factoring as a Service (FaaS) to calculate the decryption key and access the Chainshot malware. Users are also advised to use the latest anti-malware tools in order to prevent attacks from the similar malware.

Black Rose Lucy
The newly discovered Russian botnet Black Rose Lucy, developed by the Russian cybercrime group The Lucy Gang, can allow cybercriminals to target Android devices. The botnet cropped up in the malware-as-a-service (MaaS) arena. 86 devices from Russia was found to be affected by this. The botnet package contains the  Lucy Loader dashboard and the Black Rose dropper.  The new version of the botnet has victims from France, Israel, and Turkey.

Top Breaches Reported in the Last 24 Hours

NCIX breach
Canadian gadget retailer NCIX's servers turned up on Craigslist without being wiped. The privacy breach occurred after the retailer closed its stores in 2017 and retired old servers and employee workstations. A security expert gained access to 300 desktop computers from NCIX's corporate offices and retails stores, 18 DELL PowerEdge servers, as well as at least two Supermicro server's running StarWind iSCSI Software that NCIX had used to back up their hard disks. 

Democrate candidate's website breached
California Democratic congressional candidate Bryan Caforio's website was hit by repeated DDoS attacks during the primary election process. Access to the website was blocked four times before the primary election season. The campaign tried upgrading the website’s hosting services and adding specific DDoS protections. But, in the end, all failed to perform.

AdGuard breach
AdGuard reset the passwords of all its users after it discovered a brute force attack targeting its servers. The attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies. The attackers were able to access some of the accounts but the company does not know which accounts were exactly accessed.


black rose lucy botnet
adguard breach
ncix breach

Posted on: September 21, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.