Cyware Daily Threat Intelligence September 27, 2018

The Turla APT group's namesake backdoor, along with the group's Gazer backdoor is believed to have infected more victims than previously thought. The Turla relies on PowerShell scripts to load and execute the malware directly into computer memory. Recent versions of the backdoor have been targeting Microsoft Outlook and using PDF files to exfiltrate data. 

A new Android spyware has been discovered that contains multiple surveillance features. The malware can steal WhatsApp data, contacts, browser history, as well as take screenshots and photos. The malware code is publicly available and is currently believed to be still in development. 

Cybercriminals operating the Dridex banking malware have now begun leveraging a custom ransomware variant in new attacks. The ransomware is customized to target individual victims and scrambles victims' files before demanding a ransom. The ransom demanded varies according to the victim's net-worth, indicating that the malware operators have been researching their victims. 

NewsNow suffered a data breach that may have compromised users' encrypted passwords. It is still unclear as how many users were affected. NewsNow is notifying its customers about the breach via email and has claimed that the breach has been resolved. The firm traced the intrusion to a line of attack that was possible because of a single line of code dating back eight years. The service provider took all affected servers offline.

The food delivery startup DoorDash reportedly received complaints from dozens of customers who claimed that their accounts have been hacked. However, DoorDash denied a breach, instead suggesting that the culprit may be a credential stuffing attack. DoorDash customers reported that their email addresses were altered and that the attackers placed fraudulent orders using their hacked accounts.  

The Port of San Diego was hit by a sophisticated attack that resulted in over 500 employees having limited access to systems. The attack also impacted the San Diego Harbor Police Department, the law enforcement arm of the Port. The department was forced to switch to using alternative systems to continue operations.