Cyware Daily Threat Intelligence, September 28, 2020

Share Blog post

The creators of the infamous REvil ransomware are undergoing an expansion process. In an update on a hacker forum, the operators have deposited around $1 million in bitcoin to boost their abilities and attract potential affiliates to join their team. Unfortunately, this latest shadowy activity of the group signifies unforeseen challenges for organizations in the coming days.

Meanwhile, beware of a new phishing scam that leverages the grant scheme announced by Facebook. Cybercrooks are posting fake news around the scheme, along with an URL, on a popular media outlet to lure victims. The link, if clicked, redirects victims to a phishing page that prompts them to provide their Facebook login credentials and other personal details.

Top Breaches Reported in the Last 24 Hours

BrandBQ’s data breach
A European fashion retailer, BrandBQ, has exposed seven million customer records due to a misconfigured Elasticsearch server. The compromised data includes full names, home addresses, dates of birth, phone numbers, and payment records of individuals.

Airbnb exposes data
A technical issue in Airbnb service on desktop and mobile web platforms caused the leak of a limited amount of data. The exposed information included personally identifiable information, such as addresses of hosts and details of Airbnb properties. The firm implemented additional security controls immediately to contain the issue.

REvil operators' new strategy
REvil operators have deposited $1 million in a hacker forum as part of their recruitment drive. The deposit illustrates the amount of money that attackers are generating from ransomware operations.

Suspicious logins attempts
Customers of Tyler Technologies are reporting suspicious logins and previously unseen RATs on their networks and servers. The reports come days after the firm admitted falling victim to a ransomware attack. As a precaution, Tyler Technologies has planned to reset passwords for all its clients.

Top Malware Reported in the Last 24 Hours

Decryptor of ThunderX ransomware
A decryptor for the ThunderX ransomware has been released by the Tesorion cybersecurity firm by exploiting a flaw in the ransomware. The flaw is related to its encryption process. The decryptor is applicable to files encrypted by the ransomware’s current version that has the .tx_locked extension.

Top Scams Reported in the Last 24 Hours

Facebook grant scam
Cybercrooks are exploiting the latest giveaway scheme of Facebook to trick users. They are using an article from the popular CNBC media outlet as a bait to lure users hit by COVID-19 with the promise of a grant by Facebook. Furthermore, the article includes a link that redirects victims to a phishing page, asking them to enter their Facebook credentials. Later, it asks for more personal information such as their address, SSNs, and even, a scan of both sides of the ID.

 Tags

revil ransomware
brandbq
thunderx ransomware
facebook page
airbnb hosts
tyler technologies

Posted on: September 28, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!