Cyware Daily Threat Intelligence, September 29, 2020

Share Blog post

Though Windows 7 is a matter of the past for Microsoft, threat actors have found a new way to leverage this legacy software. They are using the operating system’s name in a widespread phishing attack that tricks the employees into sharing their Outlook emails and passwords. It is being carried out via phishing emails that ask recipients to upgrade their OS to Windows 10 via a malicious link embedded within.

A shocking incident highlighting the consequence of a failed ransom negotiation has come to light in the last 24 hours. This is related to the Clark County School District in Las Vegas, which was attacked on August 27. It has been reported that the threat actors published documents online containing personal information of some students after officials refused to pay a ransom.

Top Breaches Reported in the Last 24 Hours

Maritime industry impacted
French shipping giant CMA CGM has shut down some networks in Asia to contain a ransomware attack. The attackers have encrypted some of the company’s files and demanded a ransom for the decryption key.

Flightradar24 hacked
Popular flight tracking service, Flightradar24, fixed an issue in its website that became a reason for a cyberattack. As a result, users of the website were temporarily unable to track details on the site. 

UHS attacked
Ryuk ransomware has claimed its attack on United Health Services (UHS). The attack, which  occurred on Monday, affected IT networks at UHS facilities across the U.S. Meanwhile, the medical firm has disclosed that no patient or employee data has been compromised in the incident.

Clark County School District affected
The Clark County School District in Las Vegas was attacked on August 27, allowing attackers to infect and steal certain files associated with the school. According to new reports, the hackers have published documents containing personal information of some students online after officials refused to pay a ransom.

Top Vulnerabilities Reported in the Last 24 Hours

Twitter fixes an issue
Twitter has fixed an issue on its platform that could have exposed developers’ API keys and tokens. The issue stemmed from a caching flaw in developer.twitter.com. Twitter has addressed the bug by changing the caching instructions.

Zerologon attack on rise
There has been an uptick in Zerologon attacks, according to a new report from Cisco Talos. The attack arises due to a flaw, tracked as CVE-2020-1472, in Netlogon Remote protocol. This flaw can allow attackers to impersonate any computer, including the domain controller itself, and gain access to domain admin credentials.

Top Scams Reported in the Last 24 Hours

Leveraging Windows 7
An ongoing phishing attack is leveraging a legacy software, Windows 7, to trick business employees into sharing their Outlook emails and passwords. The phishing emails are sent on the pretext that the recipients must upgrade their Windows 7 to Windows 10. These emails include a schedule link that redirects the recipients to the phishing page. To make it look more attractive, the emails also include additional details on what users can expect from the upgrade process. The other details include “COVID-19 employee symptom tracker,” “access your pay slips and P60s”, and “access the new staff directory.”

 Tags

flighttrader24
clark county school district
zerologon attack
outlook emails

Posted on: September 29, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!