Go to listing page

Cyware Daily Threat Intelligence, June 26, 2019

Cyware Daily Threat Intelligence, June 26, 2019

Share Blog Post

After Riviera Beach City Council, another city in Florida has agreed to pay ransom to attackers to recover their encrypted systems. Lake City is the second city to have paid 42 bitcoins (approximately $480,000) to recover from ‘Triple Threat’ ransomware attack that occurred on June 10, 2019. The ransom was paid by the city’s insurance provider Florida League of Cities after IT officials failed to restore some of the affected systems.

Numerous malspam campaigns engaged in the distribution of new LokiBot and NanoCore variants were also detected in the past 24 hours. Around 10 variants of this type of campaign have been observed since April 2019. These malware samples are disguised as ISO files to evade detection by email security solutions. 

A phishing scam that leveraged Google’s services to trick users into revealing their personal information was also discovered. The scammers were sending phishing emails, informing the users that they won a prize of $2.5 million for being a loyal member and using Google’s services.

Top Breaches Reported in the Last 24 Hours

Lake City pays a ransom
The insurance provider of Lake City has paid 42 bitcoins (approximately $480,000) to recover its encrypted systems. The step was taken after the IT officials were not able to restore some of the affected systems. The city had suffered a ‘Triple Threat’ ransomware attack on June 10, 2019. 

Taiwan’s civil service system breached
Personal information of 243,376 civil servants has been comprised after a data breach at Taiwan’s civil service system. The stolen information was made available on foreign websites and includes data of individuals who worked both in central & local government posts. The agency has taken remedial actions to address the problem in accordance with the Personal Information Protection Act. 

Franciscan Health data breach
Franciscan Health is notifying about 2,200 patients about a data breach. The breach was identified during the audit process. The information affected in the incident includes names, email addresses, birth dates, phone numbers, and medical record numbers of individuals. For some, Social Security numbers were accessed by the attackers.
Top Malware Reported in the Last 24 Hours

LokiBot and NanoCore trojans
Multiple malspam campaigns that pretend to be an invoice message have been found distributing new variants of LokiBot and NanoCore trojans. These malware samples are disguised as ISO files to evade detection by email security solutions. Researchers have discovered 10 variants of this type of campaign, with variations in ISO images and messages delivered to potential victims.

Riltok trojan variant
A modified version of Riltok trojan has been found targeting the European market. The malware was first detected in March 2018 and was distributed as apps for popular free ad services in Russia. The latest version of the malware is capable of stealing login credentials and bank card details of victims.

Silex malware
A new malware, dubbed Silex, has been found targeting IoT devices. The malware has bricked more than 2,000 devices in the early hours since its discovery. The malware is using default credentials for IoT devices to log in and kill the system. 

Top Vulnerabilities Reported in the Last 24 Hours

Huawei vulnerable to security issues
A report has claimed that telecommunications gear from Huawei is more prone vulnerable to security risks. The flaws can be abused by hackers for malicious activities. Huawei has welcomed the issues that could help improve the security of its products. 

BlueStacks flaws fixed
Security flaws in the BlueStacks Android emulator have been fixed. One of the patches addressed the DNS rebinding vulnerability in BlueStacks versions earlier than v4.90.0.1046. Meanwhile, the other flaws could allow attackers to perform remote code execution, information disclosure as well as stealing backups of the VM. 

ABB patches flaws
ABB has patched a dozen vulnerabilities that affected its wide range of products. The vulnerabilities are bypass authentication and remote code execution. It impacts CP635 and CP651 control panels used as HMIs for ABB automation systems, and the PB610 Panel Builder 600 engineering tool for designing HMI applications.         

Top Scams Reported in the Last 24 Hours

Tech support scam targets elders
Tech support scammers are buying ads on well-known portals to trick elder people looking for food recipes on the internet. The scammers have created some food-related blogs which appear in the paid search results. When viewers click on one of these blogs, they are redirected to a malicious website which locks their browsers and alerts them of virus infection. The purpose of the scam is to sell unwarranted services and products to victims. 

Phishing scam uses Google’s services
A phishing scam that informs users of winning $2.5 million from Google is doing rounds on the internet recently. The scammers send phishing emails to the recipients informing them that the prize money is a part of a giveaway for being a loyal user of Google’s services. To make it less suspicious, the emails are sent with a subject line of ‘Powered by Google’ and includes the name of Google’s former CEO Larry Page.


lokibot trojan
bluestacks flaws
tech support scam
riltok trojan

Posted on: June 26, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite