Go to listing page

Cyware Weekly Threat Intelligence, January 25 - 29, 2021

Cyware Weekly Threat Intelligence, January 25 - 29, 2021

Share Blog Post

The Good
If cybercriminals are testing us all the time, why don’t we just take a step ahead? We have scratched our heads pondering over this. This week, law enforcement authorities have definitely taken a step ahead and brought down the operations of the menacing malware threat, Emotet. Although we have other good news for you, this one definitely takes the cake.

  • Global law enforcement and judicial authorities announced the takedown of Emotet, one of the most significant botnets used by cybercriminals to launch a variety of malware attacks.
  • A group of hackers who disrupted European and U.S. bank servers were exposed by Ukrainian law enforcement authorities. The malicious software created by the hackers was used to steal personal information from servers of banks in the U.K, Austrian, Germany, Switzerland, Lithuania, the U.S., and the Netherlands.
  • The U.S. DoJ and Bulgarian authorities announced the successful takedown of dark web sites used by the NetWalker ransomware. In connection to this, a Canadian national was arrested who worked as a NetWalker affiliate and earned more than $27 million.
  • Bug hunter John Page launched a web portal—malvuln.com—that lists vulnerabilities present in common malware variants. The portal currently lists 45 security flaws.

The Bad
Respite was short-lived as the week also brought a plethora of bad tidings for the cyber community. Threat actors have upped their extortion game. We are a month into 2021 and leaky databases still continue to pose a problem. The bad incidents in the cybersecurity landscape are taking up a huge chunk of space and honestly, it worrying.

  • Threat actors behind a DDoS campaign targeted the same set of victims after the organizations failed to pay the initial ransom. 
  • Retail giant Dairy Farm was attacked by REvil ransomware, following which the attackers demanded $30 million in ransom. Allegedly, the attackers had access to information for 7 days after the attack.
  • Details of more than 2.28 million users registered on the MeetMindful dating website were shared for free on a hacker forum. The leaked data includes sensitive data points.
  • A new report revealed that up to 18,000 SolarWinds customers may have received the trojanized updates for their Orion monitoring product. As a result, this enabled the attackers to deploy backdoor on victims’ systems, allowing them to plant more malware.
  • Over 320,000 court records belonging to Cook county were leaked due to a misconfigured database. The records included full names, home addresses, email addresses, case numbers, and private notes.
  • Palfinger, a global leader in crane and lifting manufacturing, was targetted by a cyberattack that impacted its IT infrastructure.
  • North Korea-based hacker group was found targeting security researchers working on vulnerability research at different companies and organizations.
  • Mobile network operator, USCellular, underwent a data breach after threat actors gained access to its CRM and customer accounts.
  • A database belonging to Teespring, an e-commerce platform, was disclosed on a popular hacker forum. The files contained in the leaked archive include email addresses and last update dates for around 8 million user accounts.
  • A security breach at Australia’s securities regulator affected a server used to transfer files, including credit license applications.

New Threats
The cyber world seems to be eating new threats for breakfast, and for lunch, dinner, and snacks. We witnessed the revival of an old trojan with a new twist. Researchers also found a new Android malware. And BEC scammers became more innovative. Go ahead for further details.

  • A newly discovered phishing toolkit called LogoKit was found to be deployed in the wild. So far, researchers identified the toolkit on more than 300 domains in a week and on over 700 sites in a month.
  • A new version of DanaBot trojan was found to be active since October 2020. The trojan includes an updated C2 server and several anti-analysis features.
  • A new variant of the NAT Slipstreaming attack, that can bypass mitigations for the previous version of the attack and expand the attacker’s reach, was uncovered by researchers.
  • The Pro-Ocean cryptojacking malware evolved to include capabilities such as spreading like a worm and new detection evasion techniques.
  • A security researcher warned against the usage of Libgcrypt 1.9.0, a general-purpose cryptographic library, due to a severe security flaw.
  • Italy's CERT issued a warning against a new Android malware, named Oscorp, that exploits accessibility services to steal user credentials and record audio and video.
  • An unpatched vulnerability in Microsoft Azure Functions can enable attackers to escalate privileges and escape the Docker container used for hosting them.
  • The FTC issued a warning about a scam that pretends to be from the U.S. regulatory agency. The scam leverages several YouTube links and pop-up sites that claim to protect personal and financial data from being exposed online.
  • Another active phishing campaign that pretends to be from the U.K’s National Health Service (NHS) was found targeting U.K citizens.
  • BEC scammers found a novel way to navigate Microsoft 365 by leveraging out-of-office replies and automatic responses during the holiday season last year.


cook county circuit court
danabot trojan
dairy farm group
nat slipstreaming v20
bec scammers
pro ocean

Posted on: January 29, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.