Go to listing page

Cyware Daily Threat Intelligence, December 04, 2020

Cyware Daily Threat Intelligence, December 04, 2020

Share Blog Post

Looks like the recently discovered Egregor ransomware is keeping up to its creators’ ambition of wreaking havoc on organizations. The ransomware, which has crippled over 60 firms worldwide since September, has added two more targets—Metro Vancouver’s transportation agency TransLink and the U.S department store Kmart—to its list of victims. 

In other news, researchers have uncovered a new PowerShell-based backdoor malware named PowerPepper. Associated with the Deathstalker threat actor group, the malware has been used against firms specialized in law and consultancy in Europe, Asia, and the U.S. 

Top Breaches Reported in the Last 24 Hours

Black Shadow extorts Shirbit
An Israeli insurance company, Shirbit, had its files stolen after the Black Shadow threat actor gang breached into the company’s network. Following the attack, the hackers had demanded almost $1 million in bitcoin in ransom to stop the leaking of stolen data. The stolen data included documents, email PST files, scanned documents, audio recordings, and images of passports.

TransLink impacted
Metro Vancouver’s transportation agency TransLink has fallen victim to the Egregor ransomware. This disrupted services and payments systems of the agency. However, all transit services remained unaffected. 

Kmart targeted
The U.S department store Kmart has also suffered an attack by Egregor ransomware. It is unknown if the attackers stole data, but several devices and servers were encrypted after the attack.  
Top Malware Reported in the Last 24 Hours

PowerPepper malware
Kaspersky has released details of a previously undocumented PowerShell-based backdoor malware that is associated with the DeathStalker hacker group. The malware includes various tricks to evade detection and is capable of executing remote shell commands. So far, the malware has been used against firms specialized in law and consultancy in Europe, Asia, and the U.S.  

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Docker
A vulnerability discovered in ‘shim’ API can allow unauthorized third parties to execute arbitrary contents and arbitrary permission levels in Docker and other Kubernetes configurations. Tracked as CVE-2020-15257, the flaw scores 8.8 on the CVSS scale. The vulnerability exists due to the way a common container management component spawns the shim API. It has been fixed in containerd versions 1.3.9 and 1.4.3.   

Top Scams Reported in the Last 24 Hours

Exit scam
Compounder Finance DeFi developers have made away with $11 million in an exit scam that allegedly installed a hidden backdoor into the targeted systems. The firm promised the investors of high-returns for a small investment as a part of its Ethereum-based decentralized finance (DeFi) project. To attract more investors, the tricksters claimed to support funds from other cryptocurrencies such as DAI, USDT, and USDC. 


compounder finance defi
kubernetes configurations
exit scam
black shadow

Posted on: December 04, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite