Go to listing page

Cyware Daily Threat Intelligence, December 28, 2021

Cyware Daily Threat Intelligence, December 28, 2021

Share Blog Post

Phishing attacks are getting ugly as researchers uncovered more than 1200 Man-in-the-Middle (MitM) phishing kits being used in the wild. These toolkits have become extremely popular in the cybercrime underworld in recent years and are being used by threat actors to steal users’ authentication cookies. 

Meanwhile, QNAP continues to deal with attacks on its NAS devices. In a fresh incident, ech0raix ransomware has unfolded several attacks against the devices using a different extension for the ransom note. A massive data leak incident that exposed 100 GB of data belonging to D.W. Morgan has also been noticed in the last 24 hours.   

Top Breaches Reported in the Last 24 Hours

D.W.Morgan exposes 100 GB of data
The logistic giant D.W. Morgan suffered a data leak due to a misconfigured Amazon S3 bucket instance. This affected more than 100 GB worth of data containing 2.5 million files related to financial, shipment, and transportation. Personal details such as full names, phone numbers, process details, signatures, and shipping barcodes of employees and clients were also left exposed online. 

Conti ransomware targets Shutterfly
Conti ransomware has disrupted Shutterfly services by encrypting over 4000 systems and 120 VMware ESXi servers. The stolen data includes legal agreements, bank and merchant account info, and login credentials for corporate services.

Top Malware Reported in the Last 24 Hours

Ech0raix ransomware appears
A new wave of ech0raix ransomware attacks has been found targeting QNAP devices. The attack wave has been active since December 20. Experts noticed that the threat actor behind the campaign mistyped the extension for the ransom note using the .TXTT extension. 

DanderSpritz exploitation framework
Researchers have detailed different stages of post-exploitation stemming from the deployment of DanderSpritz. The tool was used in a massive NotPetya ransomware attack that occurred in 2017. The tool relies on dozens of plugins to initiate activities on Windows and Linux systems.

Rise in MiTM phishing toolkits
A team of academics reported that more than MiTM 1200 phishing toolkits are being deployed in the wild. These toolkits can allow cybercriminals to launch Man-in-the-Middle attacks by bypassing 2FA security codes. Threat actors can use these toolkits to steal a user’s authentication cookies. 

Top Vulnerabilities Reported in the Last 24 Hours

Apache addresses two flaws
The Apache Software Foundation has fixed two security vulnerabilities that affected its HTTP server. The flaws were tracked as CVE-2021-44790 and CVE-2021-44224. One of these flaws can allow attackers to take control of an affected system. The identified flaws have been mentioned in the ‘known exploited vulnerabilities catalog’ maintained by CISA. 


danderspritz framework
conti ransomware
ech0raix ransomware
man in the middle mitm phishing kits
dw morgan

Posted on: December 28, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite