Go to listing page

Cyware Daily Threat Intelligence March 07, 2019

Cyware Daily Threat Intelligence March 07, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

SHDS data breach
Sharecare Health Data Services (SHDS) has notified its business associates AltaMed Health Services (AltaMed) and California Physicians Services (working for Blue Shield of California (BSC)) about a data breach that exposed patients’ medical records. The hacker was able to access patients’ protected health information (PHI) contained in the medical records kept by SHDS on behalf of AltaMed and BSC. The exact number of affected individuals is still unknown. The compromised information includes patients’ names, addresses, dates of birth, medical record numbers. 

WSG ransomware attack
Wolverine Solution Group (WSG) suffered a ransomware attack in September 2018. This resulted in the compromise of hundreds of healthcare facilities and personal information of more than one million patients. Though not official disclosed, a local media report notes that 700 companies and 1.2 million people were affected in the attack. The ransomware had encrypted all the files belonging to the firms. The decryption and restoration process started on Oct. 3 with critical operations being restored by November 5.  

Top Malware Reported in the Last 24 Hours

PirateMatryoshka malware
Researchers have detected a new strain of malware named PirateMatryoshka. The malware is distributed via The Pirate Bay (TPB) torrent tracker site. The trojan comes laden with hidden spyware packages. Once installed, the malware downloads a swathe of Potentially Unwanted Programs (PUP), spyware and adware. This slows down the PCs while wasting the system resources and spying on victims. 

PINCHY SPIDER distributes GandCrab ransomware
PINCHY SPIDER threat actor group has been found deploying GandCrab ransomware to target enterprises in a new attack campaign named ‘Big Game Hunting’. Researchers discovered that the group is also behind the development of GandCrab, which has been active since January 2018. The group sells access to use the ransomware under a partnership program with a limited number of accounts. 

New CryptoMix Clop ransomware variant
A new variant of CryptoMix Clop ransomware has been detected by researchers recently. The malware variant has been designed to target the entire network instead of individual computers. It is distributed via executables that have been code-signed with a digital signature. Once executed, the ransomware begins its infection process by terminating various Windows services and processes.   

Three prolific trojans
Researchers have reported that Emotet, LokiBot and TrickBot are the three trojans that wreaked havoc last year. During November and December, 2018, the researchers saw a surge in attack campaigns that leveraged Emotet. The malware was used in 45.9% of the attacks that occurred during the second half of the year. LokiBot represented 11.6% of observed samples in the last quarter of 2018. TrickBot represented 10.4% of observed attacks during the second half of 2018.  

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable UPnP-enabled devices
According to the latest reports, attackers are leveraging vulnerable UPnP-enabled devices to perform a wide range of attacks. Most of the UPnP-related flaws were found in home routers. The vulnerable UPnP implementations, when exploited, can turn routers and other devices into proxies to obfuscate the origins of botnets. It can also enable attackers to conduct DDoS attacks. 

Google patches a zero-day flaw
Google has released a security update to address a zero-day flaw in Chrome 72.0.3626.121. The flaw is detected as CVE-2019-5786 and exists due to a use-after-free condition in Google Chrome's FileReader. The vulnerability can let an attacker run malicious code on a victim’s machine without being detected by Chrome’s security sandbox. 

WDS flaw
A vulnerability discovered in Windows Deployment Services (WDS) can allow hackers to hijack Windows Server installations and deploy backdoored Windows OS versions. The flaw - CVE-2018-8476 - affects all Windows Servers 2008 SP2 and later versions. Microsoft patched the bug last November. Hence, users are advised to apply the security patch immediately in order to fix the issue.    

Top Scams Reported in the Last 24 Hours

SIM swapping fraud
The San Francisco Division of the Federal Bureau of Investigation (FBI) is warning users about a SIM swapping fraud. The alert has come following the increase in such crimes. Cybercriminals are increasingly using the SIM swapping fraud to target victims with cryptocurrency and other digital currency accounts. Here, scammers disguise as a customer service representative of a mobile phone company and convince the victims to port their phone numbers to the fraudsters’ SIM. Once this happens, the victim’s phone loses connection to the network and scammer receives all the SMS and voice calls intended for the victim.  


pinchy spider threat actor group
gandcrab ransomware
piratematryoshka malware
cryptomix clop ransomware
zero day flaw

Posted on: March 07, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite