A new attack campaign compromising internet-connected devices has come to the notice of researchers. Propelled by Russian hackers, it infects devices with the TrueBot malware downloader, which drops Clop ransomware, Grace malware, and other malicious tools. Threats aimed at legal, legal, financial, and travel agencies in Europe and the Middle East peaked with an infamous hack-for-hire group eying to compromise systems using the Janicab malware. The hacker group has a proven track record of harvesting sensitive internal company data and email credentials.
Moving on, numerous vulnerable Pulse Connect Secure hosts were found to be lying in wait for security fixes, even for those released last year. Pulse Connect Secure appliances have been among the top targets of state-sponsored threat actors and other cybercriminal groups.
Top Breaches Reported in the Last 24 Hours
Data exposed by Australian telecom firm
Telstra, Australia, accidentally published personal identifiers such as names, phone numbers, and addresses of over 130,000 customers through Directory Assistance or the White Pages. The incident may have also affected 30,000 former and current Telstra employees, nearly 12,800 of whom are still employed by the telecom giant. Furthermore, scammers have jumped on board to exploit the affected customers.
Top Malware Reported in the Last 24 Hours
Hackers Silence-ing through TrueBot
Silence, a Russian-speaking hacking group, deployed the TrueBot malware downloader on over 1,500 systems around the world to deploy their arsenal of hacking tools, which included Grace malware, Cobalt Strike, Teleport, and Cl0p ransomware. Teleport is the group's new custom data leakage tool. It infects systems with malicious code by using the Truebot downloader. Since August 2020, the hacker group has used various attack vectors, according to Cisco Talos.
Cryptomining chaos against Linux systems
Trend Micro disclosed information about a new cryptomining attack that uses Linux machines and advanced Chaos RAT. The malware is a Go-compiled binary that can open a reverse shell, access files (upload, download, and delete), take screenshots, and reboot the machine, among other things. Chaos RAT is served by hackers via a C2 server, most likely in Hong Kong.
Evilnum infects with travel industry with Janicab
Evilnum, aka DeathStalker, a hack-for-hire group, used a more stable variant of Janicab malware to target the legal, financial, and travel sectors in the Middle East and Europe. As dead drop resolvers, the malware employs public services such as WordPress and YouTube. Victims of the campaign can be found in Egypt, the UAE, Georgia, Saudi Arabia, and the United Kingdom.
Top Vulnerabilities Reported in the Last 24 Hours
Several critical bugs remain unpatched.
Censys, an attack surface management firm, discovered over 4,400 Pulse Connect Secure appliances with at least one known security flaw. Around 3,500 of the vulnerable hosts haven't patched last year's fixes, which addressed six flaws. Other critical vulnerabilities, such as CVE-2018-5299, CVE-2018-6320, CVE-2019-11510, and CVE-2019-11540, continue to affect Pulse Connect Secure devices.
Top Scams Reported in the Last 24 Hours
Smishing scams thrive during the Christmas season.
Customers in the United Kingdom have begun receiving fraudulent text messages, creating a sense of urgency regarding account login. The e-commerce behemoth has issued a warning.