By Curtis Jordan, Lead Security Engineer, TruSTAR
In TruSTAR, we see that Emotet has been on the rise, particularly over the last two weeks. Also, because of crossover with Dridex C&C servers, we’re seeing an increase in Dridex activity as well.
Another piece of malware to be on the lookout for is Mylobot. Mylobot is a highly sophisticated botnet that was mentioned this summer but has picked up in activity.
There is also a resurgence in Globeimposter activity and a new malware on the scene called Darkgate. Darkgate is cryptocurrency miner and ransomware campaign.
View or download relevant IOCs for added enrichment.
By Jacob Serpa, Product Marketing Manager, Bitglass
Here are the top cybersecurity stories of recent weeks:
—Twitter exposes user credentials in plaintext
—PyRoMine mines Monero and disables security
—Stresspaint malware hunts Facebook credentials
—MassMiner malware mines cryptocurrency
—Access Group Education Lending breached
Twitter exposes user credentials in plaintext
Despite the fact that Twitter doesn’t store or display users’ credentials in plaintext, the social media company recently had a security mishap. Passwords were stored in internal logs before they were successfully obfuscated, exposing them to employees in plaintext. While the information wasn’t made viewable to outside parties, it’s still a cause for concern for Twitter’s users.
PyRoMine mines Monero and disables security
New malware, PyRoMine, leverages a host of previously disparate capabilities featured in other strains of malware. For example, it uses NSA exploits while mining Monero, a cryptocurrency. Malware is continuing to grow more sophisticated, compelling organizations to adopt advanced anti-malware solutions.
Stresspaint malware hunts Facebook credentials
Disguised as a stress-relieving paint program, Stresspaint is a piece of malware that is attacking users in an attempt to gather their Facebook credentials. In particular, the malware is targeting influential users – those who manage Facebook pages or have numerous friends and followers. It is primarily distributed through emails and messages on Facebook.
MassMiner malware mines cryptocurrency
MassMiner is the latest in a slew of malware strains that engage in malicious cryptomining. This threat seeks to take advantage of known vulnerabilities in order to commandeer web servers and mine Monero – which continues to be a common target in malicious cryptomining.
Access Group Education Lending breached
Unfortunately for those who have used the organization’s services for their student loans, Access Group Education Lending has been breached. Nearly 17,000 borrowers had their information exposed when a loan processing vendor working for the group shared their information with an unauthorized, unknown company.
Fortunately for the enterprise, cloud access security brokers (CASBs) can defend against zero-day malware and countless other threats. To learn more, download the Zero-Day Solution Brief.