The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Banking trojan, Data leak, Keylogger, Malspam, Malvertising, Misconfigured database, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
GandCrab Campaign Attacks MySQL Servers (May 28, 2019)Sophos researchers have discovered that threat actors distributing the “GandCrab” ransomware are targeting “MySQL” servers. Researchers observed that the IP address hosting the machine that itself was hosting GandCrab was located in the US state of Arizona. However, the “user interface of the server software (HFS) running on it was set to simplified Chinese,” which may indicate that the actors behind this campaign are located in China. These attacks are scanning for port “3306” in MySQL database server, which is the default listening port for TCP/IP, according to MySQL documentation.Click here for Anomali recommendation
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records (May 24, 2019)KrebsOnSecurity was notified that the website for the Fortune 500 real estate title insurance company “First American Financial” was leaking hundreds of millions of financial and Personally Identifiable Information (PII) documents dating back to 2003. The leaked data was stored in over 885 million records and consisted of: bank account numbers and statements, driver’s license images, mortgage and tax records, Social Security numbers, and wire transaction receipts.Click here for Anomali recommendation