Daily Top 10 Countries – July 27, 2020
New unique DDoS malware hosts detected by country:
United States: 57
South Korea: 55
Hong Kong: 53
Alert: Potential legacy risk from malware targeting QNAP NAS devices
The NCSC and CISA have identified two campaigns of activity for QSnatch malware. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The two campaigns are distinguished by the initial payload used as well as some differences in capabilities. This alert focuses on the second campaign as it is the most recent threat.
It is important to note that infrastructure used by the malicious cyber actors in both campaigns is not currently active, but the threat remains to unpatched devices.
Although the identities and objectives of the malicious cyber actors using QSnatch are currently unknown, the malware is relatively sophisticated, and the cyber actors demonstrate an awareness of operational security.
Global distribution of infections
Analysis shows a significant number of infected devices. In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 3,900 were in the UK and 7,600 were in the US.
old notice, but of severity that I felt it important to include; was previously mentioned in News thread
2020-06-11 - Anarcat CVE-2020-13777 GnuTLS audit: be scared
… You are reading this correctly: supposedly encrypted TLS connections made with affected GnuTLS releases are vulnerable to passive cleartext recovery attack (and active for 1.3, but who uses that anyways).
Garmin ransomware likely paid, data potentially not stolen