Go to listing page

Cyware Daily Threat Intelligence, April 10, 2020

Cyware Daily Threat Intelligence, April 10, 2020

Share Blog Post

Threat actors behind ransomware attacks are increasingly resorting to extortion tactics to earn ransom from the victims. In a recent incident, an industrial contractor called Visser Precision was targeted by the DoppelPaymer ransomware gang. The attackers demanded a hefty ransom from the firm and later published their confidential data when their demands were not met. The attackers published sensitive files held by the firm, including documents from aerospace giants such as Lockheed Martin, Boeing, and SpaceX. 

Coming to new threats, security researchers reported a new update of the cryptomining DDG botnet that incorporates a proprietary P2P protocol for its communication. Due to this, the botnet can continue to operate even if its C2 servers are taken down, thereby making it extremely difficult to stop. On the other hand, security researchers discovered serious flaws in connected cars manufactured by Ford and Volkswagen that can allow attackers to tamper with traction control, collision warning system, and intercept messages sent by the tire pressure monitoring system.

Top Breaches Reported in the Last 24 Hours

SCUF Gaming data exposed
An unsecured database belonging to SCUF Gaming leaked more than 1.1 million records, containing customer names, contact information, payment info, order histories, and repair tickets, among other data. Most of the records appear to have been collected by SCUF Gaming between 2017 and 2020. The database was secured on April 3, 2020.

DoppelPaymer crew leaks stolen data
Visser Precision, an industrial contractor that works with aerospace firms, was attacked by the DoppelPaymer ransomware. The ransomware operators published the data stolen from the company as their ransom demand was not fulfilled. The published data included sensitive documents belonging to Lockheed Martin, Boeing, and SpaceX, among other aerospace giants.

Iranian IDs put up for sale
The personal information of around 45,000 Iranian individuals, totaling to 8.17 GB, was put up for sale on the dark web for an amount of $200 in BTC. The stolen data appeared to have come from several sites including Niazpardaz[.]ir, an online advertising platform, and Arzi24[.]com, a website owned by Farhad Exchange. Security researchers also found another trove of leaked data for sale, including 52,000 ID cards along with selfies of their respective owners.

Top Malware Reported in the Last 24 Hours

Unstoppable DDG botnet
The cryptomining botnet called DDG has been updated by its operators to adopt a proprietary peer-to-peer (P2P) mechanism. The botnet, first reported by Netlab 360 researchers in January 2018, has undergone 16 different updates over the past three months to become a highly sophisticated and seemingly unstoppable threat, according to the researchers. The botnet can fully function using its P2P protocol as a failsafe, even if its C2 servers are taken down.

iOS Fleeceware apps
The UK-based security firm, Sophos, has reported that over 3.5 million iOS users have installed “fleeceware” apps on their iPhones and iPads. These apps are designed to abuse legal loopholes in the app trial mechanism to charge users a subscription fee, even if it is uninstalled after the end of the trial period. Fleeceware includes various types of apps such as image editors, horoscope/fortune-telling/palm readers, QR code/barcode scanners, and face filter apps.

Top Vulnerabilities Reported in the Last 24 Hours

Connected cars’ flaws
A pair of connected cars manufactured by Ford and Volkswagen were found containing serious security flaws. Researchers found that the infotainment unit in these cars could be hacked to tamper with traction control, collision warning system, and intercept messages sent by the tire pressure monitoring system. The two models affected card models were Ford Focus Titanium Automatic 1.0L petrol and the Volkswagen Polo SEL TSI Manual 1.0L petrol.

Buggy smart locks
Tapplock, a company that makes internet-connected smart padlocks, came under fire from the Federal Trade Commission (FTC) for its deceptive security claims. Security researchers from Pen Test Partners, who filed a complaint with the FTC, found that any nearby Tapplock smart lock could be unlocked or locked due to a lack of encryption around the Bluetooth communication between the lock and the companion app. 

Top Scams Reported in the Last 24 Hours

Fake update notification for Cisco Webex
A new phishing campaign was found sending emails disguised as a critical security advisory for Cisco’s Webex web conferencing platform. The emails targeted employees working from home during the COVID-19 pandemic by urging them to update their Cisco Meetings Desktop App for Windows. The embedded link in the emails takes victims to a phishing page designed to steal their Cisco Webex credentials.  

Multimillion-Dollar iPhone SMShing campaign
IBM X-Force researchers discovered a SMiShing campaign designed to unlock the phone for resale on the black market. The phishing campaign was found to be operating over 600 phishing domains designed to steal iCloud credentials from Apple users. The attackers behind the campaign were found focusing on cybersecurity and tech conferences to steal iPhones belonging to influential company executives, only to later target them with the SMShing campaign to extract their credentials and private data.

Large-scale email extortion campaign
Researchers detected a large-scale email extortion campaign that targets users by claiming that their systems were hacked and that they possess a video recording of them. The scammers then demand an amount of $1900 in bitcoins and threaten to leak their video to family and friends if the amount is not paid.


smishing campaign
doppelpaymer ransomware
scuf gaming
icloud credentials
ddg botnet

Posted on: April 10, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.