Cyware Daily Threat Intelligence, December 10, 2019

Share Blog post

With the decryption key being the last resort to restore files encrypted by ransomware, it can be equally risky if the decryption key fails to work as required. A similar instance of buggy decryption key has been spotted for Ryuk ransomware. It has been observed that a security issue in the decryption application offered by the ransomware author can make the recovery of files impossible, even after victims have paid the ransom demand. The flaw causes an incomplete recovery of some types of files, thus leading to data loss.

In a different incident, a new variant of Snatch ransomware has been found using a never-seen-before trick to stay away from the radar of antivirus solutions. The ransomware encrypts the files when the targeted system is running in ‘Safe Mode’. This makes it difficult for some security solutions to detect the ransomware as they do not run in this diagnostic mode of a computer operating system.

The past 24 hours also witnessed two phishing campaigns that leveraged a malicious Office 365 app and Spotify music streaming service. The purpose of these campaigns was to hijack victims’ accounts and steal payment card details respectively.

Top Breaches Reported in the Last 24 Hours

STCS data breach
STCS, a Saudi Arabian telecom company, had exposed hundreds of thousands of constantly updated GPS locations before its leaky server was secured. The exposed server contained an instance of Kibana, a piece of software for sorting and visualizing data. The data included a rolling list of regularly updated entries, with the date and time, latitude and longitude coordinates, and the brand of the GPS tracker.

The city of Pensacola attacked
Federal authorities are investigating a cyberattack on the city of Pensacola, Florida, that occurred over the weekend. The city has taken down the computer systems as a part of the precautionary measures. It is not known whether any threat actor group was behind the attack.

Top Malware Reported in the Last 24 Hours

Snatch ransomware
The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims’ files without deleting them. The trick relies on rebooting an infected computer into Safe Mode and running the ransomware’s file encryption process from there. Most antivirus software do not start scanning process when a system is in Safe Mode.

Buggy decryptor of Ryuk 
A bug in the decryptor of Ryuk ransomware can lead to data loss in large files. The bug exists due to recent changes in the ransomware. According to Emsisoft, the recent version of Ryuk did not encrypt the entire file if it is larger than 54.4 megabytes. This modification was done to prevent the ransomware from being detected because such long files took more time for encryption.

Malicious Office 365 app
Security researchers have come across a new phishing campaign that uses a malicious Microsoft Office 365 app in an attempt to gain access to a victim’s account. The trick involves attackers sending a traditional phishing message that impersonates an internal SharePoint and One Drive file-share that lures the victim into clicking on an embedded link.

Hardware-based password vaults hacked
Hardware-based password vaults like RecZone, Password Safe, paswwordsFAST and Royal Vault Password Keeper can be hacked to read data directly from the chips on the board. The issue arises due to the default configuration in these vaults. These devices’ keyboard does not encourage strong, and complicated passwords. Furthermore, researchers also uncovered that even after resetting the device, the data was still present on the chip.

Top Vulnerabilities Reported in the Last 24 Hours

FTC advises about Smart toys
The Federal Trade Commission (FTC) has warned customers about the purchase of smart toys in its new notification. The alert provides recommendations on healthy security practices while purchasing internet-connected toys. The purpose is to keep kids’ data safe. Meanwhile, the UK consumers’ association has revealed that several security flaws have been found in a number of smart toys. These flaws can leave children at risk of being contacted by strangers. The issues affect popular toys including Vtech's KidiGear Walkie Talkies, and Tenva's Karaoke Microphone.

Top Scams Reported in the Last 24 Hours

Spotify-themed phishing 
A new Spotify-themed phishing campaign is informing recipients that their subscription has been frozen due to an unsuccessful transaction. The email appears to come from the music streaming service and includes a logo to trick recipients. The subject line reads, ‘Your payment didn’t go through’ and the email goes on to claim that the service has failed to process their payment, thus halting their Premium subscription. The purpose of the campaign is to steal login credentials and payment details of users.

Woolworths scam
A fake Facebook page titled ‘Woolworths Club’ has been found deceiving users in a ‘Big Anniversary Grocery Giveaway’ scam. The scam appears legitimate and enticing to naked eyes as it claims to award 250 lucky fans with a full year of free groceries. In order to claim the prize, users are asked to share the post and comment on it before December 15. Upon learning about it, Woolworth has reported the issue to the ACCC’s Scamwatch.

 Tags

spotify themed phishing
ryuk ransomware
snatch ransomware
woolworths scam

Posted on: December 10, 2019

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!