Cyware Daily Threat Intelligence, December 27, 2019

Share Blog post

Social media platforms can be a critical source for threat actors to harvest users’ data and one of the many ways to hack these platforms is by exploiting vulnerabilities. Lately, a security researcher has identified a serious flaw in Twitter’s Android app that resulted in the leak of nearly 17 million phone numbers. These phone numbers belonged to account users in Israel, Turkey, Iran, Greece, France, and Germany.

In other developments, a new version of Ryuk ransomware has also been observed in the last 24 hours. This new variant avoids encrypting files associated with *NIX operating systems. The blacklisted files are bin, boot, dev, etc, lib, initrd, sbin, sys, vmlinuz, run, and var. The new Ryuk variant targets Windows 10 systems that contain a feature called the Windows Subsystem for Linux (WSL).

Top Breaches Reported in the Last 24 Hours

Hackensack Meridian Health pays a ransom
Hackensack Meridian Health has decided to pay ransom to retrieve its files encrypted during the ransomware attack. New Jersey’s largest hospital had suffered the attack in early December. This had caused the hospital’s health network to malfunction for nearly five days after the attack.

New Mexico hospital attacked
Roosevelt General Hospital in Portales, New Mexico discovered a malware infection on a digital imaging server used in radiology. The affected server contained sensitive patient information including names, addresses, birthdates, driver's license numbers, Social Security numbers, phone numbers, insurance information, medical information, and gender. The hospital has managed to restore the server but has alerted the affected patients for potential identity theft or bank fraud attempts.

Top Malware Reported in the Last 24 Hours

Ryuk ransomware evolves
A new version of the Ryuk ransomware that avoids encrypting folders commonly seen in *NIX operating systems has been observed by security researchers. The list of blacklisted ‘NIX folders is bin, boot, dev, etc, lib, initrd, sbin, sys, vmlinuz, run, var. This new variant of the ransomware only targets Windows 10 systems that contain a feature called the Windows Subsystem for Linux (WSL).

FIN7’s BIOLOAD
BIOLOAD is a new loader used by FIN7 threat actor group. The loader, developed in C++, targets a 64-bit OS. It leverages the default DLL search order to infect a machine. The loader is used to drop Carbanak trojan.

Top Vulnerabilities Reported in the Last 24 Hours

Twitter Android app’s new vulnerability
Twitter’s Android app has been found to be affected by a new vulnerability. The issue has been uncovered within five days after the discovery of the first vulnerability that could cause attackers to view private account information of users. The newly discovered flaw is related to an information-revealing vulnerability in the same app and has allowed a researcher to look up details on 17 million accounts. Over a period of two-months, the researcher had managed to match records of users in Israel, Turkey, Iran, Greece, Armenia, France, and Germany.

Top Scams Reported in the Last 24 Hours

Sketchy online shops
Thousands of sketchy online retail shops have been found deceiving consumers with fake products in exchange for their money. Nearly 90% of these sites are hosted by Shopify and include store pages that resemble each other. Upon discovery, Shopify has removed some of the pages that have been flagged nearly a dozen times.

Christmas sextortion scam
Scammers were back with a new sextortion scam this Christmas. They warned the victims to take their threats seriously and claimed to have more details other than just what’s happening on their computer. The crooks further mentioned that they had implanted spyware on the recipient’s computer to spy on their activities. The recipients were asked a ransom in the form of bitcoins to prevent their inappropriate videos from being shared with others.

 Tags

ryuk ransomware
hackensack meridian health
twitter app
sextortion scam
bioload

Posted on: December 27, 2019

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!