Cyware Daily Threat Intelligence, February 04, 2020

Share Blog post


Ransomware operators are on a ‘Naming and Shaming’ spree and to make it worse, DoppelPaymer has become the latest ransomware family to publish victims’ stolen files. It has been found that the operators of the infamous ransomware are already selling stolen files on the dark web in the past. But, now they are planning to publicly release the victims’ stolen data to further disrupt the reputation of victim organizations.

In other news, a new wave of attacks that leverage a new variant of AZORult trojan has been discovered by security researchers. The trojan has been enhanced to include three levels of obfuscation techniques to slip past spam gateways and avoid client-side antivirus detection.

An impersonation scam that tricked a British Charity company into giving away over $1 million was also reported in the last 24 hours. The scammers had mimicked the domain of a genuine contractor to launch the scam.

Top Breaches Reported in the Last 24 Hours

Bouygues suffers an attack
French construction giant Bouygues Construction had shut down its computer network to avoid all its data getting encrypted by Maze ransomware. The attack had occurred on January 30, 2020. The firm is currently focusing on returning to normalcy as quickly as possible.

Ransomware knocks off Racine city
The city of Racine was hit by a ransomware attack on January 31. This affected most of its non-emergency computer services that were taken offline. Unaffected are the tax collection, 911, and public safety systems. Racine’s information management department is working to correct the issue and bring its systems back online.

Top Malware Reported in the Last 24 Hours

Malicious apps
Some apps developed by Shenzhen HAWK Internet Co. are known for containing malware and rogueware. One of these malicious apps is based on weather forecasts and has harvested millions of users’ data. There are also some apps that ask for a huge amount of permissions from users with the intention to steal data.

DoppelPaymer joins the list
DoppelPaymer has become the latest ransomware family threatening to sell or publish a victim’s stolen files if they do not pay a ransom demand. The ransomware operators have disclosed that they have sold a victim’s data on the dark web after the victim chose not to pay the ransom.

New Android malware
A new Android malware has been discovered in an application called ‘Treatment for diabetic’. The app checks whether the targeted Android phone is running in Android 6.0 and beyond. When successfully installed, the app requests permission to send SMS messages from the victim’s device.

AZORult adopts new encryption
A recent wave of attacks by AZORult trojan has been found using a novel obfuscation technique to slip past spam gateways and avoid client-side antivirus detection. The infection chain starts with a typical phishing email asking for a ‘product list for January purchase’.

Top Vulnerabilities Reported in the Last 24 Hours

Twitter fixes a serious bug
Twitter has discovered and fixed an issue exploited by attackers to match specific phone numbers to their corresponding Twitter accounts. The flaw was discovered on December 24, 2019. It was found that hackers were using a large network of fake accounts to exploit the Twitter API and match usernames to phone numbers.

Google fixes a bug
Google has fixed a bug that affected its ‘download your data’ service Google Takeout. It was found that the bug had caused some video to get incorrectly uploaded to other users’ archives.

Medtronic releases patches
Medtronic has released security patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. The vulnerabilities could be exploited to obtain device usernames and passwords, access files on the system, and push malicious updates via man-in-the-middle (MitM) attacks.

‘Sudo’ utility flaw
A vulnerability tracked as CVE-2019-18634 has been fixed by Sudo maintainers. The flaw affects the ‘Sudo’ utility and can allow non-privileged Linux and macOS users to run commands as the root user. The vulnerability could be exploited only when the “pwfeedback” option is enabled in the sudoers configuration file.

Top Scams Reported in the Last 24 Hours

Impersonation scam
Red Kite Community Housing announced that it was conned out of more than $1 million in a domain spoofing and contractor impersonation scam. The criminals posed as genuine service providers to trick the firm. They mimicked the domain of a genuine contractor and impersonated email details that were providing services to Red Kite. The con was carried out in late August 2019 and is still under investigation by the police. As a result of the incident, Red Kite's governance rating has been downgraded by the Regulator of Social Housing (RSH).

 Tags

azorult
doppelpaymer
medtronic
bouygues construction

Posted on: February 04, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!