Cyware Daily Threat Intelligence, March 03, 2020

Share Blog post

Ransomware has become the number one security risk to businesses and users. Now, security researchers have discovered a new ransomware called PwndLocker that targets the U.S. government and enterprises. While encrypting files, the ransomware skips files that contain specific extensions. The ransom amount demanded by the ransomware ranges from $175,000 to over $660,000.

In a different incident, the operators of Nemty ransomware have created a data leak site to punish victims who refuse to pay ransoms. The site currently lists an American footwear company and 3.5 GB of files allegedly stolen from it.

The past 24 hours also saw a new demonstration using the surfing attack. A team of experts conducted the test on 17 models of smartphones including the iPhone. The attack method can allow attackers to control the phone to take a selfie, turn up the device’s volume, or read SMS messages.

Top Breaches Reported in the Last 24 Hours

Tesco discloses a security breach
Tesco has blocked 620,000 Clubcard accounts and reissued loyalty cards after it uncovered a potential data breach. The retailer became aware of the incident after it found a database of stolen usernames and passwords gathered from other platforms being tested on its website.

Epiq Global attacked
Legal services giant Epiq Global has been hit by a ransomware attack on February 29. A source with knowledge of the incident told TechCrunch that the attack has affected the organization’s entire fleet of computers across its 80 global offices. It is not clear which kind of ransomware was used in the attack, but Epiq Global said in its statement that there was no evidence that any data was stolen.

Loqbox hit in an attack
Fintech startup Loqbox has suffered an attack that potentially revealed its customers’ names, postal addresses, dates of birth, email addresses, and phone numbers. The attack occurred on February 20, after which, Loqbox took remedial steps to protect personal data. The firm has claimed that its customers’ funds are absolutely secure.

UK railway stations expose data
The email addresses and travel details of about 10,000 people who used the free wi-fi at UK railway stations have been exposed online. The incident occurred due to an insecure database that contained 146 million records including personal contact details and dates of birth. The service provider C3UK has secured the database to address the issue.

Carnival Corp units hit
Two units of cruise operator Carnival Corp disclosed that they were hit by a cyberattack in May last year. The units revealed that an unauthorized third-party had access to personal information including mail accounts, names, social security numbers, and credit card information of some guests and employees.

Top Malware Reported in the Last 24 Hours

New PwndLocker ransomware
A new ransomware called PwndLocker has started targeting the networks of businesses and local governments in the U.S. with ransom demands over $650,000. The ransomware began its operation in late 2019 and one of its victims is Lasalle County in Illinois. Once launched, PwndLocker will attempt to disable a variety of Windows services using the ‘net stop’ command so that their data can be encrypted.

Nemty launches its website
Nemty ransomware has created a data leak site to punish victims who refuse to pay ransoms. The site currently lists a single victim, an American footwear company. The operators have shared a link to 3.5 GB of files that were allegedly stolen from the company.

MTK-su rootkit enhanced
A new version of MTK-su rootkit has been released to exploit a vulnerability CVE-2020-0069 in various models from Alcatel, Amazon, ASUS, Blackview, Huawei, LG, Meizu, Nokia, Motorola, OPPO, Sony, Realme, Xiaomi, and ZTE. The flaw exists in all of MediaTek’s 64-bit chips.

Top Vulnerabilities Reported in the Last 24 Hours

Ultrasonic waves abused
Experts from different universities came together to test the infamous surfing attack on 17 models of smartphones including the iPhone variants. The vulnerable devices include Samsung’s Galaxy Note 10+ and Huawei’s Mate 9. The attack method can allow attackers to control the phone to take a selfie, turn up the device’s volume, or read the SMS messages.

NVIDIA patches DoS flaws
NVIDIA has released security updates to address multiple denial-of-service (DoS) vulnerabilities in GPU display drivers and virtual GPU Manage software. The addressed flaws are CVE-2020-5957 and CVE-2020-5958. Both the flaws reside in the NVIDIA Control Panel component of the GPU driver for Windows.


 Tags

epiq global
nemty ransomware
pwndlocker ransomware
loqbox
mtk su rootkit
nvidia
surfing attack

Posted on: March 03, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.