March 23, 2020 By David Bisson 3 min read

Last week in security news, researchers observed the Nefilim ransomware family threatening to publish its victims’ data if they did not pay their ransoms within a week. Nefilim wasn’t the only malware that made headlines last week. Ursnif also drew some attention with a new campaign targeting Italy. Additionally, researchers spotted Cookiethief attempting to steal access to its victims’ social media accounts.

Top Story of the Week: Nefilim Threatens to Publish Victims’ Data After 7 Days

Security researchers informed Bleeping Computer that Nefilim first started up in February 2020. Their analysis of the threat determined that Nefilim shared some code with Nemty, another ransomware family. Even so, Nefilim differed from Nemty in that it lacked a ransomware-as-a-service (RaaS) component and told its victims they could receive payment instructions by contacting an email address, not visiting a Tor portal, according to the researchers.

Upon successful infection, Nefilim used AES-128 encryption to render its victims’ data inaccessible. It then dropped a note in which it informed its victims that it would publish their stolen data unless they paid their ransom within a week.

Source: iStock

Also in Security News

  • New Campaign Launched by Ursnif Targets Italy: Researchers at Cybaze-Yoroi Zlab detected a new phishing campaign that leveraged a compromised Italian law-themed website as a DropURL to download a self-extracting archive. This file’s contents ultimately led the campaign to execute a JavaScript module containing an executable responsible for running Ursnif malware.
  • Website for Manufacturer Infected by Magecart Skimmer: Near the end of February, RiskIQ observed that Magecart Group 8 had injected a JavaScript-based skimmer onto the website of a blender manufacturer. The security firm ultimately stopped the attack by taking down the exfiltration domain employed by the threat actors.
  • All Other Stalkerware Dwarfed by MonitorMinor: Kaspersky Lab discovered that MonitorMinor arrived with the ability to run the SuperUser (SU) utility on an infected Android device for the purpose of gaining access to numerous social networking apps and functionality. Running the SU utility also gave MonitorMinor the ability to steal a victim’s screen lock credentials.
  • Social Media Accounts Targeted by Cookiethief Infostealer: Just a day prior to its discovery of MonitorMinor, Kaspersky Lab disclosed its discovery of a new cookie-stealing Android Trojan called Cookiethief. This malware used root privileges to transfer cookies for social networking accounts and browsers, all for the purpose of distributing spam.
  • Security of Intel CPUs Threatened by Snoop Attacks: According to Intel, a software engineer demonstrated that a susceptibility in its processors could enable attackers to insert malicious code after a change in the L1D cache, causing the CPU to update all cache levels. Bad actors could then leverage that technique to produce errors that would leak data from a CPU’s inner memory.
  • Most Ransomware Executed Three Days After First Signs of Malicious Activity: In its analysis of ransomware response investigations between 2017 and 2019, FireEye found that most ransomware infections had occurred at least three days after the first signs of malicious activity appeared. The security firm also found that approximately three-quarters of ransomware infections had occurred outside of normal working hours.

Security Tip of the Week: Strengthen Your Anti-Ransomware Measures

Security professionals can help strengthen their organizations’ anti-ransomware measures by ensuring that they have access to the latest threat intelligence. Doing so will help organizations stay abreast of the latest techniques and attacks employed by ransomware actors. Additionally, infosec personnel should endeavor to inventory the locations of the organization’s critical business assets so they can craft defensive strategies accordingly.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today