March 23, 2020 By David Bisson 3 min read

Last week in security news, researchers observed the Nefilim ransomware family threatening to publish its victims’ data if they did not pay their ransoms within a week. Nefilim wasn’t the only malware that made headlines last week. Ursnif also drew some attention with a new campaign targeting Italy. Additionally, researchers spotted Cookiethief attempting to steal access to its victims’ social media accounts.

Top Story of the Week: Nefilim Threatens to Publish Victims’ Data After 7 Days

Security researchers informed Bleeping Computer that Nefilim first started up in February 2020. Their analysis of the threat determined that Nefilim shared some code with Nemty, another ransomware family. Even so, Nefilim differed from Nemty in that it lacked a ransomware-as-a-service (RaaS) component and told its victims they could receive payment instructions by contacting an email address, not visiting a Tor portal, according to the researchers.

Upon successful infection, Nefilim used AES-128 encryption to render its victims’ data inaccessible. It then dropped a note in which it informed its victims that it would publish their stolen data unless they paid their ransom within a week.

Source: iStock

Also in Security News

  • New Campaign Launched by Ursnif Targets Italy: Researchers at Cybaze-Yoroi Zlab detected a new phishing campaign that leveraged a compromised Italian law-themed website as a DropURL to download a self-extracting archive. This file’s contents ultimately led the campaign to execute a JavaScript module containing an executable responsible for running Ursnif malware.
  • Website for Manufacturer Infected by Magecart Skimmer: Near the end of February, RiskIQ observed that Magecart Group 8 had injected a JavaScript-based skimmer onto the website of a blender manufacturer. The security firm ultimately stopped the attack by taking down the exfiltration domain employed by the threat actors.
  • All Other Stalkerware Dwarfed by MonitorMinor: Kaspersky Lab discovered that MonitorMinor arrived with the ability to run the SuperUser (SU) utility on an infected Android device for the purpose of gaining access to numerous social networking apps and functionality. Running the SU utility also gave MonitorMinor the ability to steal a victim’s screen lock credentials.
  • Social Media Accounts Targeted by Cookiethief Infostealer: Just a day prior to its discovery of MonitorMinor, Kaspersky Lab disclosed its discovery of a new cookie-stealing Android Trojan called Cookiethief. This malware used root privileges to transfer cookies for social networking accounts and browsers, all for the purpose of distributing spam.
  • Security of Intel CPUs Threatened by Snoop Attacks: According to Intel, a software engineer demonstrated that a susceptibility in its processors could enable attackers to insert malicious code after a change in the L1D cache, causing the CPU to update all cache levels. Bad actors could then leverage that technique to produce errors that would leak data from a CPU’s inner memory.
  • Most Ransomware Executed Three Days After First Signs of Malicious Activity: In its analysis of ransomware response investigations between 2017 and 2019, FireEye found that most ransomware infections had occurred at least three days after the first signs of malicious activity appeared. The security firm also found that approximately three-quarters of ransomware infections had occurred outside of normal working hours.

Security Tip of the Week: Strengthen Your Anti-Ransomware Measures

Security professionals can help strengthen their organizations’ anti-ransomware measures by ensuring that they have access to the latest threat intelligence. Doing so will help organizations stay abreast of the latest techniques and attacks employed by ransomware actors. Additionally, infosec personnel should endeavor to inventory the locations of the organization’s critical business assets so they can craft defensive strategies accordingly.

More from

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today