Search This Blog

Showing posts with label data misuse. Show all posts

Nefilim Ransomware Evolving Rapidly: Top Targets at a Glance


Ransomware has continually expanded both in terms of threat and reach as threat actors continue to devise fresh methods of introducing new ransomware variants and malware families. One such newly emerged ransomware that was first identified at the end of February 2020, Nefilim, threatens to release victims’ encrypted data if they are unable to pay the ransom. With a striking code resemblance to that of Nemty 2.5 revenge ransomware, Nefilim is most likely to be distributed via exposed Remote Desktop Protocol, according to Vitali Kremez, an ethical hacker at SentinelLabs.

Earlier this month, researchers from threat intelligence firm Cyble, discovered a post by the authors of Nefilim ransomware, claiming to have hacked The SPIE Group, an independent European market leader for technical services in the fields of energy. As per the claims made by the operators in the post, they are in the possession of around 11.5 GB of company’s sensitive data that include corporate operational documents- company’s telecom services contracts, dissolution legal documents, infrastructure group reconstruction contacts and a lot more.

Since April 2020, Nefilim has targeted multiple organizations around the globe, narrowing down on the regions- South Asia, South America, Oceania, North America, and Western Europe. Going by the count of attacks disclosed publicly, manufacturing comes on top as the most preferential and hence the most targeted industries by the operators of Nefilim ransomware; Mas Holdings, Fisher & Paykel, Aban Offshore Limited, Stadler Rail were some of the major targets. Other industries infiltrated by Nefilim are communication and transportation; Orange S.A. and Toll Group, Arteris SA being some of the top targets respectively. One important thing to notice here is that the ransomware has spared the healthcare and education sector entirely as of now, interestingly, no organization from the two aforementioned sectors has been targeted.

Nefilim uses a number of ways including P2P file sharing, Free software, Spam email, Torrent websites, and Malicious websites, to infiltrate organizations’ IT systems. Designed specially to penetrate Windows PCs, Nefilim actively abuses Remote Desktop Protocol and uses it as its primary attack vector to infiltrate organizations. It employs a combination of two distinct algorithms AES-128 and RSA-2048 to encrypt the target’s data that is later leaked on their websites known as Corporate Leaks- when victims’ fail to pay the ransom.

Users are advised to stay wary of exposed ports and security departments shall ensure closing off unused ports, experts have also recommended to ‘limit login attempts’ for Remote Desktop protocol network admin access from settings to stay guarded.

Avast Antivirus Harvested Users' Data and Sold it Google, Microsoft, IBM and Others



Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its users' sensitive data via browser plugins and sold it to third parties such as Microsoft, Google, Pepsi, IBM, Home Depot, and many others, according to the findings of an investigation jointly carried out by PCMag and Motherboard.

As per the sources, the investigation basically relied on leaked data; documents used to further the investigation belonged to Jumpshot which is a subsidiary of Avast. The data was extracted by the Avast anti-virus software itself and then repackaged by Jumpshot into various products which were sold to big companies as the report specified, "Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others."

"The sale of this data is both highly sensitive and is, in many cases, supposed to remain confidential between the company selling the data and the clients purchasing it," other company documents found.

Allegedly, Avast has been keeping a track of personal details such as exact time and date when a user starts surfing a website, the digital content being viewed by him and his browsing and search history. As per the findings, the information sold by Jumpshot includes Google Maps searches, Google search engine searches, YouTube videos viewed by users, activity that took place on companies' LinkedIn handles and porn websites visited by people. The data contained no traces of personal information of people like their names or email addresses, however, the investigators at Vice pointed out how the access to such precise browsing data can potentially lead back to the identification of the user anyway.

When the investigation reports were made public, Jumpshot stopped receiving any browsing-related data harvested by extensions as Avast terminated the operations, however, currently, the popular anti-virus maker is being investigated for collecting user data asides from browser plug-ins.

While Google denied commenting on the matter, IBM told Vice that they have no record of dealing with Avast's subsidiary, Jumpshot. Meanwhile, Microsoft made it clear that at present they are not having any relationship with Jumpshot.

Facebook used user data to control competitors and rivals


Leaked documents from a lawsuit filed by a now-defunct startup Six4Three on Facebook shows some 700 pages revealing how Facebook leveraged user data against rivals and offered it up as a sop to friends.

NBC News reported how Facebook's executive team harnessed user data and used it as a bargaining chip to manipulate rivals. There are thousands of leaked documents to support that this was done under the supervision of the company's CEO Mark Zuckerberg.



NBC News has published an entire log of documents containing 7,000 pages including 4,000 internal communications such as emails, web chats, notes, presentations, spreadsheets on Facebook. These documents are dated between 2011 and 2015 that disclose the company's strategy of rewarding partners by giving them preferential data while denying the same to competitors.

The lawsuit that resulted in this major leak, was filed by Six4Three, a now inoperative startup which created the failed app Pikinis. The app allowed users to view pictures posted by people on Facebook and in order to work, the software required access to data on Facebook. The suit accuses Facebook of misusing and abusing data and uneven distribution of it. Other apps including Lulu, Beehive ID, and Rosa Bandet couldn't do business anymore after losing access to data.

The documents also revealed similar operations, for instance, the social network company gave extended access to user data to Amazon, as it partnered with Facebook and spent on Facebook advertising while denied data to MessageMe, a messaging app when it grew large enough to be a competition to Facebook.

Commenting on the documents, Facebook’s vice president and deputy general counsel, Paul Grewal, told NBC News, “As we’ve said many times, Six4Three — creators of the Bikinis app — cherry-picked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users.” However, no evidence has been provided by the company to support the "cherry-picked" claim.

In March, this year Zuckerberg said, that Facebook would focus more on its user's privacy as the social network's future. But for Facebook, privacy seems like a PR stunt and data more of a currency.