ShadowTalk Update – 11.26.2018

Share and earn Cybytes
Facebook Twitter LinkedIn Email

With Black Friday kicking off the holiday spending season, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats faced by retailers and online shoppers. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holidays from our investigations of online forums and messaging applications.



Double trouble for Russian banks in new spearphishing attacks

Two sophisticated cybercrime groups have been observed targeting unnamed Russian banks in new spearphishing campaigns. The campaigns have been attributed to the Silence and MoneyTaker threat groups, which have both historically targeted Russian banks to conduct large-scale thefts. While the groups employed similar tactics and techniques, there was no indication they collaborated on these attacks.


Researchers attribute new RAT campaign to TA505 threat group

Security researchers have attributed a new remote-access trojan (RAT) called tRat to the threat actor “TA505.” The RAT has been observed in malicious campaigns targeting commercial banking institutions during September and October 2018. tRat is likely in a testing phase as its full capabilities have not been deployed in the wild to date. The malware can retrieve additional modules designed to target different browsers and platforms, meaning the RAT can be tailored to the attacker’s objectives.


DarkGate malware offers variety of functions for financially-motivated attackers

An unknown threat actor has deployed a new malware variant dubbed DarkGate against Windows-based devices in Europe to conduct financially-motivated attacks. This sophisticated multifunctional malware can steal and mine cryptocurrency, deploy ransomware and facilitate the remote control of infected devices. To date, DarkGate has only targeted online users in Europe but could feasibly be deployed against additional geographies in future.


Active campaign targets Linux-based Drupal systems with DirtyCOW and Drupalgeddon2 exploits

Threat actors are targeting two popular vulnerabilities in Linux-based Drupal systems to secure root access or perform remote code execution on devices. Attackers identified vulnerable systems running outdated versions of Drupal and attempted to exploit Drupalgeddon2 to establish a foothold on the network. If unsuccessful, they next attempted to exploit DirtyCOW to obtain root access privileges. Both vulnerabilities have been patched but a significant number of devices remain at risk. The Drupal content management system is a lucrative target because of its popularity, with an estimated 2.3% of all websites using this system. Attribution for the attacks was unconfirmed at the time of writing.


To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Digital Shadows
Digital Shadows is the leader in Digital Risk Protection. Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more and get free access to SearchLight, visit
Promoted Content
A Practical Guide to Reducing Digital Risk - Tools and Approaches for Security, Intelligence, and Fraud Teams
For those working to secure organizations, life isn't getting any easier. As businesses continue to invest in technology, the environment that must be secured has become more complex and challenging. This guide is written for people whose role it is to deal with this complexity: the practitioners. It provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?