ShadowTalk Update – 11.26.2018

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

With Black Friday kicking off the holiday spending season, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats faced by retailers and online shoppers. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holidays from our investigations of online forums and messaging applications.

 

 

Double trouble for Russian banks in new spearphishing attacks

Two sophisticated cybercrime groups have been observed targeting unnamed Russian banks in new spearphishing campaigns. The campaigns have been attributed to the Silence and MoneyTaker threat groups, which have both historically targeted Russian banks to conduct large-scale thefts. While the groups employed similar tactics and techniques, there was no indication they collaborated on these attacks.

 

Researchers attribute new RAT campaign to TA505 threat group

Security researchers have attributed a new remote-access trojan (RAT) called tRat to the threat actor “TA505.” The RAT has been observed in malicious campaigns targeting commercial banking institutions during September and October 2018. tRat is likely in a testing phase as its full capabilities have not been deployed in the wild to date. The malware can retrieve additional modules designed to target different browsers and platforms, meaning the RAT can be tailored to the attacker’s objectives.

 

DarkGate malware offers variety of functions for financially-motivated attackers

An unknown threat actor has deployed a new malware variant dubbed DarkGate against Windows-based devices in Europe to conduct financially-motivated attacks. This sophisticated multifunctional malware can steal and mine cryptocurrency, deploy ransomware and facilitate the remote control of infected devices. To date, DarkGate has only targeted online users in Europe but could feasibly be deployed against additional geographies in future.

 

Active campaign targets Linux-based Drupal systems with DirtyCOW and Drupalgeddon2 exploits

Threat actors are targeting two popular vulnerabilities in Linux-based Drupal systems to secure root access or perform remote code execution on devices. Attackers identified vulnerable systems running outdated versions of Drupal and attempted to exploit Drupalgeddon2 to establish a foothold on the network. If unsuccessful, they next attempted to exploit DirtyCOW to obtain root access privileges. Both vulnerabilities have been patched but a significant number of devices remain at risk. The Drupal content management system is a lucrative target because of its popularity, with an estimated 2.3% of all websites using this system. Attribution for the attacks was unconfirmed at the time of writing.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
3 Followers
About Digital Shadows
Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation. The Digital Shadows SearchLight™ service combines scalable data analytics with human data analysts to manage and mitigate risks of an organization’s brand exposure, VIP exposure, cyber threat, data exposure, infrastructure exposure, physical threat, and third party risk, and create an up-to-the minute view of an organization’s digital risk with tailored threat intelligence.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel