ShadowTalk Update – 17.10.2018

Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Following from our recent research, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, the team discuss the phishing techniques favoured by all types of attackers, whether sophisticated criminal, nation state or low-level hacker. By looking at details revealed in law enforcement indictments, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year.


Sextortion campaign shows attackers’ zeal for new tactics

A recent sextortion cyber campaign has been observed using new tactics to increase effectiveness. In a typical sextortion-themed email, attackers included a malicious URL that purportedly linked to a PowerPoint file with compromising images of the recipient. Instead, the link directed victims to a downloader that installed the “GandCrab” ransomware, prompting victims to pay in order to decrypt their files. Threat actors will likely continue to conduct similar campaigns within the next six months. They can further adapt techniques to install other malware, such as remote-access trojans, banking trojans or spyware, depending on an attacker’s objective. Using multi-pronged techniques can increase the potential payout of already-lucrative campaigns.


Phishing campaign exploits Adobe Flash zero-day vulnerability

An ongoing phishing campaign dubbed Operation Poison Needles has targeted a Russian healthcare facility attended by high-ranking members of the Russian Federation. The zero-day vulnerability, identified as CVE-2018-15982, exists in Adobe Flash and enables attackers to execute malicious code on a victim’s computer. To avoid detection, the attackers signed the malicious payload with a legitimate, but now revoked, security certificate. Attribution for the campaign is unconfirmed; zero-day vulnerabilities are usually associated with advanced persistent threat groups that have the technical sophistication to exploit such flaws.


Malicious botnet attacking WordPress websites

A botnet composed of infected WordPress websites has recently been used to attack other sites on the content publishing platform. The botnet campaign takes advantage of the “multicall” functionality of WordPress’s XML-RPC interface to gain access to privileged accounts and attack other vulnerable WordPress websites. A patch has been released to address this threat, and developers have blocked over five million malicious authentication attempts associated with this campaign. However, malicious actors are likely to target this flaw to exfiltrate data from vulnerable websites in the immediate future (next few days or weeks).


DanaBot adopts spam-sending capabilities

The DanaBot banking trojan reportedly has new functionalities that have been used to harvest email addresses and send spam messages. JavaScript is reportedly injected into a target’s webmail service and comprises two features. First, the added code harvests email addresses from the victim’s mailbox, and malicious script processes the victim’s messages, sending all identified addresses back to a command-and-control (C2) server. Second, if the targeted webmail service is based on the Open-Xchange suite, DanaBot injects a script that can use a victim’s mailbox to covertly send spam to harvested email addresses. This is part of a broader trend of banking trojans attempting to increase their effectiveness by adding new capabilities, making them more versatile and increasing their popularity among threat actors with differing motives and objectives.


To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
About Digital Shadows
Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation. The Digital Shadows SearchLight™ service combines scalable data analytics with human data analysts to manage and mitigate risks of an organization’s brand exposure, VIP exposure, cyber threat, data exposure, infrastructure exposure, physical threat, and third party risk, and create an up-to-the minute view of an organization’s digital risk with tailored threat intelligence.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



DNS Rebinding – Behind The Enemy Lines
Views: 984 / January 19, 2019
My IT Learning Journey
Views: 1481 / January 18, 2019
A New Age of Digital Interconnection
Views: 1235 / January 18, 2019
7 Project Management Basic Rules
Views: 1693 / January 17, 2019
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?