ShadowTalk Update – 17.10.2018

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Following from our recent research, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, the team discuss the phishing techniques favoured by all types of attackers, whether sophisticated criminal, nation state or low-level hacker. By looking at details revealed in law enforcement indictments, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year.


Sextortion campaign shows attackers’ zeal for new tactics

A recent sextortion cyber campaign has been observed using new tactics to increase effectiveness. In a typical sextortion-themed email, attackers included a malicious URL that purportedly linked to a PowerPoint file with compromising images of the recipient. Instead, the link directed victims to a downloader that installed the “GandCrab” ransomware, prompting victims to pay in order to decrypt their files. Threat actors will likely continue to conduct similar campaigns within the next six months. They can further adapt techniques to install other malware, such as remote-access trojans, banking trojans or spyware, depending on an attacker’s objective. Using multi-pronged techniques can increase the potential payout of already-lucrative campaigns.


Phishing campaign exploits Adobe Flash zero-day vulnerability

An ongoing phishing campaign dubbed Operation Poison Needles has targeted a Russian healthcare facility attended by high-ranking members of the Russian Federation. The zero-day vulnerability, identified as CVE-2018-15982, exists in Adobe Flash and enables attackers to execute malicious code on a victim’s computer. To avoid detection, the attackers signed the malicious payload with a legitimate, but now revoked, security certificate. Attribution for the campaign is unconfirmed; zero-day vulnerabilities are usually associated with advanced persistent threat groups that have the technical sophistication to exploit such flaws.


Malicious botnet attacking WordPress websites

A botnet composed of infected WordPress websites has recently been used to attack other sites on the content publishing platform. The botnet campaign takes advantage of the “multicall” functionality of WordPress’s XML-RPC interface to gain access to privileged accounts and attack other vulnerable WordPress websites. A patch has been released to address this threat, and developers have blocked over five million malicious authentication attempts associated with this campaign. However, malicious actors are likely to target this flaw to exfiltrate data from vulnerable websites in the immediate future (next few days or weeks).


DanaBot adopts spam-sending capabilities

The DanaBot banking trojan reportedly has new functionalities that have been used to harvest email addresses and send spam messages. JavaScript is reportedly injected into a target’s webmail service and comprises two features. First, the added code harvests email addresses from the victim’s mailbox, and malicious script processes the victim’s messages, sending all identified addresses back to a command-and-control (C2) server. Second, if the targeted webmail service is based on the Open-Xchange suite, DanaBot injects a script that can use a victim’s mailbox to covertly send spam to harvested email addresses. This is part of a broader trend of banking trojans attempting to increase their effectiveness by adding new capabilities, making them more versatile and increasing their popularity among threat actors with differing motives and objectives.


To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Digital Shadows
Digital Shadows is the leader in Digital Risk Protection. Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more and get free access to SearchLight, visit
Promoted Content
A Practical Guide to Reducing Digital Risk - Tools and Approaches for Security, Intelligence, and Fraud Teams
For those working to secure organizations, life isn't getting any easier. As businesses continue to invest in technology, the environment that must be secured has become more complex and challenging. This guide is written for people whose role it is to deal with this complexity: the practitioners. It provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?