ShadowTalk Update – 1.14.19

Share and earn Cybytes
Facebook Twitter LinkedIn Email

We’ve just released our first Weekly Intelligence Summary episode of ShadowTalk. In this new track, Harrison Van Riper will be interviewing our security analysts to get their take on the top security stories of the week. You can also read their in-depth findings and analysis via the Weekly Intelligence Summary report. Our main story in this episode involves the leak of personal information from several German political parties. We hope you enjoy this new track!

Highlights from the week include: a new data skimming campaign attributed to the threat group “Magecartâ€, a security researcher’s phishing-campaign tool that can bypass two-factor authentication (2FA) and a ransomware campaign using a fake charity to emotionally blackmail victims.

Far-right hacktivist leaks sensitive data on high-profile Germans

Throughout December 2018, a German hacktivist publicly released sensitive data on German politicians and entertainers, which they allegedly obtained by accessing social media and email accounts using popular passwords. This leak demonstrates the need for good digital hygiene across personal and professional accounts.

OXO International breach pinned on Magecart

In December 2018 United States-based kitchen utensil manufacturer OXO International disclosed three data breaches. The breaches affected customers purchasing goods from the company’s online store during the past two years. One of these attacks, occurring between 8 and 9 June 2017, has been attributed to the Magecart threat group; this was based on the presence of malicious JavaScript code injected into the site, designed to capture customer information. No additional details were available regarding the other two attacks, which occurred between 9 Jun and 28 November 2017, and between 20 July and 16 October 2018.

Modlishka phishing tool bypasses 2FA

A security researcher has developed a phishing tool capable of bypassing 2FA systems. The tool, dubbed Modlishka, works between the user and the target website and allows the user to access legitimate sites while the attacker intercepts any credentials and 2FA codes. A threat actor would then be able to log in using the 2FA key and the stolen credentials. The real-time aspect of Modlishka’s interception process makes it resource intensive, and therefore unlikely to be used in mass phishing campaigns; however, it could be used in targeted attacks. Although there are no reports of it being used in the wild yet, as the use of 2FA grows, threat actors will likely adopt similar tactics in the short- to mid- term future (within six months).

Ransomware uses fake charity to extort victims

The “Cryptomix†ransomware has been observed in a new campaign that uses a fake charity in its ransom demands. After infection and encryption of files, the victim is shown a message that uses stolen information from legitimate crowdfunding sites related to ill children. The message claims that all Bitcoin payments made as part of a ransom will be donated to a fictitious charity. This is the first recorded instance of ransomware exploiting real children in extortion efforts. As ransomware becomes more prevalent, attack campaigns are using additional tactics to ensure payment, such as sextortion scams. Such efforts are likely attempts to capitalize on the victim’s moral and charitable tendencies by convincing them to pay.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 03 Jan - 10 Jan 2019

To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Digital Shadows
Digital Shadows is the leader in Digital Risk Protection. Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more and get free access to SearchLight, visit
Promoted Content
A Practical Guide to Reducing Digital Risk - Tools and Approaches for Security, Intelligence, and Fraud Teams
For those working to secure organizations, life isn't getting any easier. As businesses continue to invest in technology, the environment that must be secured has become more complex and challenging. This guide is written for people whose role it is to deal with this complexity: the practitioners. It provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?