Kacey and Alex join HVR to talk through the key stories this week including a new threat group called “Mirrorthief” conducting “Magecart”-like digital skimming attacks against university websites, various code-sharing repositories being targeted and held for ransom by an unknown threat actor; and new ransomware, “Sodinokibi”, which used a zero-day vulnerability in Oracle WebLogic. Simon Hall and Dr. Richard Gold then join to dive deeper into the “Buckeye” APT group, which has recently been said ...
May 10, 2019•28 min
Phil and newcomer Benjamin Newman join Harrison for another edition of the Weekly Intelligence Summary. The guys cover two distinct attack campaigns which used uncommon and underreported social engineering and malware delivery techniques, as well as attempts to automate these attacks in the future. Other highlights from this week include a cryptojacking campaigns using the ETERNALBLUE and DOUBLEPULSAR exploits, new reports of Magecart activity, and more extortionists leaking sensitive informatio...
May 03, 2019•14 min
Jamie and Alex are back with Harrison this week to talk about the leak of information related to APT34 on Telegram, including victim data, personally identifiable information and the group's tools. Other highlights from this week include a phishing campaign delivering RevengeRAT, more information about the Wipro breach, and details about the threat actors responsible for the previously reported ASUS server compromise. Get the full intelligence summary at https://resources.digitalshadows.com/week...
Apr 26, 2019•15 min
This week the team discusses an unidentified threat actor that has obtained data from various personal Outlook, MSN, and Hotmail email accounts by compromising a Microsoft customer support account. Also, the “Triton” malware was detected at a critical infrastructure facility, an IT outsourcing company experienced a potential network intrusion linked to a supply-chain attack, and a new trojan referred to as Hoplight has been attributed to the “Lazarus Group”. Check out the full intelligence summa...
Apr 19, 2019•15 min
Christian and Jamie join Harrison for another week of ShadowTalk to discuss the FIN6 threat actor reportedly widening its range of attacks to include ransomware, potentially inciting the threat group to extend targeting beyond retail and hospitality entities. The highlights from this week include a Chinese advanced persistent threat (APT) campaign against a German pharmaceutical company, likely to steal intellectual property; a mass phishing campaign that used US servers to host malware; and a D...
Apr 12, 2019•17 min
Jamie, Alex and Zuko sit down with Harrison to talk about a story that flew a little under the radar this week; Russia has allegedly been conducting a widespread satellite spoofing campaign since 2016, sending false positional data to ships and planes. Other highlights from this week include APT33 activity targeting engineering and manufacturing organizations, popular restaurant chains report some point of sale malware attacks, and South Korean websites being used in watering hole attacks. Also,...
Apr 05, 2019•16 min
Christian and Jamie sit down with Harrison to talk about the compromised Asus server used to distribute backdoor malware to at least 500,000 users’ devices, more LockerGoga ransomware attacks, a new Magecart skimming attack, and FIN7 back in the news. Busy week! Also, Jamie gives hair product tips and the guys discuss what Twitter handle they would choose in an ideal world.Read this week’s intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intellig...
Mar 29, 2019•20 min
With new research this week warning that state-sponsored cyber attacks against financial systems are on the rise, the ShadowTalk team focus on one area of the financial services sector in particular: high-frequency trading (HFT). Richard Gold and Rafael Amado are joined by a guest HFT expert to discuss mergers and acquisition information, sharing insider secrets, and manipulating stock prices. The team look at what attacks are possible, what the consequences would be for the financial services i...
Mar 25, 2019•43 min
Harrison chats with Jamie and Alex this week on an attack on Norwegian aluminum and renewable-energy company Norsk Hydro ASA. The team also looks at threat group “APT-C-27” exploiting a flaw in WinRAR software, a fourth batch of breached data offered for sale on the dark web by “Gnosticplayers”, and a spam campaign exploiting the recent events surrounding the grounding of multiple Boeing 737 aircraft. Download the full intelligence summary here: https://resources.digitalshadows.com/weekly-intell...
Mar 22, 2019•14 min
Harrison sits down with Rose and Christian for a quick chat about APT40 targeting educational maritime research, as well as other highlights from this week. Rose also gives us the breakdown of an inspiring trip to NASA; also space vampires make a brief appearance. Download the entire intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-mar-14-mar-2019.
Mar 15, 2019•20 min
Senior security engineer, Simon Hall joins Rafael Amado to explain how IT teams and defenders can combat email spoofing, one of the most popular techniques used by phishers. Simon discusses why spoofing is so prevalent and relatively simple for attackers to carry out, as well as how measures such as SPF, DMARC, and DKIM can be used to reduce spoofing risks. For more on this topic, read our Security Practitioner’s Guide to Email Spoofing and Risk Reduction, available at https://www.digitalshadows...
Mar 11, 2019•28 min
In this week’s episode, the team looks at Fin6, who has begun regularly targeting card-not-present data on e-commerce websites. Other highlights from this week include Topps disclosing a data breach incident linked to Magecart, the Farseer malware, and more. Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-feb-07-mar-2019
Mar 08, 2019•14 min
This week Rose and Phil join Harrison to discuss a three-stage cryptocurrency mining attack using Mimikatz and Radmin in tandem. The team also discusses the Cr1ptTor ransomware, an unknown North Korean threat actor targeting US universities, and MarioNet. Some of the team is heading to RSA Conference next week so make sure to stop by Booth 4421 in the North Hall to say hello. Get the Intellgence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summa...
Mar 01, 2019•17 min
This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also, threat actor Gnosticplayers was offering large data sets for sale on Dream Market, the Blind Eagle APT group swooped into the news, and Gandcrab is back trying to pinch its victims in new ways. Finally, the guys try to find a new nickname for Alex. Full Intelligence Summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-f...
Feb 22, 2019•15 min
The Photon Research Team’s Rafael Amado, Richard Gold and Harrison Van Riper get together to discuss Digital Shadows’ latest research report, A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure. Whereas many of the cyber security issues covered by researchers may seem obscure and irrelevant to the majority of businesses and individuals out there, extortion is a topic with a real human impact, and one that can have physical, psychological and financial consequences. The tea...
Feb 21, 2019•35 min
Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups were observed using the same tooling, vulnerabilities in Apple’s iOS, and what everyone did for Valentine’s Day. Also, we have launched the Photon Research Team at Digital Shadows! Visit our announcement blog to learn more (https://www.digitalshadows.com/blog-and-research/photon-research-team-shines-light-on-digital-risks/) and follow the team on Twitter @photon_research!...
Feb 15, 2019•15 min
Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” malware. They also look at a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques.Read the full intelligence summary here: https://resources.digitalsha...
Feb 08, 2019•12 min
In this episode of ShadowTalk: CISO Spotlight, Digital Shadows’ Chief Information Security Officer, Rick Holland, joins Rafael Amado to discuss his security goals and wish list for 2019. We cover: how CISO’s typically plan and spend their security budgets; why auditing and maximizing your existing capabilities is often better than splurging on new technology; and how to best invest and empower your most valuable resource, your workforce. Of course, with Rick on the podcast, there’s the customary...
Feb 07, 2019•30 min
This week, Alex Guirakhoo and Jamie Collier join Harrison to discuss APT39, a new Iran-linked espionage group, as well as other highlights from this week involving updated information about exploiting an authentication error at GoDaddy, malicious uses of the Google Cloud platform, and some excellent steganography being used to target Apple users. The guys also chat about their pups, and imagine a new battle royale game “BorkNite”.Full weekly intelligence summary: https://resources.digitalshadows...
Feb 01, 2019•12 min
This week Rose, Jamie, and Alex talk with Harrison on a huge data dump called "Collection #1", containing over 770 million email addresses and passwords. The team also looks at other stories including DarkHydrus observed using a new method to communicate with command and control servers, technology and social networking companies continuing to remove accounts associated with influence campaigns, and threat actors observed uninstalling cloud protection services in order to distribute cryptocurren...
Jan 25, 2019•17 min
This week Alex and Philip join Harrison to discuss two recent, unrelated, financially motivated cyber attack campaigns involving the use of culturally specific social engineering lures. The team also looks at three new phishing campaigns attributed to the threat group TA505 and decide(in a perfect world) which 1 cyber threat they would choose to rid forever.Download this week's Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10...
Jan 18, 2019•18 min
For this week’s ShadowTalk deep dive, we called in Doctor Richard Gold to discuss the major healthcare breach affecting SingHealth, Singapore’s largest group of healthcare organizations. Richard and Rafael Amado discuss how threat actors might use the 1.5million patient records that were stolen, how the attack occurred and where the incident response process failed. To view the report in full, visit: https://www.mci.gov.sg/coireport
Jan 16, 2019•25 min
Harrison Van Riper hosts this week’s Intelligence Summary with guests Rose Bernard (Strategic Intelligence Manager) and Alex Guirakhoo (Strategic Intelligence Analyst). Our main story involves the leak of personal information from several German political parties. We also discuss the other big threat intelligence stories from the week and find out what everyone would name their APT group. Subscribe to ShadowTalk on iTunes and follow us @digitalshadows, use #ShadowTalk to submit a question for ne...
Jan 11, 2019•16 min
Welcome to ShadowTalk's new track on our Weekly Intelligence Summary. Host Harrison Van Riper invites Digital Shadows' analysts to discuss the week's top threat intelligence news. To download the full Weekly Intelligence Summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary.
Jan 10, 2019•3 min
Rafael Amado and Richard Gold talk cybersecurity end of year predictions, but with a twist. Rather than focus on the threats and worrying trends on the horizon, the team instead concentrate on the positive developments that we can all look forward to in 2019. Richard and Rafael discuss open source tools that can help all of us become more secure, improvements to browser security, and long overdue changes in security awareness, education and diversity that should make 2019 an altogether better ye...
Dec 20, 2018•15 min
Simon Hall and Richard Gold join Rafael Amado to wade in on the topic of phishing. By looking at details revealed in law enforcement indictments against nation state and organized criminal groups, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year. For more on this topic, read our recent research blog, Tackl...
Dec 14, 2018•28 min
Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog (https://www.digitalshadows.com/blog-and-research/2019-cyber-security-forecasts-six-things-on-the-horizon/). To register for our upcoming webinar with the FBI, https://info.d...
Dec 07, 2018•19 min
The dynamic duo of Dr Gold and Simon Hall join Michael Marriott to discuss our recent findings on threat actors using cracked versions of Cobalt Strike conduct attacks, and how defenders can use this to inform their defense. Read the blog to learn more: https://www.digitalshadows.com/blog-and-research/threat-actors-use-of-cobalt-strike-why-defense-is-offenses-child/. Building on this theme, in part two, Richard Gold outlines the benefits of mapping the Mitre ATT&CK framework to the ASD Essen...
Nov 30, 2018•23 min
For this special mid-week edition of ShadowTalk, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats over the Black Friday weekend and holiday season. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holi...
Nov 21, 2018•21 min
Some called him a hero. Some called him the most dangerous man to the defense industry. In today’s ShadowTalk, Dr. Richard Gold and Harrison Van Riper join Rafael Amado to discuss the vigilante hacker known as Phineas Fisher. Leaked court documents surfaced this week, detailing how Italian authorities tried and ultimately failed to identify and convict Phineas Fisher for the infamous breach against the Italian surveillance and technology company, Hacking Team. The team dive into the history of P...
Nov 16, 2018•19 min
