Shadow Talk Update – 02.05.2018
February 5, 2018
In this week’s podcast episode of Shadow Talk, the Digital Shadows Research Team covered a range of activity. Here’s a quick roundup.
In-development malware samples observed targeting Spectre and Meltdown
Researchers reportedly detected malware samples designed to exploit the Spectre and Meltdown vulnerabilities. The samples appeared to be in development and were not actively exploiting the flaws. Though these samples may have been designed for exploitation purposes, there were still no detected samples accomplishing this activity. It is likely that Spectre and Meltdown exploits will continue to be developed into the near future.
Japanese cryptocurrency stolen in huge cyber-heist
On January 26, 2018 the Japan-based cryptocurrency exchange Coincheck suffered a large-scale cyber-heist. Attackers reportedly stole 58 billion Japanese yen’s ($530 million) worth of NEM, a peer-to-peer cryptocurrency established in 2015. Coincheck announced it will reimburse most of the stolen funds to its 260,000 affected customers. As the technology and security framework supporting digital currencies expands attackers will likely look for vulnerabilities, such as exchange platforms where digital “hot” wallets are connected to the internet. The consistently high value and increased availability of cryptocurrencies means threat actors will likely target them regularly this year.
Dutch banks suffer DDoS attacks
On 29 January 2018 financial institution Rabobank became the latest Dutch company to announce it had been affected by a distributed denial of service (DDoS) attack. Public reporting has been largely speculative, preventing independent assessment of the attacks. The botnet associated with the attacks has not been detected in other DDoS activities, and the size of the attacks (40Gbps) was relatively small, if accurately reported. Some media outlets linked the attacks to Russia, claiming they were retribution for recent reports of Dutch intelligence agencies infiltrating the Russia-linked group “APT-29” (Cozy Bear).
Anonymous collective announces new phase of OpCatalunya
On 29 January 2018 AnonPlus announced a new phase of OpCatalunya, the Anonymous operation supporting Catalan independence. OpCatalunyaNew has so far caused many DDoS claims and affected several Spanish companies across a variety of sectors. The catalyst may likely have been a Spanish Constitutional Court ruling on the investiture of regional president Carlos Puigdemont, an independence supporter. The coordination of the new campaign by small groups indicates the growing split in the Anonymous collective and has enabled operations to gain longevity and consistency of targeting.
Severe RCE vulnerability in Cisco ASA devices
Cisco released software updates addressing a remote code execution (RCE) vulnerability affecting Cisco Adaptive Security Appliance (ASA) software. There has been no proof of concept exploit code identified at the time of writing for vulnerability CVE-2018-0101, nor any reports of exploitation by threat actors. However, as RCE vulnerabilities are attractive to threat actors, exploitations are a realistic possibility in the next three months to a year. Cisco provided list of affected products, as well as details on how to identify vulnerable software versions.
Listen to this week’s podcast episode here:
Subscribe to our weekly newsletter to get the latest podcast and other research by Digital Shadows.