Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Research Team Finds 50% Increase in Exposed Data in One Year
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
In this week’s podcast episode of Shadow Talk, the Digital Shadows Research Team covered a range of activity. Here’s a quick roundup.
Researchers reportedly detected malware samples designed to exploit the Spectre and Meltdown vulnerabilities. The samples appeared to be in development and were not actively exploiting the flaws. Though these samples may have been designed for exploitation purposes, there were still no detected samples accomplishing this activity. It is likely that Spectre and Meltdown exploits will continue to be developed into the near future.
On January 26, 2018 the Japan-based cryptocurrency exchange Coincheck suffered a large-scale cyber-heist. Attackers reportedly stole 58 billion Japanese yen’s ($530 million) worth of NEM, a peer-to-peer cryptocurrency established in 2015. Coincheck announced it will reimburse most of the stolen funds to its 260,000 affected customers. As the technology and security framework supporting digital currencies expands attackers will likely look for vulnerabilities, such as exchange platforms where digital “hot” wallets are connected to the internet. The consistently high value and increased availability of cryptocurrencies means threat actors will likely target them regularly this year.
On 29 January 2018 financial institution Rabobank became the latest Dutch company to announce it had been affected by a distributed denial of service (DDoS) attack. Public reporting has been largely speculative, preventing independent assessment of the attacks. The botnet associated with the attacks has not been detected in other DDoS activities, and the size of the attacks (40Gbps) was relatively small, if accurately reported. Some media outlets linked the attacks to Russia, claiming they were retribution for recent reports of Dutch intelligence agencies infiltrating the Russia-linked group “APT-29” (Cozy Bear).
On 29 January 2018 AnonPlus announced a new phase of OpCatalunya, the Anonymous operation supporting Catalan independence. OpCatalunyaNew has so far caused many DDoS claims and affected several Spanish companies across a variety of sectors. The catalyst may likely have been a Spanish Constitutional Court ruling on the investiture of regional president Carlos Puigdemont, an independence supporter. The coordination of the new campaign by small groups indicates the growing split in the Anonymous collective and has enabled operations to gain longevity and consistency of targeting.
Cisco released software updates addressing a remote code execution (RCE) vulnerability affecting Cisco Adaptive Security Appliance (ASA) software. There has been no proof of concept exploit code identified at the time of writing for vulnerability CVE-2018-0101, nor any reports of exploitation by threat actors. However, as RCE vulnerabilities are attractive to threat actors, exploitations are a realistic possibility in the next three months to a year. Cisco provided list of affected products, as well as details on how to identify vulnerable software versions.
Listen to this week’s podcast episode here:
Subscribe to our weekly newsletter to get the latest podcast and other research by Digital Shadows.