Shadow Talk Update – 03.12.2018

Shadow Talk Update – 03.12.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
March 12, 2018 | 3 Min Read

This week’s Shadow Talk features more distributed denial of service (DDoS) attacks using Memcached servers, how disinformation is more than just a political concern, updates on the Spectre vulnerability following the release of a new proof of concept (POC) exploit, and more reporting on the historical network intrusion against the German government.

Memcached DDoS attacks break peak volume records

Attackers using Memcached reflection, a type of DDoS attack, have twice achieved the highest recorded peak volumes since 27 February. An attack on the code-sharing website GitHub reached 1.35Tbps, and a subsequent attack on an unnamed company in the United States peaked at 1.7Tbps. The peak was helped by the availability of internet-facing Memcached servers listening on user datagram protocol (UDP) port 11211 without traffic filtering. The media attention garnered by these attacks likely prompted opportunistic extortion attempts reported in the past week. Efforts have been made to reduce the number of internet-facing Memcached servers susceptible to this attack method, but the threat is unlikely to disappear in the next month.

 

Disinformation campaign aimed at Persian speakers

A disinformation campaign intended to influence Persian speakers and discredit Western media outlets has been in operation for approximately seven years. The campaign implicated some legitimate media outlets, such as the BBC, by establishing fake websites impersonating them. No malware was delivered in this campaign. Despite the use of disinformation campaigns for political objectives, the wide availability of tools and relatively low costs associated with performing these operations means that disinformation is also a threat to businesses in a variety of industries. Download a copy of our research report, The Business of Disinformation: A Taxonomy, to see tools actors can turn to when waging disinformation campaigns and what it means for organizations in the next year.

 

Researchers publish PoC exploit for SgxPectre

Researchers at the University of Ohio, in the United States, released PoC code for a vulnerability dubbed SgxPectre, a claimed variation of the “Spectre” vulnerability. SgxPectre enables unauthorized access to sensitive data protected by Intel’s Software Guard eXtensions (SGX). The vulnerability affects runtime libraries, meaning any program using SGX is potentially vulnerable. Release of any PoC code has previously encouraged threat actors to attempt exploitation of vulnerabilities, but in this case no such attempts have yet been detected. It is not known which types of information can be accessed by exploiting this vulnerability, or how easy it is to exploit.

 

Historical compromise of German government now linked to Turla

Attackers infected 17 computers in the German Federal Foreign Office with an undisclosed malware variant. The malware exfiltrated data and received commands using Microsoft Outlook. The intrusion, first reported 28 February 2018, affected the Foreign Office from March 2017 to December 2017. Attribution was initially made to the threat group “APT-28” (aka Fancy Bear), but journalists later cited the threat group “Turla”. The attack was said to be part of a wider campaign affecting multiple geographies and was likely conducted by a well-resourced group.

 

Subscribe to our weekly newsletter to get the latest podcast and other research by Digital Shadows.

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...