Shadow Talk Update – 04.30.2018

Shadow Talk Update – 04.30.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
April 30, 2018 | 2 Min Read

In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in MikroTik routers, DDoS market shutdowns, and the profitability of cryptocurrency mining.

 

 

Orangeworm actively targets healthcare via supply chain

Security software company Symantec reported on a newly identified threat group called Orangeworm, observed targeting entities in the healthcare industry with custom backdoor malware. Multiple geographies have been affected, which is likely the result of Orangeworm attacking international organizations. Orangeworm conducted information theft and reconnaissance, but the group’s exact motives are unconfirmed at the time of writing.

 

Spam campaign drops multiple payloads

A new spam campaign is targeting multiple geographies with a quartet of malware that comprises the “Adwind” RAT, backdoors “XTRAT” and “DUNIHI”, and the information stealer “Loki Bot. All the payloads are highly configurable and enable various malicious activities, including information theft and remote-access tasks. This is the first reported instance of the malware being bundled together in a spam campaign, having previously been distributed in separate attacks.

 

Botnet exploits Drupal vulnerability

A botnet is actively targeting six exploits, including the remote code execution (RCE) vulnerability affecting the Drupal CMS. Its aim is to perform DoS attacks and mine cryptocurrencies. CVE-2018-7600 was classified as “highly critical” when publicly announced, and security updates have been released to address the flaw. This is the first identified incident of a threat actor targeting this vulnerability. Based on the popularity of RCE exploits, additional targeting is highly likely in the immediate future (next few weeks).

 

Threat actor zeroes in on Internet Explorer zero-day vulnerability

Security company Qihoo360 reported the exploitation of a zero-day vulnerability affecting the Internet Explorer browser’s kernel code by an unidentified threat actor. The vulnerability was labeled a “double play” loophole, but Microsoft has yet to release more technical details or information pertaining to the exploitation. The flaw reportedly affects all current versions of Internet Explorer and applications using the kernel.

The critical code of the kernel is usually loaded into a separate area of memory, which is protected from access by application programs or other, less critical parts of the operating system.

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...