Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Richard Gold and Rose Bernard join Michael Marriott to talked about updates to the Satori botnet, which has expanded to incorporate new IoT devices using TCP port 5555. Amid news of a new wave of OilRig attacks, a Middle Eastern espionage campaign, we dive into PowerShell security risks and provide advice on best practices for those using PowerShell. For more information on PowerShell Security Best Practices, check out our blog https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/. Finally, we assess the Dragonfly campaign against U.S. power grids, and understand what it all means.
The United States Department of Homeland Security has only recently released details of a 2017 campaign that targeted undisclosed United States energy companies. The campaign was orchestrated by suspected Russian nation-state threat group “Crouching Yeti” (aka Dragonfly). The group’s members allegedly conducted spearphishing and watering hole attacks to steal credentials from third-party suppliers, enabling access to United States utility networks. The details may have been released to strengthen the political credibility of United States intelligence services in the eyes of the public and the media; the release occurred during a period of conflict between the intelligence services and the presidential administration about the severity of the Russian cyber threat.
Microsoft reported that Russian nation-state linked threat group “APT-28” (aka Fancy Bear) has targeted the United States 2018 mid-term political elections through a phishing campaign against certain undisclosed candidates. The phishing emails were similar to those sent in previous APT-28 campaigns against the Democratic National Committee (DNC) in 2016 prior to the presidential election: both used fake Microsoft domains as command-and-control sites.
LabCorp, one of the largest clinical laboratories in the United States, was subjected to a “SamSam” ransomware attack. Attackers reportedly accessed the laboratory’s network via brute-force cracking password attempts against remote desktop protocol ports exposed to the Internet. The attack infected approximately 7,000 systems and 1,900 servers, but remediation efforts were implemented quickly; no data was reportedly stolen or misused during the incident. SamSam has a lucrative history in use against healthcare entities, as well as government systems in the United States city of Atlanta and the state of Colorado’s Department of Transportation.
Singapore’s Ministry of Health released a statement detailing the theft of 1.5 million patient records from a healthcare group in that country. Attackers used privileged credentials to access a database, although the original infection vector remains unknown. Attacks on healthcare providers are increasing, as financially motivated threat actors seek information that is easily monetized on the dark Web; patient details can be re-sold and used for other fraudulent activities, or to tailor spearphishing campaigns.