Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and Oracle applications, the increase in publicly-available exploits, and the threat actors we have observed targeting the sensitive data held within these applications. Download the full report, ERP Applications Under Fire, to learn more.
The once-prolific banking trojan Kronos has resurfaced in three active campaigns, each using different infection techniques and targeting different geographies. This revived activity coincides with an advertisement on criminal forums for a trojan called Osiris, which has similarities to Kronos and is referenced in one of the campaigns. This could indicate an attempt to rebrand the trojan. Read our recent blog on banking trojans to find out more.
Unidentified threat actors successfully targeted “the supply-chain of a supply-chain” to distribute cryptocurrency miner malware. A software vendor hosting additional packages for a PDF editing application was compromised, effectively turning the app’s installer into a malware distributor. The campaign’s overall impact was low, as only a small number of users were impacted. However, this attack method was sophisticated and highlights the increasing risks posed by supply-chain attacks.
Extortion threat actor(s) thedarkoverlord posted a link on their Twitter account to a downloadable folder containing potentially sensitive healthcare information. The data had allegedly been sourced from a doctor in Florida, United States, and was likely published after a failed extortion attempt. This latest attack is consistent with thedarkoverlord’s previous targeting of the healthcare sector and use of sensitive data for extortion purposes, meaning such tactics may continue.
The threat group “DarkHydrus” targeted government entities in the Middle East with a custom PowerShell backdoor malware. The group sent spearphishing emails containing Excel Web Query files—text files containing a URL automatically opened by Excel. The Necurs botnet recently exploited this same file type in a campaign to deliver a remote access trojan. DarkHydrus has been active since early 2016, and originally abused legitimate open-source tools for malicious purposes. Their custom backdoor “RogueRobin” was potentially pieced together using code from these tools.
To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.