ShadowTalk Update – 09.03.2018
September 3, 2018
Not a week goes by without an example where credential stealing, credential reuse, or poor password practices contributed heavily to a successful attack. With this in mind, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. In this week’s ShadowTalk we covered the ways in which attackers steal and take advantage of credentials, what most companies are getting wrong, and the steps you can take to improve your overall credential hygiene practices.
OilRig adds to its social-engineering bag of tricks
The OilRig threat group has continued to target entities in the oil-and-gas industry via a spearphishing and information-gathering campaign. In the 2017 campaign the group introduced a new tactic to its modus operandi by spoofing an online human resources portal. This demonstrates an increase in the effort, resources and intent OilRig is expending to achieve its goal: the acquisition of credentials and personal information.
Cyber security researcher discloses unpatched Windows zero-day vulnerability
Details of a Microsoft Windows zero-day vulnerability, recently announced by a cyber-security researcher, could enable exploitation by an attacker before a patch is released. A threat actor could use the vulnerability, which can exploit a fully patched 64-bit Windows 10 system, to escalate privileges locally on a target user’s computer. The vulnerability will likely be fixed as part of Windows’ next monthly patch update, due on 11 Sep 2018.
Lazarus Group’s FallChill backdoor can now target macOS
Backdoor malware associated with the Lazarus Group has been developed to target macOS devices and was used in an attack against a cryptocurrency exchange. Dubbed FallChill, this appears to be the first known instance of Lazarus Group-associated malware targeting this operating system. The cryptocurrency exchange was targeted with a trojanized cryptocurrency trading application. The tactics and techniques in this incident, as well as the targeting, are all consistent with historical Lazarus Group activity.
T-Mobile subject to breach potentially impacting 2 million customers
Telecommunications company T-Mobile was subject to a breach by an unauthorized third party on 20 Aug 2018. No financial data or social security numbers were said to have been compromised. However, the threat actor was allegedly able to access names, ZIP codes, phone numbers, email addresses, account numbers and account types for two million customers. Speculation about the compromise of passwords has been denied by T-Mobile and has yet to be confirmed.
To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.