ShadowTalk Update – 1.14.19
January 14, 2019
We’ve just released our first Weekly Intelligence Summary episode of ShadowTalk. In this new track, Harrison Van Riper will be interviewing our security analysts to get their take on the top security stories of the week. You can also read their in-depth findings and analysis via the Weekly Intelligence Summary report. Our main story in this episode involves the leak of personal information from several German political parties. We hope you enjoy this new track!
Highlights from the week include: a new data skimming campaign attributed to the threat group “Magecart”, a security researcher’s phishing-campaign tool that can bypass two-factor authentication (2FA) and a ransomware campaign using a fake charity to emotionally blackmail victims.
Far-right hacktivist leaks sensitive data on high-profile Germans
Throughout December 2018, a German hacktivist publicly released sensitive data on German politicians and entertainers, which they allegedly obtained by accessing social media and email accounts using popular passwords. This leak demonstrates the need for good digital hygiene across personal and professional accounts.
OXO International breach pinned on Magecart
Modlishka phishing tool bypasses 2FA
A security researcher has developed a phishing tool capable of bypassing 2FA systems. The tool, dubbed Modlishka, works between the user and the target website and allows the user to access legitimate sites while the attacker intercepts any credentials and 2FA codes. A threat actor would then be able to log in using the 2FA key and the stolen credentials. The real-time aspect of Modlishka’s interception process makes it resource intensive, and therefore unlikely to be used in mass phishing campaigns; however, it could be used in targeted attacks. Although there are no reports of it being used in the wild yet, as the use of 2FA grows, threat actors will likely adopt similar tactics in the short- to mid- term future (within six months).
Ransomware uses fake charity to extort victims
The “Cryptomix” ransomware has been observed in a new campaign that uses a fake charity in its ransom demands. After infection and encryption of files, the victim is shown a message that uses stolen information from legitimate crowdfunding sites related to ill children. The message claims that all Bitcoin payments made as part of a ransom will be donated to a fictitious charity. This is the first recorded instance of ransomware exploiting real children in extortion efforts. As ransomware becomes more prevalent, attack campaigns are using additional tactics to ensure payment, such as sextortion scams. Such efforts are likely attempts to capitalize on the victim’s moral and charitable tendencies by convincing them to pay.
For more details, read the full Weekly Intelligence Summary here:
To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.