ShadowTalk Update – 10.01.2018

ShadowTalk Update – 10.01.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
October 1, 2018 | 3 Min Read

Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the Information Commissioner’s Office (ICO). We look at the lessons learned.

 

Black Rose Lucy redefines threat of malware-as-a-service (MaaS)

Security researchers identified a new MaaS botnet bundle targeting users of Android mobile devices in France, Israel and Turkey. Dubbed Black Rose Lucy and attributed to the Russian-speaking threat group Lucy Gang, the malware features an easy-to-use interface that could appeal to low-level threat actors who purchase malware services. What’s more, this MaaS allows threat actors to upload and deploy their own malware for distribution among infected devices. Black Rose Lucy has exhibited persistence and profiling capabilities, and several improved versions have also been identified, suggesting its creators are actively developing it and seeking a global customer base. The trend of threat groups or threat actors purchasing MaaS will likely continue in the mid-term future (between three months to a year).

 

Virobot ransomware uses botnet tricks to spread

The ransomware strain “Virobot”, originally identified on September 17, 2018, has been found to use botnet capabilities to propagate. Virobot can encrypt a mobile device or machine’s files and post a ransom demand to the victim’s home. It can also access the victim’s Microsoft Outlook account, attaching a copy of itself to distribute via email to further victims. Virobot has not been attributed to any known ransomware family or known threat actor.

 

Port of Barcelona withstands cyber attack by unknown threat actors

On September 20, 2018 several servers belonging to Spain’s Port of Barcelona were targeted in a cyber attack. Maritime and land-based operations were reportedly unaffected, including the delivery and distribution of goods and the scheduling of ships docked at the port, making the overall attack impact low. A motive and attribution for the attack are unknown at the time of writing. Due to the volume and potential value of goods handled, shipping ports and transport hubs make lucrative targets for attackers wishing to obtain sensitive or financial information, or to cause disruption and subsequent revenue loss.

 

Cryptocurrency heist hits Japan with USD 60 million theft

On September 14, 2018 6.7 billion Japanese yen (approximately $60 million) was stolen in a cyber attack on the Japanese cryptocurrency exchange Zaif, which is owned by Tech Bureau Corp. The targeted attack occurred over two hours and saw the theft of Bitcoin, Monacoin and Bitcoin Cash currencies. Approximately 67 percent of the stolen funds belonged to customers, and the rest belonged to Zaif. Attribution and technical details of the attack are not known at the time of writing. Cryptocurrency exchanges will continue to be a popular target for cybercriminals and financially motivated state-affiliated threat actors in the mid-term future.

 

To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.

 

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...