ShadowTalk Update – 10.01.2018
October 1, 2018
Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the Information Commissioner’s Office (ICO). We look at the lessons learned.
Black Rose Lucy redefines threat of malware-as-a-service (MaaS)
Security researchers identified a new MaaS botnet bundle targeting users of Android mobile devices in France, Israel and Turkey. Dubbed Black Rose Lucy and attributed to the Russian-speaking threat group Lucy Gang, the malware features an easy-to-use interface that could appeal to low-level threat actors who purchase malware services. What’s more, this MaaS allows threat actors to upload and deploy their own malware for distribution among infected devices. Black Rose Lucy has exhibited persistence and profiling capabilities, and several improved versions have also been identified, suggesting its creators are actively developing it and seeking a global customer base. The trend of threat groups or threat actors purchasing MaaS will likely continue in the mid-term future (between three months to a year).
Virobot ransomware uses botnet tricks to spread
The ransomware strain “Virobot”, originally identified on September 17, 2018, has been found to use botnet capabilities to propagate. Virobot can encrypt a mobile device or machine’s files and post a ransom demand to the victim’s home. It can also access the victim’s Microsoft Outlook account, attaching a copy of itself to distribute via email to further victims. Virobot has not been attributed to any known ransomware family or known threat actor.
Port of Barcelona withstands cyber attack by unknown threat actors
On September 20, 2018 several servers belonging to Spain’s Port of Barcelona were targeted in a cyber attack. Maritime and land-based operations were reportedly unaffected, including the delivery and distribution of goods and the scheduling of ships docked at the port, making the overall attack impact low. A motive and attribution for the attack are unknown at the time of writing. Due to the volume and potential value of goods handled, shipping ports and transport hubs make lucrative targets for attackers wishing to obtain sensitive or financial information, or to cause disruption and subsequent revenue loss.
Cryptocurrency heist hits Japan with USD 60 million theft
On September 14, 2018 6.7 billion Japanese yen (approximately $60 million) was stolen in a cyber attack on the Japanese cryptocurrency exchange Zaif, which is owned by Tech Bureau Corp. The targeted attack occurred over two hours and saw the theft of Bitcoin, Monacoin and Bitcoin Cash currencies. Approximately 67 percent of the stolen funds belonged to customers, and the rest belonged to Zaif. Attribution and technical details of the attack are not known at the time of writing. Cryptocurrency exchanges will continue to be a popular target for cybercriminals and financially motivated state-affiliated threat actors in the mid-term future.
To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.