Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise, Pst! Cybercriminals on the Outlook for Your Emails. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without taking over accounts, criminals can get their hands on sensitive financial information. We dig into the 12.5 million exposed email archives that are available through misconfigured online file stores, including invoices, purchase orders, and payments. Finally, we provide advice for mitigating these risks.
The first observed use of a UEFI rootkit has been attributed to the APT-28 (aka Fancy Bear, Sofacy, Sednit, Strontium) threat group. Previously the rootkit was known only as a hypothetical proof of concept with no evidence of successful deployment. APT-28 used a trojanized version of the legitimate LoJack anti-theft software to embed the rootkit in a machine’s UEFI firmware, allowing persistence and serving as a backdoor to deliver additional malicious payloads. The campaign reportedly targeted government organizations in the Balkans, as well as Central and Eastern Europe. Security researchers at ESET have dubbed the malware LoJax.
On 25 Sep 2018 social media company Facebook detected a vulnerability in one of its site’s features that potentially allowed attackers to take over accounts. Unidentified attacker(s) reportedly exploited the vulnerability in the site’s platform to harvest user access tokens for approximately 50 million Facebook accounts. These tokens contain the security credentials for a login session and identify the user. It is not known whether the attackers used the tokens to gain control of individual accounts. The vulnerability has since been patched, and the tokens for 90 million users have been reset. Facebook is conducting investigations, and more information is likely to become available in the immediate future.
A ransomware attack has affected the administrative processes of California’s Port of San Diego in the United States. The ransom note demanded an undisclosed sum in Bitcoin (a cryptocurrency) after being delivered to the port via an unknown ransomware variant by an unidentified threat actor. This is the second recently reported incident affecting a port authority: On 24 Sep 2018 it was reported that the computer servers at Spain’s Port of Barcelona had been targeted, although the attack caused no impact on its maritime or land-based services. Ports are lucrative targets for threat actors wishing to obtain sensitive or financial information, or to cause disruption to daily operations. Due to the criticality of maritime operations, attacks against ports will likely continue in the long term.
Researchers cited a financially motivated North Korean espionage group, dubbed APT38, as responsible for several high-profile thefts from financial institutions beginning in 2014. The thefts were previously attributed to Lazarus Group, and researchers believe APT38 operates closely with the Lazarus Group’s operations but is distinctly separate from them. The newly identified group is thought to focus only on financial gain for North Korea.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.