ShadowTalk Update – 10.22.2018

ShadowTalk Update – 10.22.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
October 22, 2018 | 3 Min Read

In this week’s ShadowTalk, following on from last week’s conversation on how managed service providers can increase your attack surface, Simon Hall and Richard Gold join Rafael Amado to discuss supply chain risks. With so much to cover, the team break this topic down into hardware, software and third-party service risks, including examples such as the MeDoc-NotPetya campaign and the recent SuperMicro hardware allegations. We provide good practices for those looking to improve their risk management processes.



Exposure of fitness database illuminates risk to all sectors

In early October 2018 security researchers identified an exposed database belonging to the fitness performance tracking company FitMetrix, left vulnerable to malicious threat actors. The database contained 113–122 million records (119GB of data), including names, email addresses and birthdates. A ransom note was found in the database, likely indicating an unsuccessful ransomware attempt, given that the data was left intact. Threat actors have automated tools that can search for and access vulnerable Internet-facing databases in all sectors, and those of many third-party suppliers. Stolen data can be used for extortion or sold on criminal marketplaces and forums, presenting financial and reputational risks to victim organizations.


New CartThief malware attacks similar to those of Magecart

Security researchers have identified the new “CartThief” malware, which has similarities with the tools of notoriousthreat group“Magecart”and has, similarly, targeted payment pages of Magento-hosted retail websites. CartThief has been deemed more sophisticated, having two main features that increase its covert capabilities:It can encode collected data on its command-and-control (C2) server and it deliberately excludes user-identifying cookies. Given the reportedly smaller target list than seen with Magecart attacks, there is a realistic possibility that the observed CartThief attacks were part of a malware testing phase.


Ryuk ransomware targets North Carolina utility provider

The Onslow Water and Sewer Authority (ONWASA), a water utility company in the United States county of Onslow, North Carolina, announced it was severely affected by a ransomware attack on 13 Oct 2018. Starting nine days prior, ONWASA experienced attacks from the “Emotet”malware, which subsequently installed the “Ryuk”ransomware. The ransomware spread across different systems of the organization, encrypting files and disrupting services. Customer information was reportedly not affected, but several critical operations, such as service orders and account creation, were reduced to manual processes. Although technical details were not provided, it is likely that malicious emails were used as an initial infection vector. Ryuk has previously been linked to the “Lazarus Group”, although it is not known whether that threat group was involved in this attack.


Data breach of Pentagon’s commercial vendor potentially affected 30,000 individuals

On 13 Oct 2018 it was reported that an unnamed commercial vendor of the Pentagon, the headquarters of the United States Department of Defense, experienced a data breach by an unknown threat actor. The breach could have affected up to 30,000 individuals, compromising potentially sensitive information and credit card data of government workers and civilians. The defense department has since confirmed it has taken steps to have the vendor “cease performance under its contracts.” No classified data was reportedly exposed, and affected individuals have been informed and offered fraud protection services. Government and defense organizations are likely to continue to attract financially motivated and espionage-motivated threat actors.


To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Azure AD: Auto Validate Exposed Credentials

Azure AD: Auto Validate Exposed Credentials

January 19, 2021 | 3 Min Read

SearchLight customers can now automatically...
ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

January 18, 2021 | 3 Min Read

ShadowTalk hosts Alec, Charles, Austin, and...
Targets and Predictions for the COVID-19 Threat Landscape

Targets and Predictions for the COVID-19 Threat Landscape

January 14, 2021 | 7 Min Read

Note: This blog is part of our ongoing...
Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

January 13, 2021 | 9 Min Read

It’s often the case that a sequel to a...