ShadowTalk Update – 11.12.2018

ShadowTalk Update – 11.12.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
November 12, 2018 | 2 Min Read

In this week’s ShadowTalk, we discuss the big vulnerability and exploit stories of the week. The team discuss the Cisco denial- of-service vulnerability affecting its Adaptive Security Appliance (ASA), as well as a vulnerability in Oracle’s VirtualBox technology posted to GitHub. Dr. Richard Gold, Rafael Amado and Michael debate the benefits and drawbacks of bug bounty programs, how you should consider operational value when assessing vulnerabilities, and the U.S. Cyber Command’s publication of malware samples to VirusTotal.

 

 

TrickBot updated with password stealing module

A password grabber module that enables the theft of login credentials from several applications and popular browsers has been added to the TrickBot banking trojan. TrickBot traditionally targets banks by using stolen credentials to facilitate fraudulent transactions; the password grabber will likely be used for these purposes in the next six months.

The addition of the password grabber module exemplifies TrickBot’s continuous evolution: The trojan’s modular structure simplifies the frequent addition of new capabilities and functions while also facilitating the use of TrickBot in conjunction with other malware, such as the Emotet banking trojan. The TrickBot toolkit’s diversity has enabled its use in campaigns beyond the banking sector. As TrickBot continues to evolve, its targets will highly likely continue to diversify, representing an extremely credible threat to a range of sectors.

 

Sensitive documents stolen from French third-party supplier

An unknown threat actor reportedly accessed a data server managed by French engineering and consultancy firm Ingérop. The attacker stole around 65GB of sensitive files, including technical plans and documents for nuclear energy plants and high-security prisons. Third-party suppliers, such as Ingérop, are popular targets for threat actors given their potential access to sensitive data from a variety of organizations; they will likely be victims of future data breaches.


Majority of Pakistani banks reportedly affected in recent data breach incident

A recent data breach reportedly impacted almost all Pakistani banks and led to the fraudulent transfer of funds from customers’ accounts. Although investigations are ongoing, the campaign allegedly involved more than 100 separate incidents. It does not appear that the interbank communication system was compromised; the campaign more likely involved a large-scale “skimming” campaign that targeted Pakistani bank customers directly. The identity of the threat actor(s) involved is unknown, but the campaign was highly likely conducted for financial gain.

 

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...