We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
November 26, 2018 | 3 Min Read

With Black Friday kicking off the holiday spending season, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats faced by retailers and online shoppers. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holidays from our investigations of online forums and messaging applications.

 

 

Double trouble for Russian banks in new spearphishing attacks

Two sophisticated cybercrime groups have been observed targeting unnamed Russian banks in new spearphishing campaigns. The campaigns have been attributed to the Silence and MoneyTaker threat groups, which have both historically targeted Russian banks to conduct large-scale thefts. While the groups employed similar tactics and techniques, there was no indication they collaborated on these attacks.

 

Researchers attribute new RAT campaign to TA505 threat group

Security researchers have attributed a new remote-access trojan (RAT) called tRat to the threat actor “TA505.” The RAT has been observed in malicious campaigns targeting commercial banking institutions during September and October 2018. tRat is likely in a testing phase as its full capabilities have not been deployed in the wild to date. The malware can retrieve additional modules designed to target different browsers and platforms, meaning the RAT can be tailored to the attacker’s objectives.

 

DarkGate malware offers variety of functions for financially-motivated attackers

An unknown threat actor has deployed a new malware variant dubbed DarkGate against Windows-based devices in Europe to conduct financially-motivated attacks. This sophisticated multifunctional malware can steal and mine cryptocurrency, deploy ransomware and facilitate the remote control of infected devices. To date, DarkGate has only targeted online users in Europe but could feasibly be deployed against additional geographies in future.

 

Active campaign targets Linux-based Drupal systems with DirtyCOW and Drupalgeddon2 exploits

Threat actors are targeting two popular vulnerabilities in Linux-based Drupal systems to secure root access or perform remote code execution on devices. Attackers identified vulnerable systems running outdated versions of Drupal and attempted to exploit Drupalgeddon2 to establish a foothold on the network. If unsuccessful, they next attempted to exploit DirtyCOW to obtain root access privileges. Both vulnerabilities have been patched but a significant number of devices remain at risk. The Drupal content management system is a lucrative target because of its popularity, with an estimated 2.3% of all websites using this system. Attribution for the attacks was unconfirmed at the time of writing.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...