ShadowTalk Update – 12.10.2018December 10, 2018
In this week’s ShadowTalk, Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog, ‘2019 Cyber Security Forecasts’. Alternatively, register for our upcoming webinar with the FBI.
Marriott confirms data of 500 million guests breached
The hotel chain Marriott International confirmed that a data breach by an unknown threat actor exposed approximately 500 million guests’ details. Around 367 million of the records included personally identifiable information (PII), passport numbers and financial information pertaining to guests’ accounts with Starwood, a subsidiary Marriott acquired in 2016. Because the data was sourced from Starwood and unauthorized access had reportedly occurred in 2014, this incident highlights the cyber security risks (including financial loss and reputational damage) an organization can become exposed to through mergers and acquisitions. The breach has also posed various potential political, legal and regulatory challenges for Marriott.
US government indicts SamSam ransomware author-operators
Two individuals reportedly responsible for creating, modifying and distributing the SamSam ransomware have been charged by the United States government. With their Bitcoin wallet addresses publicly attributed to SamSam activity, the individuals have been placed on the Specially Designated Nationals and Blocked Persons List; organizations paying ransomware extortion fees to their addresses risk violating United States economic sanctions.It is realistically possible that SamSam will target other geographies, and/or could set up new Bitcoin addresses that are not linked to the indicted individuals.
thedarkoverlord claims compromise of US insurance company
Extortionist thedarkoverlord has likely obtained an unidentified United States insurance company’s database. The threat actor’s associated Twitter account referred to the breach and a subsequent extortion demand. Given thedarkoverlord’s previous history of successful attacks, it is likely a credible demand. If the affected company does not pay the ransom, thedarkoverlord will likely publish any sensitive information obtained, potentially via the dark Web forum KickAss, on which the threat actor has recently become active.
Energy companies among victims of AutoCAD-based malware espionage
An industrial espionage campaign distributing malware based on the design software AutoCAD has reportedly been targeting the renewable-energy and automotive sectors, among others, since 2014. The perpetrators distributed stolen computer-aided design (CAD) files that were designed to lure victims into installing downloader malware onto their network. AutoCAD is a popular application and includes some auto-loading features, which the attackers also abused to execute malicious scripts.