ShadowTalk Update – 12.10.2018

ShadowTalk Update – 12.10.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
December 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog, ‘2019 Cyber Security Forecasts’. Alternatively, register for our upcoming webinar with the FBI.

 

 

Marriott confirms data of 500 million guests breached

The hotel chain Marriott International confirmed that a data breach by an unknown threat actor exposed approximately 500 million guests’ details. Around 367 million of the records included personally identifiable information (PII), passport numbers and financial information pertaining to guests’ accounts with Starwood, a subsidiary Marriott acquired in 2016. Because the data was sourced from Starwood and unauthorized access had reportedly occurred in 2014, this incident highlights the cyber security risks (including financial loss and reputational damage) an organization can become exposed to through mergers and acquisitions. The breach has also posed various potential political, legal and regulatory challenges for Marriott.

US government indicts SamSam ransomware author-operators

Two individuals reportedly responsible for creating, modifying and distributing the SamSam ransomware have been charged by the United States government. With their Bitcoin wallet addresses publicly attributed to SamSam activity, the individuals have been placed on the Specially Designated Nationals and Blocked Persons List; organizations paying ransomware extortion fees to their addresses risk violating United States economic sanctions.It is realistically possible that SamSam will target other geographies, and/or could set up new Bitcoin addresses that are not linked to the indicted individuals.

thedarkoverlord claims compromise of US insurance company

Extortionist thedarkoverlord has likely obtained an unidentified United States insurance company’s database. The threat actor’s associated Twitter account referred to the breach and a subsequent extortion demand. Given thedarkoverlord’s previous history of successful attacks, it is likely a credible demand. If the affected company does not pay the ransom, thedarkoverlord will likely publish any sensitive information obtained, potentially via the dark Web forum KickAss, on which the threat actor has recently become active.

Energy companies among victims of AutoCAD-based malware espionage

An industrial espionage campaign distributing malware based on the design software AutoCAD has reportedly been targeting the renewable-energy and automotive sectors, among others, since 2014. The perpetrators distributed stolen computer-aided design (CAD) files that were designed to lure victims into installing downloader malware onto their network. AutoCAD is a popular application and includes some auto-loading features, which the attackers also abused to execute malicious scripts.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...