Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Following from our recent research, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, the team discuss the phishing techniques favoured by all types of attackers, whether sophisticated criminal, nation state or low-level hacker. By looking at details revealed in law enforcement indictments, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year.
A recent sextortion cyber campaign has been observed using new tactics to increase effectiveness. In a typical sextortion-themed email, attackers included a malicious URL that purportedly linked to a PowerPoint file with compromising images of the recipient. Instead, the link directed victims to a downloader that installed the “GandCrab” ransomware, prompting victims to pay in order to decrypt their files. Threat actors will likely continue to conduct similar campaigns within the next six months. They can further adapt techniques to install other malware, such as remote-access trojans, banking trojans or spyware, depending on an attacker’s objective. Using multi-pronged techniques can increase the potential payout of already-lucrative campaigns.
An ongoing phishing campaign dubbed Operation Poison Needles has targeted a Russian healthcare facility attended by high-ranking members of the Russian Federation. The zero-day vulnerability, identified as CVE-2018-15982, exists in Adobe Flash and enables attackers to execute malicious code on a victim’s computer. To avoid detection, the attackers signed the malicious payload with a legitimate, but now revoked, security certificate. Attribution for the campaign is unconfirmed; zero-day vulnerabilities are usually associated with advanced persistent threat groups that have the technical sophistication to exploit such flaws.
A botnet composed of infected WordPress websites has recently been used to attack other sites on the content publishing platform. The botnet campaign takes advantage of the “multicall” functionality of WordPress’s XML-RPC interface to gain access to privileged accounts and attack other vulnerable WordPress websites. A patch has been released to address this threat, and developers have blocked over five million malicious authentication attempts associated with this campaign. However, malicious actors are likely to target this flaw to exfiltrate data from vulnerable websites in the immediate future (next few days or weeks).
To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.