ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera BugNovember 18, 2019
Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT workshop at BSidesDFW and how you can access the training materials, plus Harrison reviews his latest research into dynamic CVVs within the security realm. Finally the team looks at the recent news around the Facebook camera bug and how the public is reacting.
Listen below 👇👇👇
Updates from this week’s Intelligence Summary
- In the spotlight this week: Multiple reports of successful ransomware attacks have highlighted the risk to organizations of all sizes but, despite the media attention, other extortion tactics are being overlooked.
- Weekly highlights include: The United States Cyber Command released samples of North Korea-associated malware, the advanced persistent threat (APT) group “Platinum” targeted organizations in Asia, and threat actors took aim at outdated versions of “Adminer” to compromise Magento and WordPress platforms.
Extortion methods a blind spot for all sizes of business
Recent reporting has indicated that ransomware continues to pose a significant threat to organizations of all sizes, especially since the demise of the GandCrab ransomware variant and the subsequent public attention given to this attack method. Reports have often focused on high-profile attacks targeting large organizations, but this is potentially skewing the perception of who ransomware typically targets―most frequently, the victims are small and mid-sized entities. Moreover, extortion methods are not confined to ransomware, and other methods pose a persistent threat. Data breach extortion, sextortion, and ransom denial of service (RDoS) have all been reported in recent months, and organizations of all sizes should pay attention to the developments in this threat landscape as they can often be overlooked.
US Cyber Command publishes North Korean malware samples
The United States Departments of Defense has identified and released several malware samples (two backdoors, backdoor builders, and two loaders) associated with unspecified North Korea-associated threat actors. The United States Cyber Command stated that these samples likely originated from financially motivated attacks targeting the SWIFT interbank messaging system. The impact made by the tools associated with these samples is unknown at the time of writing; however, they are regarded as highly sophisticated and will likely feature in future operations tied to North Korea-linked malicious activity.
Platinum tool wielded against Asian nations
The cybercriminal APT group Platinum was observed targeting Indonesia, Malaysia, and Vietnam with a new tool called Titanium. The attacks used a highly sophisticated delivery mechanism to deliver the trojan backdoor aspect of the Titanium tool. Platinum is known to be highly capable and employ significant technical skills in attacks. Given the sophistication of Titanium, these capabilities are likely to further increase. Platinum typically targets Asian nations , so additional attacks testing Titanium’s applicability will likely be observed in that region in the short- to mid-term future.
Code injection attacks hit websites using Adminer
In November 2019 cyber-security researchers identified a substantial number of code injection attacks targeting Magento and WordPress websites that use versions of Adminer, including 4.6.3 and prior versions. Threat actors sought to identify adminer.php, adminer-4.2.5.php, and adminer-4.3.0-mysql-en.php files, to allow them to connect to a threat actor-controlled remote server and use stolen credentials to inject custom code. These attacks have reportedly been ongoing for the past two years.
For more details, read the full Weekly Intelligence Summary here: