Get the latest Vulnerability Intelligence Roundup
Threat Intelligence / ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
November 18, 2019 | 3 Min Read

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT workshop at BSidesDFW and how you can access the training materials, plus Harrison reviews his latest research into dynamic CVVs within the security realm. Finally the team looks at the recent news around the Facebook camera bug and how the public is reacting.

Listen below 👇👇👇

Updates from this week’s Intelligence Summary

  • In the spotlight this week: Multiple reports of successful ransomware attacks have highlighted the risk to organizations of all sizes but, despite the media attention, other extortion tactics are being overlooked.
  • Weekly highlights include: The United States Cyber Command released samples of North Korea-associated malware, the advanced persistent threat (APT) group “Platinum” targeted organizations in Asia, and threat actors took aim at outdated versions of “Adminer” to compromise Magento and WordPress platforms.


Extortion methods a blind spot for all sizes of business

Recent reporting has indicated that ransomware continues to pose a significant threat to organizations of all sizes, especially since the demise of the GandCrab ransomware variant and the subsequent public attention given to this attack method. Reports have often focused on high-profile attacks targeting large organizations, but this is potentially skewing the perception of who ransomware typically targets―most frequently, the victims are small and mid-sized entities. Moreover, extortion methods are not confined to ransomware, and other methods pose a persistent threat. Data breach extortion, sextortion, and ransom denial of service (RDoS) have all been reported in recent months, and organizations of all sizes should pay attention to the developments in this threat landscape as they can often be overlooked.


US Cyber Command publishes North Korean malware samples

The United States Departments of Defense has identified and released several malware samples (two backdoors, backdoor builders, and two loaders) associated with unspecified North Korea-associated threat actors. The United States Cyber Command stated that these samples likely originated from financially motivated attacks targeting the SWIFT interbank messaging system. The impact made by the tools associated with these samples is unknown at the time of writing; however, they are regarded as highly sophisticated and will likely feature in future operations tied to North Korea-linked malicious activity.


Platinum tool wielded against Asian nations

The cybercriminal APT group Platinum was observed targeting Indonesia, Malaysia, and Vietnam with a new tool called Titanium. The attacks used a highly sophisticated delivery mechanism to deliver the trojan backdoor aspect of the Titanium tool. Platinum is known to be highly capable and employ significant technical skills in attacks. Given the sophistication of Titanium, these capabilities are likely to further increase. Platinum typically targets Asian nations , so additional attacks testing Titanium’s applicability will likely be observed in that region in the short- to mid-term future.


Code injection attacks hit websites using Adminer

In November 2019 cyber-security researchers identified a substantial number of code injection attacks targeting Magento and WordPress websites that use versions of Adminer, including 4.6.3 and prior versions. Threat actors sought to identify adminer.php, adminer-4.2.5.php, and adminer-4.3.0-mysql-en.php files, to allow them to connect to a threat actor-controlled remote server and use stolen credentials to inject custom code. These attacks have reportedly been ongoing for the past two years.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 07 Nov - 14 Nov 2019

And to stay up to date with the latest from Digital Shadows, subscribe below.

Related Blog Posts

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...
Dark Web Recruitment: Malware, Phishing, and Carding

Dark Web Recruitment: Malware, Phishing, and Carding

November 10, 2022 | 12 Min Read

In our first blog in this series, we covered how...
2023 Cyber Threat Predictions

2023 Cyber Threat Predictions

November 1, 2022 | 14 Min Read

As we move towards the end of 2022, now is the...