ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials PublishedJanuary 27, 2020
Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix Gateway. Viktoria and Richard Gold discuss how organizations can mitigate the risk.
Adam and Phil then join Viktoria to discuss other top stories of the week including 250 million Microsoft customer service and support records exposed on the web. The team also discusses a story where a list of Telnet credentials for more than 515,000 servers, home routers, and IoT devices was published on a hacking forum last week and how this story demonstrates the risk posed when threat actors are able to compromise large collections of IoT devices.
Listen below 👇👇👇
Screen time stokes threat of mobile malware
During the past 12 months, Digital Shadows has observed a rise in “mobile malware”―the use of malware targeting mobile devices/operating systems (OS)―as well as legitimate apps used maliciously. The popularity of these techniques is growing in tandem with the increased use of mobile devices for business and personal endeavors, and the inherent risks are frequently underestimated by security teams. This naivete emboldens threat actors to capitalize on a general lack of mobile-security awareness. Mobile malware poses a threat to all devices, but there has been significantly more incidents reported targeting the Android OS over the past year.
Emotet hones in on government entities
There have been two reported operations using the “Emotet” banking trojan against government organizations. The first operation targeted United States military and government entities. Researchers stated that Emotet was used to compromise at least one United States government employee, which then led to a rapid increase in the number of Emotet messages directed at domains with a “.mil” or “.gov” TLD during December 2019. The second operation involved a phishing attack targeting more than 600 unique email addresses associated with staff of the United Nations.
Telnet credentials published online
A list of Telnet application protocol credentials for more than 515,000 servers, home routers, and Internet of Things devices was published on a hacking forum last week. The list was reportedly compiled by scanning the Internet for devices that were exposing their Telnet port. The hacker behind the operation then either tried to use factory-set default usernames and passwords, or entered custom but easy-to-guess password combinations. With the credentials list released, threat actors will likely seek access to affected devices in the short-term future (within the next three months).
JhoneRAT leaches data from devices, cloud services
A newly detected trojan, dubbed JhoneRAT, has been used to target multiple states in the Middle East. The trojan was delivered via a malicious Microsoft Office document that exploits the CVE-2017-0199 vulnerability. Once installed, the RAT attempts to gather information from the victim’s device and additional payloads from various cloud services (including Google Drive, Twitter, ImgBB, and Google Forms).
For more details, read the full Weekly Intelligence Summary here: