ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published
Digital Shadows Analyst Team
More From Digital Shadows Analyst Team

3 Min Read

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix Gateway. Viktoria and Richard Gold discuss how organizations can mitigate the risk.

Adam and Phil then join Viktoria to discuss other top stories of the week including 250 million Microsoft customer service and support records exposed on the web. The team also discusses a story where a list of Telnet credentials for more than 515,000 servers, home routers, and IoT devices was published on a hacking forum last week and how this story demonstrates the risk posed when threat actors are able to compromise large collections of IoT devices.

Listen below 👇👇👇

 

Screen time stokes threat of mobile malware

During the past 12 months, Digital Shadows has observed a rise in “mobile malware”―the use of malware targeting mobile devices/operating systems (OS)―as well as legitimate apps used maliciously. The popularity of these techniques is growing in tandem with the increased use of mobile devices for business and personal endeavors, and the inherent risks are frequently underestimated by security teams. This naivete emboldens threat actors to capitalize on a general lack of mobile-security awareness. Mobile malware poses a threat to all devices, but there has been significantly more incidents reported targeting the Android OS over the past year.

 

Emotet hones in on government entities

There have been two reported operations using the “Emotet banking trojan against government organizations. The first operation targeted United States military and government entities. Researchers stated that Emotet was used to compromise at least one United States government employee, which then led to a rapid increase in the number of Emotet messages directed at domains with a “.mil” or “.gov” TLD during December 2019. The second operation involved a phishing attack targeting more than 600 unique email addresses associated with staff of the United Nations.

 

Telnet credentials published online

A list of Telnet application protocol credentials for more than 515,000 servers, home routers, and Internet of Things devices was published on a hacking forum last week. The list was reportedly compiled by scanning the Internet for devices that were exposing their Telnet port. The hacker behind the operation then either tried to use factory-set default usernames and passwords, or entered custom but easy-to-guess password combinations. With the credentials list released, threat actors will likely seek access to affected devices in the short-term future (within the next three months).

 

JhoneRAT leaches data from devices, cloud services

A newly detected trojan, dubbed JhoneRAT, has been used to target multiple states in the Middle East. The trojan was delivered via a malicious Microsoft Office document that exploits the CVE-2017-0199 vulnerability. Once installed, the RAT attempts to gather information from the victim’s device and additional payloads from various cloud services (including Google Drive, Twitter, ImgBB, and Google Forms).

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 24 Jan 2020

And to stay up to date with the latest from Digital Shadows, subscribe below.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

connect with us

Related Posts

COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

  Threat models are an often discussed...