ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates
Digital Shadows Analyst Team
More From Digital Shadows Analyst Team

3 Min Read

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely.

Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum.

Listen below 👇👇👇

Iranian cyber response neither impossible nor guaranteed

Since the recent airstrikes by the United States in Iran, which resulted in the death of General Qasem Soleimani, security researchers and media outlets have been focused on the potential of any Iran-associated response. The geopolitical tension that already existed between the United States and Iran has sometimes resulted in offensive cyber activity―mostly destructive, disruptive, and/or espionage campaigns.  A cyber response from Iran is an option but in this case there is no guarantee, considering the nature and impact of the physical event. If any does occur, the Iranian threat actors’ capabilities, tool sophistication, and tactics, techniques, and procedures (TTPs), as well as impact of a successful cyber attack, would likely be similar to those previously exhibited, although the motive and attack focus may differ.

Another malicious Chrome extension aids cybercrime

A malicious Chrome browser extension has been observed stealing sensitive information, including login credentials and private keys from cryptocurrency wallets. The extension, named Shitcoin Wallet, allows users to manage cryptocurrency coins and tokens, but researchers claim that it relays private keys to a third-party website and actively injects malicious JavaScript code. An associated desktop application is also available, although it remains unconfirmed whether this is also malicious.

 

Travelex services taken offline after cyber incident

The foreign currency exchange service Travelex has suspended some of its online services after a suspected malware attack. The technical details of the attack remain unconfirmed, but the company’s United Kingdom website and some of its systems were taken offline as a precautionary measure, likely to stop the spread of malware. Customers were temporarily unable to use the service, although Travelex claims that no user data has yet been compromised.

 

Phishing emails drop newly detected DeathRansom

Security researchers have identified and tracked a new strain of ransomware named DeathRansom, being distributed via the common method of phishing email campaigns. The latest version of the ransomware uses an effective encryption scheme and can detect language used on an infected machine. Researchers tracking DeathRansom activity have linked its author to wider credential-stealing campaigns and cryptocurrency mining attacks by extracting strings from DeathRansom’s source code.

 

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 10 Jan 2020

And to stay up to date with the latest from Digital Shadows, subscribe below.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

connect with us

Related Posts

COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

  Threat models are an often discussed...