ShadowTalk Update – Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, and 2020 Predictions

ShadowTalk Update – Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, and 2020 Predictions
Digital Shadows Analyst Team
More From Digital Shadows Analyst Team

3 Min Read

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers:

  • Ring Doorbell security
  • New Orleans victim of Ryuk Ransomware
  • Predictions for 2020 in cybersecurity
  • A lightning round of holiday questions

Thanks to all of you listeners for tuning in each week in 2019! We’ve had a blast chatting each week across the globe, and we’re looking forward to another great year of ShadowTalk in 2020.

Listen below 👇👇👇

 

Updates from this week’s Intelligence Summary

  • In the spotlight this week: Despite a decline in overall exploit kit activity during 2018 and 2019, several new variants have emerged with new techniques and a geographical focus, making them likely to retain their threatening potential in a shifting cyber-threat landscape.
  • Weekly highlights include: A phishing campaign sought to capture the credentials of international government procurement companies, the “Ryuk” ransomware was likely involved in an attack against the City of New Orleans, and the “Gallium” group has been named as responsible for targeting telecommunications providers.

 

Down but not out―exploit kits cling to their threat potential

The new exploit kit “BottleEK” has been observed performing geo-location checks during its infection process, to specifically target Japan-based users. BottleEK is one of several exploit kits to emerge during 2019, despite a recent decline in exploit kit use by threat actors brought on by improved patching responses and attackers’ preference for other infection vectors. The new kits are unlikely to prompt a significant popularity revival, but the persistence of several of them, the creation of new variants, and the evolution of some techniques points to exploit kits remaining a credible threat for individuals and organizations worldwide.

 

Threat actors go after government procurement service credentials

A now-inactive phishing campaign was identified targeting international government procurement services using emails that masquerade as various government departments, email services, and third-party couriers. The messages contained documents with links to spoofed login pages seeking to capture user credentials. The domains that redirected the victims to the spoofed pages were legitimate, and were likely used to lend an air of trustworthiness.

 

Attack on City of New Orleans probably used Ryuk

A malicious executable uploaded to the open-source analysis tool VirusTotal on 14 Dec 2019 contains references to the City of New Orleans and the ransomware variant Ryuk, indicating this variant was likely involved in a recent attack on services within the United States city. Ryuk has previously been dropped by the trojans “Emotet” and “TrickBot”, but it has not been established whether either of these trojans was involved in this particular attack.

 

Telecommunications providers victimized by newly identified Gallium

Microsoft has identified the recently named threat group Gallium as the perpetrators of a cyber-threat campaign targeting telecommunications providers from 2018 to mid-2019. Gallium reportedly secured initial access by exploiting flaws in Internet-facing services, and deployed publicly available tools to move laterally within compromised networks. The techniques were relatively unsophisticated, but the scale of the campaign signifies great intent and operational capability.

 

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 12 Dec - 19 Dec 2019

And to stay up to date with the latest from Digital Shadows, subscribe below.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

connect with us

Related Posts

COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

  Threat models are an often discussed...