ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
June 22, 2020 | 2 Min Read

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week.

This week they cover:

  • Honda cyber attack
  • LookBack, FlowCloud similarities point to a single perpetrator of utility attacks
  • Delivery of malware through cloud storage

Listen to this week’s episode now 👇

ShadowTalk Threat Intelligence Podcast · WEEKLY: Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

Gamaredon expands Outlook by claiming victims from contacts list

The likely Russia-associated “Gamaredon” threat group has been observed conducting new attack campaigns that use Visual Basic Application (VBA) macros to spread malware to a victims’ contacts found in Microsoft Outlook. Researchers believe this is the first documented case of such macros being used to spread malware, which has likely indirectly affected individuals who are listed as a target’s contacts. Gamaredon has been active since emerging in 2013 and has a variety of tools at its disposal.

WhatsApp details exposed on indexed Google pages

A security researcher has discovered and disclosed a privacy issue in the web portal of the popular messaging platform WhatsApp. Using advanced search techniques (Google dorking), the researcher identified users’ phone numbers in plaintext hosted on indexed Google pages. Google dork search queries could be used to identify the phone numbers, as well as the profile images, of WhatsApp account users. Approximately 400,000 numbers have since been removed from the indexed pages.

Threat actors exploit SMBGhost vulnerability

The United States Cybersecurity and Infrastructure Agency (CISA) has warned of attacks targeting unpatched systems that are vulnerable to CVE-2020-0796, a flaw in Server Message Block 3.0 (SMBv3) referred to as SMBGhost. This came after the public release of a new proof of concept (PoC) achieving remote code execution (RCE). Threat actors are likely to use the techniques detailed in the PoC to launch RCE attacks against unpatched systems. A patch for CVE-2020-0796 was released in March 2020.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 19 June 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

For those of you who have not yet seen, Gartner...