ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.

Listen to this week’s episode now 👇

Threat actors attempt to attack remote NASA workers

On 06 Apr 2020 NASA released a memo stating that recent cyber attacks have targeted federal United States employees working from home. Although mitigation tools used by NASA’s Security Operations Center have prevented a successful attack, phishing attempts have doubled in number, and malware attacks on NASA systems have also increased. The memo highlights the continuous cyber threat that will remain as attackers take advantage of remote workers during the COVID-19 pandemic.  

Microsoft PowerPoint users vulnerable to hyperlink flaw  

On 08 Apr 2020 security researcher Madar Satam discovered a new vulnerability affecting Microsoft PowerPoint. The flaw could allow attackers to trigger the download of malicious files hosted on a remote server by simply having the user hover over a hyperlink in a PowerPoint file. The attack, dubbed Hover with Power, works by manipulating pointers in hyperlinks and using a HyperLink action set to “Other file”. Upon hovering over the link, a pop-up box, which can be manipulated by the attacker, appears and asks the user if they want to run a file. Although this vulnerability allows for malware to be downloaded without the need for users to click on hyperlinks, it still requires human interaction to successfully infect victims.  

Malicious applications exploit videoconferencing demand 

On 08 Apr 2020 cyber-security researchers reported a significant uptick in the number of malicious applications, containing either malware or adware, masquerading as videoconferencing apps. This included approximately 120,000 suspicious malware and adware packages in the wild masquerading as versions of Skype,  in addition to imitations of Zoom, WebEx, GoToMeeting, Flock, and Slack. Threat actors are likely increasing their development of videoconferencing applications to capitalize on the recent increase in remote working. 

 

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 17 Apr 2020

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...