ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.

Listen to this week’s episode now 👇

Threat actors attempt to attack remote NASA workers

On 06 Apr 2020 NASA released a memo stating that recent cyber attacks have targeted federal United States employees working from home. Although mitigation tools used by NASA’s Security Operations Center have prevented a successful attack, phishing attempts have doubled in number, and malware attacks on NASA systems have also increased. The memo highlights the continuous cyber threat that will remain as attackers take advantage of remote workers during the COVID-19 pandemic.  

Microsoft PowerPoint users vulnerable to hyperlink flaw  

On 08 Apr 2020 security researcher Madar Satam discovered a new vulnerability affecting Microsoft PowerPoint. The flaw could allow attackers to trigger the download of malicious files hosted on a remote server by simply having the user hover over a hyperlink in a PowerPoint file. The attack, dubbed Hover with Power, works by manipulating pointers in hyperlinks and using a HyperLink action set to “Other file”. Upon hovering over the link, a pop-up box, which can be manipulated by the attacker, appears and asks the user if they want to run a file. Although this vulnerability allows for malware to be downloaded without the need for users to click on hyperlinks, it still requires human interaction to successfully infect victims.  

Malicious applications exploit videoconferencing demand 

On 08 Apr 2020 cyber-security researchers reported a significant uptick in the number of malicious applications, containing either malware or adware, masquerading as videoconferencing apps. This included approximately 120,000 suspicious malware and adware packages in the wild masquerading as versions of Skype,  in addition to imitations of Zoom, WebEx, GoToMeeting, Flock, and Slack. Threat actors are likely increasing their development of videoconferencing applications to capitalize on the recent increase in remote working. 

 

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 17 Apr 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...