Digital Shadows

ShadowTalk hosts Stefano, Adam, Kim, and Chris bring you the latest in threat intelligence. This week they cover:- Kim takes us back to SolarWinds, the Centreon breach, the Accellion incident, and the Microsoft Exchange supply chain attack- The team discusses attributing attacks - state sponsored threat actors leverage sophisticated tactics, allowing lower level cybercriminals to ride their coattails - Chris takes the teams through mitigating risks and proxy logon vulnerabilities- How Covid-19 and WFH has affected the threat landscape - VPN vulnerabilities - Advice for security teams - what to prioritize- Adam discusses ransomware trends in Q1 2021- The team touches on law enforcement activity and more! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/20210416-ds-weekly-intsum-updated ***Resources from this week’s podcast*** Q1 Ransomware Blog: https://www.digitalshadows.com/blog-and-research/q1-ransomware-roundup/ IABs Q1 Blog: https://www.digitalshadows.com/blog-a

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Ivan talks through the latest updates on the Facebook data breach - threat actors selling old data for cheap and what was potentially exposed- Charles discusses Fortinet vulnerabilities - what are the technical details and how do defenders protect their data?- The team dives deeper into the ransomware cartel - Clop updates - what’s the latest and who are they targeting?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-april ***Resources from this week’s podcast***Facebook Breach: https://www.theguardian.com/technology/2021/apr/06/facebook-breach-data-leak Fortinet Vulnerabilities: https://www.ic3.gov/Media/News/2021/210402.pdfhttps://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ Ransomware Cartel: https://analyst1.com/file-assets/RANSOM-MA

ShadowTalk hosts Stefano, Dylan, Kim, and Chris bring you the latest in threat intelligence. This week they cover:- Kim and her recent ransomware round-up - insurance company CNA suffers attack, Clop holds victims for ransom, and more- Chris takes the team through the PHP Git Server backdoor - Dylan and the group talk pandemic, remote-working, and cyber hygiene Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-april ***Resources from this week’s podcast***Tax Fraud 2021 Blog: https://www.digitalshadows.com/blog-and-research/tax-and-unemployment-fraud-in-2021/ Microsoft Exchange Hafnium Blog: https://www.digitalshadows.com/blog-and-research/microsoft-exchange-server-exploit-what-happened-next/ Cyber Threat Intelligence: Solutions Guide and Best Practices: https://resources.digitalshadows.com/digitalshadows/cyber-threat-intelligence-solutions-guide Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest Dr. Chase Cunningham, author, Retired Navy Chief Cryptologist, and Chief Strategy Officer at Ericom Software. They discuss: -Dr. Chase's origin story -How to use Zero Trust to take back initiative from the adversary -How the VPN is the Palm Pilot of your network infrastructure -Why there is no Zero Trust easy button -Chase's romance novel on cyber warfare -Threat modeling vacations***Resources from this week’s podcast***Find Dr. Chase Cunningham on LinkedIn: https://www.linkedin.com/in/dr-chase-cunningham-54b26243/ Find Dr. Chase Cunningham on Twitter: https://twitter.com/CynjaChaseCCyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare: https://www.amazon.com/gp/product/B084ZN2HBD/ref=dbs_a_def_rwt_bibl_vppi_i0Ericom Software: https://www.ericom.com/r/dr-zero-trust/ZT Edge: https://www.zerotrustedge.com/

ShadowTalk hosts Alec, Austin, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:-The team discusses the latest on Exchange Servers vulnerabilities - should guards still be up? -Austin takes us through the timeline of ransomware taking advantage of vulnerabilities regarding Microsoft -Austin talks $50 million ransom against Acer - biggest known ransom request in modern history. What does this mean for the threat landscape going forward? -A phishing campaign has stolen 400,000 OWA/O365 creds - how to make yourself the hardest target possibleGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-26-march ***Resources from this week’s podcast***Microsoft Vulnerabilities: https://www.bleepingcomputer.com/news/security/microsoft-92-percent-of-exchange-servers-safe-from-proxylogon-attacks/ Acer Ransom: https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest John Kindervag, creator of Zero Trust and Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow at ON2IT Cybersecurity. They discuss: -John’s origin story and influences - what led to the creation of Zero Trust?- Zero Trust - origin, design principles, and terminology - What are your protect surfaces? - using Zero Trust- John’s new position at ON2IT***Resources from this week’s podcast***Find John Kindervag on LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1/ Find John Kindervag on Twitter: https://twitter.com/Kindervag Understanding Zero Trust Terminology: https://www.paloaltonetworks.com/resources/zero-trust Antifragile: Things That Gain from Disorder: https://www.amazon.com/Antifragile-Things-That-Disorder-Incerto/dp/0812979680

ShadowTalk hosts Stefano, Adam, Kim, and first-timer Chris bring you the latest in threat intelligence. This week they cover:-Kim takes us through the return of FIN8 - what are the updates to the “BadHatch” backdoor-Chris discusses DarkSides recent resurgence after a quiet period - what’s the latest?-Microsoft Exchange exploit update - the team discuss -How are threat actors and cybercriminals using ProxyLogon vulnerabilities?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-march ***Resources from this week’s podcast***FIN8: https://labs.bitdefender.com/2021/03/fin8-group-is-back-in-business-with-improved-badhatch-kit/ DarkSide: https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/ ProxyLogon: https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ https://www.vice.com/en/article/n7vpaz/researcher-publishes-code-to-exploit-microsoft-exchange-vulnerabilities-on-github AC Features: https

ShadowTalk hosts Alec, Ivan, Charles, and Austin bring you the latest in threat intelligence. This week they cover:- The team discuss HAFNIUM and Microsoft Servers Exchange- Updates on the Accellion incident - what’s the latest regarding Flagstar?- The Verkada compromise - who were the victims affected by the breach of private video footage?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-12-march ***Resources from this week’s podcast***Hafnium: https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/Microsoft Exchange Compromise: https://www.ic3.gov/Media/News/2021/210310.pdfFlagstar: https://www.cyberscoop.com/flagstar-bank-accellion-breach-clop/Verkada: https://www.washingtonpost.com/technology/2021/03/10/verkada-hack-surveillance-risk/ Mapping MITRE ATT&CK To The DPRK Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-dprk-financial-crime-indictment/ Year In Review: COVID-19 C

ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence. This week they cover:- The Australian Criminal Intelligence Commission (ACIC) issues three new warrants for dealing with cybercrime - how does this new legislation increase law enforcement powers?- VMware has revealed a critical-rated bug - what should security teams know?- Adam covers ICEDID Infection and ransomware - The team discuss the DPRK IndictmentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-march ***Resources from this week’s podcast***New Australian Legislature: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623https://www.zdnet.com/article/australias-new-hacking-powers-considered-too-wide-ranging-and-coercive-by-oaic/ Vulnerability Round-Up: https://www.vmware.com/security/advisories/VMSA-2021-0002.html https://www.bleepingcomputer.com/news/security/working-windows-and-linux-

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- The team talks Initial Access Brokers (IAB) - what role do these middle- men play in the ransomware game?- How can your company mitigate risks against IABs?- The latest on the Accellion incident - Third party attacks - where does the blame fall?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-26-february ***Resources from this week’s podcast***Accellion: https://www.zdnet.com/article/fireeye-links-0-day-attacks-on-fta-servers-extortion-campaign-to-fin11-group/https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.htmlIAB Report: https://resources.digitalshadows.com/whitepapers-and-reports/initial-access-brokers-report Monitoring IABs in SearchLight: https://www.digitalshadows.com/blog-and-research/how-to-monitor-initial-access-broker-listings/ 5 Ways To

ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence. This week they cover:- Adam takes us through the latest on Egregor and related arrests - is the threat group down but not out?- Dylan talks SIM-swapping - who was targeted?- Kim brings us the most recent news on the Centreon breach- Plus, the team reviews the Oldsmar water treatment facility attackGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-february ***Resources from this week’s podcast***Egregor operators arrested: https://www.zdnet.com/article/egregor-ransomware-operators-arrested-in-ukraine/SIM Swapping: https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities https://www.youtube.com/watch?v=fHhNWAKw0bY Centreon breach: https://www.zdnet.com/article/france-russian-state-hackers-targeted-centreon-servers-in-years-long-campaign/ Oldsmar updates: https://www.mass.gov/service-det

ShadowTalk hosts Alec, Ivan, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Cyberpunk and Witcher fans beware - threat actors target the CD Projekt Red source code- Ziggy ransomware calls it quits - is law enforcement activity driving this impact?- Oldsmar, FL water treatment facility gets hacked - could other critical infrastructure be at risk?- Researcher impacts dozens of tech firms through a supply chain attack, winning a $130,000 ‘bug bounty’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-12-february ***Resources from this week’s podcast***Cyberpunk hack: https://www.theverge.com/2021/2/10/22276664/cyberpunk-witcher-hackers-auction-source-code-ransomware-attack Ziggy: https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/ Oldsmar: https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html Security

ShadowTalk hosts Stefano, Adam, and Kim bring you the latest in threat intelligence. This week they cover:- More threat actors and attack vectors are being investigated in the SolarWinds compromise- Law enforcement officials in the Netherlands are delivering an Emotet update that will remove it from infected devices- Kim talks Lebanese Cedar - What’s new in their latest attack?- Adam reviews Nefilim ransomware - how were they able to gain access and why it reinforces the need for securing employee accounts - Plus, don’t miss the malware name of the week! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-february ***Resources from this week’s podcast***SolarWinds Update: https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601 Lebanese Cedar: https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf Nefilim Ghost Credentials: https://news.sophos.com/en-us

ShadowTalk hosts Alec, Charles, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Mimecast confirms SolarWinds attackers breached security certificate the latest updates- The rise and fall of Emotet plus unique video footage of the takedown- NetWalker ransomware targeted and taken down by US and Bulgarian Law Enforcement - Avaddon adopts a new tactic - could it become the MO of other threat groups?- North Korean threat actors go phishing for security researchers with fake social media profilesGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-29-january ***Resources from this week’s podcast***Mimecast SolarWinds Update: https://www.mimecast.com/blog/important-security-update/ 23 Sunburst Targets Identified: https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified Emotet: https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-bo

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover:- Adam and the team discuss more SolarWinds updates - what’s the latest?- Kim talks CISA security advisory - trends in recent attacks and cyber hygiene- Dylan dives into new ransomware attack on IObit - how threat actors spread the malware to its membersGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-22-january ***Resources from this week’s podcast***Cryptocurrency: https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/https://twitter.com/BleepinComputer/status/1351261442536861697 Lokibot: https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html 3 Takeaways from Forrester: https://www.digitalshadows.com/blog-and-research/top-3-takeaways-from-forrester-ti-nowtech-2020/ AzureAD: https://www.digitalshadows.com/blog-and-research/azure-ad-auto-validate

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover:- Significant updates to the SolarWinds incident- Overlaps of the "Sunburst" backdoor and malware known to be used by the believed Russia-affiliated APT "Turla"- Possible SolarWinds scam - SolarLeaks claiming to sell data stolen in SolarWinds attacks- The newly identified Sunspot malware- Mimecast reporting of a compromised certificate possibly related to SolarWinds - the team dives deeper- DarkSide ransomware decryptor keys being released and how DarkSide respondedGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-15-january ***Resources from this week’s podcast***Sunburst: https://securelist.com/sunburst-backdoor-kazuar/99981/SolarLeaks: https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/SolarWinds updates: https://orangematter.solarwinds

ShadowTalk hosts Stefano, Kim, Adam, and Dylan bring you the latest in threat intelligence. This week they cover:- Post-holiday updates on SolarWinds - what have we missed? - Ticketmaster gets fined $10 million for illegally accessing the internal systems of a competitor, using the credentials of a former employee- Apex Laboratory announced that it was the victim of a cyber attack - what we know so far- 2020 in review: What will the new year bring in the world of cyber security?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-08-january ***Resources from this week’s podcast***SolarWinds:https://www.solarwinds.com/securityadvisorySolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/ SolarWinds Update Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-update/ TicketMaster Fraud: https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-millio

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover all things SolarWinds:- An overview of the campaign and event timelines- SolarWinds' SEC filing and its implications- Early indicators of compromise, including public FTP creds and an access listing- What we can expect from this attack as time goes onGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-december ***Resources from this week’s podcast***Microsoft: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/SolarWinds:https://www.solarwinds.com/securityadvisoryFireEye: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.htmlDomainTools: https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack?utm_source=Social&u

ShadowTalk hosts Stefano, Kim, and Adam bring you the latest in threat intelligence. This week they cover:- FireEye, a top security firm, suffers a breach caused by a state-sponsored attacker- Phishing campaigns target the distribution of the Covid-19 vaccine- Ransomware gangs resort to cold-calling victims in order to cash in - Plus, the very festive ‘Malware name of the week’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-december ***Resources from this week’s podcast***FireEye breach: https://arstechnica.com/information-technology/2020/12/security-firm-fireeye-says-nation-state-hackers-stole-potent-attack-tools/ FireEye breach: https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html Phishing targeting the vaccine: https://portal-digitalshadows.com/search/intelligenceincident/66425527 Phishing targeting the vaccine: https://securityintelligence.com

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Brian Wrozek of Optiv. They cover: - Brian’s origin in cybersecurity - Looking forward to 2021 - what should we be focusing on and what do we need to be prepared for?- Threat modeling and tabletop exercises - how do we prepare for the worst?- Brian and the team talk degrees - how big of a role do they play when recruiting? ***Resources from this week’s podcast***Find Brian Wrozek on LinkedIn: https://www.linkedin.com/in/brianwrozek Find Brian Wrozek on Twitter: https://twitter.com/bdwtexas?lang=en University of Dallas link: https://udallas.edu/cob/about/adjunct-faculty/wrozek-brian.phpOptiv: https://www.optiv.com/