Digital Shadows

We're pleased to have a special guest, Steve Marshall, CISO and Head of Cyber Consulting at Bytes- a Software Licensing Reseller & IT Security Services.in this special episode, Steve Marshall, Viktoria Austin, and James Chappell look at the industry at a macro level - delving into stories and themes that have changed how we communicate, how we work, securely, but also what the future of remote working looks like. In the UK and across the world, remote working has become - for many - the new norm. But how prepared were organizations for this change? Likewise, on the supplier side, were the technologies - such as video communications, ISP providers - prepared for this? What does the future of working look like now? For more threat intelligence resources around COVID-19, please visit https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThanks for listening and special shout out to Steve for joining. Cheers!

The team starts this week’s episode with a retrospective look at WannaCry, discussing some core lessons learned from this ransomware attack. Viktoria, Demelza, Adam, and Jamie then dig through other top stories including:- A wordpress plugin vulnerability - WeLeakData[.]com compromised with the hackers’ messages leaked- BitBazaar Dark Web Market deception and manipulationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources this Week***BitBazaar: https://www.digitalshadows.com/blog-and-research/bitbazaar-market-deception-and-manipulation-on-the-dark-web/

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data. And finally… our thoughts on Elon Musk’s new baby’s name. Thanks for listening and stay safe out there!***Resources from This Week***Competitions on English-Language Forums: https://www.digitalshadows.com/blog-and-research/competitions-english-language-cybercriminal-forums/Hacker Bribed 'Roblox' Insider to Access User Data: https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwordsSANs Webinar: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310

We’ve got a very special episode for you this week with Hacker Valley Studio guests Ron Eddings and Chris Cochran. CISO Rick Holland and Threat Researcher Alex Guirakhoo chat with Ron and Chris about their backstories and how they got into cybersecurity, their favorite topics from Hacker Valley Studio, and the human element of cybersecurity programs. You can find Ron and Chris at hackervalley.studio or on Twitter @TheHackerValley. And be sure to check out their LinkedIn to give them a vote for the Best New Cybersecurity Podcast for the EU Cybersecurity Blogger Awards! Thanks for listening and have a great week.

Jamie, Adam, and Demelza join Viktoria for this week’s threat intelligence updates.Top stories this week include:- Vulnerability allowed hijacking of Microsoft Teams account with a GIF- APT32 seeks pandemic intel from Wuhan government, Chinese ministry- Microsoft Intelligence team report on uptick in ransomwareCheck out our intelligence summary for more details here: https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***Charitable Endeavors on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Krebs article that features our blog: https://krebsonsecurity.com/2020/04/how-cybercriminals-are-weathering-covid-19/SANS Webinar with Rick Holland: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310Microsoft Blog on Uptick in Ransomware: https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-re

Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment PrioritiesAlex, Kacey, Charles, and Harrison host this week’s ShadowTalk for threat intel updates including Maze ransomware updates, a warning of an imminent threat from the Czech NCISA, priorities for third party risks assessments, and the Nulled Cracking Forum going mobile. Finally, Harrison passes the torch to Alex for hosting ShadowTalk. We’ll miss you, HVR! Grab this week’s full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Top Priorities for 3rd Party Risk Assessments: https://www.digitalshadows.com/blog-and-research/top-priorities-for-3rd-party-risk-assessments/Zoom Security and Privacy Issues: https://www.digitalshadows.com/blog-and-research/zoom-security-privacy-issues/Nulled Cracking Forum Going Mobile: https://www.digitalshadows.com/blog-and-research/nulled-modern-cybercriminal-forum-mobile/What the Wire Can Teach us About Cybersecurity

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for tuning in, and stay safe out there!***Resources This Week***Remote Working Threat Model Webinar: https://resources.digitalshadows.com/webinars/threat-model-of-a-remote-worker-recorded-webinar SFO Breach: https://threatpost.com/sfo-websites-hacked-airport-discloses-data-breach/154709/Remote Working and the Future of Cyber Security [Blog]: https://www.digitalshadows.com/blog-and-research/covid-19-remote-working-and-the-future-of-cyber-security/ More COVID19 Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

Coming to you from Dallas this week - we have Kacey, Harrison, Alex, and Charles. This week the team talks through third party app risks as they relate to COVID-19, as well as touch on security considerations for video conferencing platforms. We also talk through the latest story around the DarkHotel hackers using a VPN zero-day to compromise Chinese government agencies. Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryAnd for all of our threat intel resources around COVID-19: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources***Resources from this week***Third party app risks blog from Kacey: https://www.digitalshadows.com/blog-and-research/covid-19-risks-of-third-party-apps/Webinar: Threat Model of a Remote Worker (April 16th): https://info.digitalshadows.com/Webinar-Threat-Model-of-a-Remote-Worker.html?Source=podcastSANS webinar recording with Alex: https://www.sans.org/webcasts/archive/2020DarkHotel news: https://www.

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and Viktoria.The team chat through the latest Zoom zero-day flaws discovered, and the story around Fin7 delivering malware via USB sticks and teddy bears in the mail. Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryStay safe out there!***Resources From this Week***Digital Risk Remediation blog: https://www.digitalshadows.com/blog-and-research/the-digital-risk-underdog-remediation/Webinar ‘Operationalizing Alerts: The Problem with Sitting in Triage’: https://info.digitalshadows.com/Operationalizing-Alerts_Reg.html?Source=podcastMore COVID-19 Content: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

This week the team looks at some Coronavirus threat intel updates including a Threat Model of the Remote Worker and the top businesses and industries most likely to be targeted by cyber attacks. Then the team looks at some cybercrime stories including how the Kapusta service is using marketing tactics, and a story around FSB arresting a cybercrime group. Finally … an advanced persistent… cow?Hear this and more from Kacey, Alex, Harrison, and Rick in this week’s episode!***Resources from this week***COVID-19 (Coronavirus) Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThreat Model of a Remote Worker: https://www.digitalshadows.com/blog-and-research/threat-model-of-a-remote-worker/Phishing Research Webinar Recording: https://resources.digitalshadows.com/webinars/beware-of-phishers-research-webinarKapusta: https://www.digitalshadows.com/blog-and-research/kapusta-world-exemplifying-cybercriminal-marketing-in-the-modern-era/FSB Arrests Cybercrime Group: https://www.cybersc

We’ve got Adam and Jamie joining Viktoria remotely for this week’s ShadowTalk! The London crew chats through the Slack vulnerability story, the news around the Dutch government losing hard drives with data of 6.9 million registered donors, the Apollon Dark Web Exit Scam, and who should own brand protection within an organization. Don’t miss our special episode this week with CISO Rick Holland, Alex, and Harrison on Coronavirus Threat Intel updates and advice. Thanks for listening and stay safe out there! ***Resources from this week***Coronavirus Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesApollon Dark Web Exit Scam: https://www.digitalshadows.com/blog-and-research/apollon-dark-web-marketplace-exit-scams-and-ddos-campaigns/Online Brand Protection Guide (from Viktoria herself!): https://www.digitalshadows.com/blog-and-research/the-complete-guide-to-online-brand-protection/We’ve also got a few webinars coming up if you’re interested in our online events.

CISO and VP of Strategy, Rick Holland, joins Alex and Harrison for this special episode to discuss how cybercriminals are exploiting Coronavirus (COVID-19). With regards to Coronavirus, the team looks at:- What kinds of discussions are taking place right now on the dark web and other criminal outposts?- What should organizations be on the lookout for right now?- Advice for other CISOs and security practitioners For more information, check out our Coronavirus threat intelligence resources at https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesWe’ll continue to update this page with new content as we see further developments, so check back for more. Thanks for listening and stay safe!

Dallas is packing up the podcast… don’t fret. The team is just moving offices. RIP (rest in podcast).The team also packs a ton of news updates in this week. (Yeah, we went there). Here’s this week’s highlights:- Necurs Botnet Indictment- TA505- SMB Vulnerability: Cve 2020 0796- Coronavirus Scams, Fraud, and Misinformation- New cybercrime findings from the team on Envoy and KilosRounding up this week, we have some Pi Day history (and jokes of course!). Thanks for listening. Check out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary. ***Resources From this Week***Coronavirus Scams, Fraud, and Misinformation Findings: https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/Envoy Addressing Suicide Awareness: https://www.digitalshadows.com/blog-and-research/how-one-cybercriminal-forum-is-helping-to-address-suicide-awareness-envoy/Kilos Dark Web Search Engine: https://www.digitalshadows.com/b

Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin. Top stories this week include:- NCSC advising consumers on security precautions around smart cameras and baby monitors- Banking Trojan steals Google Authenticator app codes- Ransomware Attack on Epiq Legal Services- Tesco Clubcard fraud warning- Boots Advantage Card hit by cyber attack Get this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From This Week***NCSC smart camera and baby monitor warning: https://www.bbc.com/news/technology-517066312FA in Review: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review Dark Web Search Engine Kilos: https://www.digitalshadows.com/blog-and-research/dark-web-search-engine-kilos/

Alex, Harrison, and Rick discuss this year’s FBI IC3 (Internet Crime Complaint Center) report. In 2019, the FBI responded to over 460,000 complaints and observed estimated losses of over $3.5 billion across all instances of reported cybercrime. In comparison, there were over 350,000 complaints and $2.7 billion in losses, as reported in the previous year’s 2018 IC3 report. That’s a 33% increase in the number of reports and a 30% increase in total reported losses from 2018 to 2019.The team covers:- Business Email Compromise- Phishing- Reported Financial Losses skyrocketing for victims under 20- RansomwareCheck out our blog for more here: https://www.digitalshadows.com/blog-and-research/Check out the full FBI IC3 report here: https://pdf.ic3.gov/2019_IC3Report.pdf

Coming to you from Dallas this week - we’ve got Charles, Kacey, Harrison, and Alex.First up - 3 data breaches this week:1. Decathlon Spain (and also potentially their UK entity)2. Clevguard3. Department of Defense’s Defense Information Systems Agency (DISA)Then we look at the Dopplepaymer ransomware, who launched a site this week. Finally Harrison shares some details around his new blog mapping MITRE ATT&CK to the Equifax Indictment. To check out this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Equifax Indictment Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attck-to-the-equifax-indictment/

Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first - we get a rundown of the brand new Photon research blog this week around phishing from Harrison and Alex. This Week’s Agenda:1. New phishing ecosystem research we just dropped this week - check it out for some interesting new data findings: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/2. OurMine Hacks FC Barcelona and Olympics Twitter Handles 3. Google AdSense Email Extortion Scam4. FBI IC3 ReportCheck out this week’s Intelligence Summary (INTSUM) at https://resources.digitalshadows.com/weekly-intelligence-summaryIf you’re headed to RSA Conference, don’t miss meeting the team! Stop by Booth 4617 or our Security Leaders Party Wednesday night! ***Resources From this Week***Phishing Research: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/RSA party registration: https://info.digitalshadows.com/RSASecurityLeadersParty2020.html?source=DS-team

Roses are red, violets are blue, here’s our threat intel podcast, just for you!Kacey, Charles, Alex, and Harrison have a Valentine’s special for you all. This week the team covers:- OurMine hacks- The Equifax Indictment- SWIFT POC attackGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***ACH paper: https://resources.digitalshadows.com/whitepapers-and-reports/applying-the-analysis-of-competing-hypotheses-to-the-cyber-domain

Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are Cyber Security Engineers at The MITRE Corporation and presented this new tool at the recent SANS CTI Summit. During the discussion, they talk through:- What brought them to MITRE- TRAM - what it is, goals that the project was designed to address, and how to get involved- Highlights and key takeaways from the SANS CTI SummitHuge thanks to Sarah and Jackie for joining! ***Resources From this Episode***Slides from SANS Session: https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1579547257.pdfGithub page: github.com/mitre-attack/tram Sarah’s Twitter: https://twitter.com/sarah__yoder

January was a looooong year. Anyone else? In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for integrating these frameworks within your organization. Viktoria and Jamie also discuss:- APT34, where Iranian hackers targeted U.S. Gov vendor, Westat- Wawa Breach Developments- Coronavirus Phishing Scams- Winnti Group targeting Hong Kong universitiesCheck out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Jamie’s CTI Blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/