Digital Shadows

Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment PrioritiesAlex, Kacey, Charles, and Harrison host this week’s ShadowTalk for threat intel updates including Maze ransomware updates, a warning of an imminent threat from the Czech NCISA, priorities for third party risks assessments, and the Nulled Cracking Forum going mobile. Finally, Harrison passes the torch to Alex for hosting ShadowTalk. We’ll miss you, HVR! Grab this week’s full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Top Priorities for 3rd Party Risk Assessments: https://www.digitalshadows.com/blog-and-research/top-priorities-for-3rd-party-risk-assessments/Zoom Security and Privacy Issues: https://www.digitalshadows.com/blog-and-research/zoom-security-privacy-issues/Nulled Cracking Forum Going Mobile: https://www.digitalshadows.com/blog-and-research/nulled-modern-cybercriminal-forum-mobile/What the Wire Can Teach us About Cybersecurity

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for tuning in, and stay safe out there!***Resources This Week***Remote Working Threat Model Webinar: https://resources.digitalshadows.com/webinars/threat-model-of-a-remote-worker-recorded-webinar SFO Breach: https://threatpost.com/sfo-websites-hacked-airport-discloses-data-breach/154709/Remote Working and the Future of Cyber Security [Blog]: https://www.digitalshadows.com/blog-and-research/covid-19-remote-working-and-the-future-of-cyber-security/ More COVID19 Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

Coming to you from Dallas this week - we have Kacey, Harrison, Alex, and Charles. This week the team talks through third party app risks as they relate to COVID-19, as well as touch on security considerations for video conferencing platforms. We also talk through the latest story around the DarkHotel hackers using a VPN zero-day to compromise Chinese government agencies. Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryAnd for all of our threat intel resources around COVID-19: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources***Resources from this week***Third party app risks blog from Kacey: https://www.digitalshadows.com/blog-and-research/covid-19-risks-of-third-party-apps/Webinar: Threat Model of a Remote Worker (April 16th): https://info.digitalshadows.com/Webinar-Threat-Model-of-a-Remote-Worker.html?Source=podcastSANS webinar recording with Alex: https://www.sans.org/webcasts/archive/2020DarkHotel news: https://www.

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and Viktoria.The team chat through the latest Zoom zero-day flaws discovered, and the story around Fin7 delivering malware via USB sticks and teddy bears in the mail. Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryStay safe out there!***Resources From this Week***Digital Risk Remediation blog: https://www.digitalshadows.com/blog-and-research/the-digital-risk-underdog-remediation/Webinar ‘Operationalizing Alerts: The Problem with Sitting in Triage’: https://info.digitalshadows.com/Operationalizing-Alerts_Reg.html?Source=podcastMore COVID-19 Content: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

This week the team looks at some Coronavirus threat intel updates including a Threat Model of the Remote Worker and the top businesses and industries most likely to be targeted by cyber attacks. Then the team looks at some cybercrime stories including how the Kapusta service is using marketing tactics, and a story around FSB arresting a cybercrime group. Finally … an advanced persistent… cow?Hear this and more from Kacey, Alex, Harrison, and Rick in this week’s episode!***Resources from this week***COVID-19 (Coronavirus) Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThreat Model of a Remote Worker: https://www.digitalshadows.com/blog-and-research/threat-model-of-a-remote-worker/Phishing Research Webinar Recording: https://resources.digitalshadows.com/webinars/beware-of-phishers-research-webinarKapusta: https://www.digitalshadows.com/blog-and-research/kapusta-world-exemplifying-cybercriminal-marketing-in-the-modern-era/FSB Arrests Cybercrime Group: https://www.cybersc

We’ve got Adam and Jamie joining Viktoria remotely for this week’s ShadowTalk! The London crew chats through the Slack vulnerability story, the news around the Dutch government losing hard drives with data of 6.9 million registered donors, the Apollon Dark Web Exit Scam, and who should own brand protection within an organization. Don’t miss our special episode this week with CISO Rick Holland, Alex, and Harrison on Coronavirus Threat Intel updates and advice. Thanks for listening and stay safe out there! ***Resources from this week***Coronavirus Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesApollon Dark Web Exit Scam: https://www.digitalshadows.com/blog-and-research/apollon-dark-web-marketplace-exit-scams-and-ddos-campaigns/Online Brand Protection Guide (from Viktoria herself!): https://www.digitalshadows.com/blog-and-research/the-complete-guide-to-online-brand-protection/We’ve also got a few webinars coming up if you’re interested in our online events.

CISO and VP of Strategy, Rick Holland, joins Alex and Harrison for this special episode to discuss how cybercriminals are exploiting Coronavirus (COVID-19). With regards to Coronavirus, the team looks at:- What kinds of discussions are taking place right now on the dark web and other criminal outposts?- What should organizations be on the lookout for right now?- Advice for other CISOs and security practitioners For more information, check out our Coronavirus threat intelligence resources at https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesWe’ll continue to update this page with new content as we see further developments, so check back for more. Thanks for listening and stay safe!

Dallas is packing up the podcast… don’t fret. The team is just moving offices. RIP (rest in podcast).The team also packs a ton of news updates in this week. (Yeah, we went there). Here’s this week’s highlights:- Necurs Botnet Indictment- TA505- SMB Vulnerability: Cve 2020 0796- Coronavirus Scams, Fraud, and Misinformation- New cybercrime findings from the team on Envoy and KilosRounding up this week, we have some Pi Day history (and jokes of course!). Thanks for listening. Check out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary. ***Resources From this Week***Coronavirus Scams, Fraud, and Misinformation Findings: https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/Envoy Addressing Suicide Awareness: https://www.digitalshadows.com/blog-and-research/how-one-cybercriminal-forum-is-helping-to-address-suicide-awareness-envoy/Kilos Dark Web Search Engine: https://www.digitalshadows.com/b

Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin. Top stories this week include:- NCSC advising consumers on security precautions around smart cameras and baby monitors- Banking Trojan steals Google Authenticator app codes- Ransomware Attack on Epiq Legal Services- Tesco Clubcard fraud warning- Boots Advantage Card hit by cyber attack Get this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From This Week***NCSC smart camera and baby monitor warning: https://www.bbc.com/news/technology-517066312FA in Review: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review Dark Web Search Engine Kilos: https://www.digitalshadows.com/blog-and-research/dark-web-search-engine-kilos/

Alex, Harrison, and Rick discuss this year’s FBI IC3 (Internet Crime Complaint Center) report. In 2019, the FBI responded to over 460,000 complaints and observed estimated losses of over $3.5 billion across all instances of reported cybercrime. In comparison, there were over 350,000 complaints and $2.7 billion in losses, as reported in the previous year’s 2018 IC3 report. That’s a 33% increase in the number of reports and a 30% increase in total reported losses from 2018 to 2019.The team covers:- Business Email Compromise- Phishing- Reported Financial Losses skyrocketing for victims under 20- RansomwareCheck out our blog for more here: https://www.digitalshadows.com/blog-and-research/Check out the full FBI IC3 report here: https://pdf.ic3.gov/2019_IC3Report.pdf

Coming to you from Dallas this week - we’ve got Charles, Kacey, Harrison, and Alex.First up - 3 data breaches this week:1. Decathlon Spain (and also potentially their UK entity)2. Clevguard3. Department of Defense’s Defense Information Systems Agency (DISA)Then we look at the Dopplepaymer ransomware, who launched a site this week. Finally Harrison shares some details around his new blog mapping MITRE ATT&CK to the Equifax Indictment. To check out this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Equifax Indictment Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attck-to-the-equifax-indictment/

Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first - we get a rundown of the brand new Photon research blog this week around phishing from Harrison and Alex. This Week’s Agenda:1. New phishing ecosystem research we just dropped this week - check it out for some interesting new data findings: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/2. OurMine Hacks FC Barcelona and Olympics Twitter Handles 3. Google AdSense Email Extortion Scam4. FBI IC3 ReportCheck out this week’s Intelligence Summary (INTSUM) at https://resources.digitalshadows.com/weekly-intelligence-summaryIf you’re headed to RSA Conference, don’t miss meeting the team! Stop by Booth 4617 or our Security Leaders Party Wednesday night! ***Resources From this Week***Phishing Research: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/RSA party registration: https://info.digitalshadows.com/RSASecurityLeadersParty2020.html?source=DS-team

Roses are red, violets are blue, here’s our threat intel podcast, just for you!Kacey, Charles, Alex, and Harrison have a Valentine’s special for you all. This week the team covers:- OurMine hacks- The Equifax Indictment- SWIFT POC attackGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***ACH paper: https://resources.digitalshadows.com/whitepapers-and-reports/applying-the-analysis-of-competing-hypotheses-to-the-cyber-domain

Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are Cyber Security Engineers at The MITRE Corporation and presented this new tool at the recent SANS CTI Summit. During the discussion, they talk through:- What brought them to MITRE- TRAM - what it is, goals that the project was designed to address, and how to get involved- Highlights and key takeaways from the SANS CTI SummitHuge thanks to Sarah and Jackie for joining! ***Resources From this Episode***Slides from SANS Session: https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1579547257.pdfGithub page: github.com/mitre-attack/tram Sarah’s Twitter: https://twitter.com/sarah__yoder

January was a looooong year. Anyone else? In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for integrating these frameworks within your organization. Viktoria and Jamie also discuss:- APT34, where Iranian hackers targeted U.S. Gov vendor, Westat- Wawa Breach Developments- Coronavirus Phishing Scams- Winnti Group targeting Hong Kong universitiesCheck out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Jamie’s CTI Blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/

Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, Alex, Kacey, and Charles talk through other top stories of the week including: - Snake Malware- Competitions we’re seeing on Russian-language cybercriminal forums- Citrix Vulnerability Update - New ‘CacheOut’ Attack Targets Intel CPUsRounding off the episode, the team shares their favorite infosec twitter post of the week to spice up the episode. Have a great week! ***Resources From this Week*** - SANS CTI Summit Recap: https://www.digitalshadows.com/blog-and-research/sans-cyber-threat-intelligence-summit-2020-a-recap/- Competitions on Russian-language cybercriminal forums blog: https://www.digitalshadows.com/blog-and-research/competitions-on-russian-language-cybercriminal-forums-sharing-expertise-or-threat-actor-showboating/- Cyber Threat Intel Frameworks blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/- CVE

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix Gateway. Viktoria and Richard Gold discuss how organizations can mitigate the risk.Adam and Phil then join Viktoria to discuss other top stories of the week including 250 million Microsoft customer service and support records exposed on the web. The team also discusses a story where a list of Telnet credentials for more than 515,000 servers, home routers, and IoT devices was published on a hacking forum last week and how this story demonstrates the risk posed when threat actors are able to compromise large collections of IoT devices. ***Resources from this week***Charles’ Blog: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24-jan-2020

Kacey, Charles, Alex, and Harrison host this week’s threat intelligence update from Dallas. We kick off with vulnerabilities from the week. This includes both the NSA CVE and Citrix CVE. The team talks through what the vulnerabilities are and why they’re important. Then the team talks through ransomware updates including Cryptonite ransomware as a service, Sodinokibi operators threatening to release Travelex data, and Nemty operators threatening to release victim data. Finally Harrison gives a quick update around Iran.To access this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***Rick’s Blog on NSA Vulnerability Disclosure: https://www.digitalshadows.com/blog-and-research/nsa-vulnerability-disclosure-pros-and-cons/CVE-2019-19781: Analyzing the Exploit: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/Cryptonite Ransomware as a Service: https://www.digitalshadows.com/blog-and-research/cryptonit

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely. Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum.Check out our Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryExcited for what 2020 will bring - thanks for listening! ***Resources from this Week***Practical Advice around Iranian Cyber Threats: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/Iranian APT Groups’ Tradecraft Styles: https://www.digitalshadows.com/blog-and-research/iranian-apt-groups-tradecraft-styles-using-mitre-attck-and-the-asd-essential-8/Iran and Soleimani: Monitoring the Situation: https://www.digitalshadows.com/

Rick Holland (CISO at Digital Shadows) joins Harrison to share his thoughts on the Iranian cyber threat and what it means for cyber defenders. What should security practitioners be concerned with within the cyber sphere? Rick and Harrison discuss:- How threat du jour thinking isn’t an adequate defense model- Communicating up the chain of command effectively - Attack Techniques used by Iranian State Actors - What you can do proactively as a Security Practitioner- Why haven’t we seen any significant cyberattacks yet? We’re continuing to monitor the situation, so check back at https://www.digitalshadows.com/blog-and-research/ for more info from our team. ***Resources This Episode***Rick’s blog on the topic: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/ Rich Gold’s blog on Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/