Digital Shadows

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers:- Ring Doorbell security- New Orleans victim of Ryuk Ransomware- Predictions for 2020 in cybersecurity- A lightning round of holiday questionsThanks to all of you listeners for tuning in each week in 2019. We’ve had a great time chatting each week across the globe, and we’re looking forward to another great year of ShadowTalk in 2020!Cheers!P.S. Check out our holiday photo on Twitter @digitalshadows! ***Resources From the Week***2020 Cybersecurity Forecasts blog from Alex: https://www.digitalshadows.com/blog-and-research/2020-cybersecurity-forecasts-5-trends-and-predictions-for-the-new-year/Download our intelligence summaries at https://resources.digitalshadows.com/weekly-intelligence-summary

Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have hit the news, plus a GDPR story where an ISP was hit with a €9.6 Million Fine.We’ve got a new format for our weekly intelligence summary report. Check it out at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for listening and look out for our special (holiday-themed) final ShadowTalk episode of the year next week! ***More Resources This Week***TMI blog on data leakage: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/ Over One Billion Email-Password Combos Leaked Online: -https://www.infosecurity-magazine.com/news/one-billion-email-password-combos/ Data Leak Exposes 750K Birth Certificate Applications https://www.infosecurity-magazine.com/news/data-leak-exposes-750k-birth-cert/ Microsoft: 44 Million User Passwords Have Been Breached https://www.infosecurity-magazine.com/news/microsoft-44-million-pass

Viktoria invites Stewart Bertram to kick-off this week’s episode around new cybercrime research we put out on the Modern Cybercriminal Forum and how the rise of alternative technologies hasn’t spelled the end of forums, which seem to be prospering against all odds.You can check out the research findings here: https://www.digitalshadows.com/blog-and-research/forums-are-forever-part-1-cybercrime-never-dies/Next Adam Cook joins to discuss the weekly highlights including the Mixcloud Breach and an international crackdown on RAT spyware. Finally, our Intelligence team gives a wider analytical piece on the topic of social media exposure and security standards in this week’s intelligence summary report (INTSUM), so make sure to check out that piece in this week’s report. Weekly Intelligence Summary (INTSUM): https://resources.digitalshadows.com/weekly-intelligence-summary***More Resources From this Week***Modern Cybercriminal Forum Research Report: https://resources.digitalshadows.com/whitepapers-and-reports/the-mod

Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around Phineas Fisher, where the hacker offered up to $100k in what they called the “Hacktivist Bug Hunting Program”. The team also chats through a recent ransomware attack on Veterinary hospitals in the U.S., and some other ransomware updates. Then Viktoria and Adam touch upon some research from our own threat intelligence team (Photon Research), specifically around the dark web, including research into Black Friday deals on the dark web, and a look at DarkMarket. To see more threat intelligence updates from the week, make sure to check out this week’s intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary.Heads-up! We’re taking a break next week with the U.S. Holiday, so we’ll be back in 2 weeks. Have a great Thanksgiving! ***Resources From this Week***Phineas Fisher Manifesto - https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dolla

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT workshop at BSidesDFW and how you can access the training materials, plus Harrison reviews his latest research into dynamic CVVs within the security realm. Finally the team looks at the recent news around the Facebook camera bug and how the public is reacting. Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryHave a great week, everyone, and check out our resources below for more details. ***Resources from this week****BSidesDFW 2019 Recap: https://www.digitalshadows.com/blog-and-research/bsidesdfw-2019-osint-workshop-recap/* BSidesDFW OSINT GitHub: https://github.com/digitalshadows/virtualwhale-osint-ctf * Orca: https://github.com/digitalshadows/orca Dynamic CVV Blog* https://www.digitalshadows.com/blog-and-research/dynamic-cvvs-2fa-2furiousFacebook Camera Bug* https://www.scmagazine.com/home/security-news/vulnerabilities/system-bug-g

This week the London team looks at the following stories:- BlueKeep Exploit Could Rapidly Spread- Megacortex Ransomware Changes Windows Passwords- Japanese Media Company Nikkei - $29 million lost to BEC scam- Web.com Breach- 21 million employee accounts for Fortune 500 companies offered on the dark web Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***https://www.bleepingcomputer.com/news/security/new-megacortex-ransomware-changes-windows-passwords-threatens-to-publish-data/https://www.cyberscoop.com/nikkei-email-scam-bec-29-million/https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of about 7.5 million Adobe Creative Cloud users. The team then looks at the news story around the City of Johannesburg experiencing a ransomware attack as well as APT28 (aka Fancy Bear) targeting anti-doping authorities and sporting organizations. ***Resources from this week’s episode***- BriansClub Blog from Viktoria: https://www.digitalshadows.com/blog-and-research/cybercriminal-credit-card-stores-is-brian-out-of-the-club/ - Understanding Different Cybercriminal Platforms: https://www.digitalshadows.com/blog-and-research/understanding-the-different-cybercriminal-platforms-avcs-marketplaces-and-forums/- Too Much Information - The Sequel: https://resources.digitalshadows.com/whitepapers-and-reports/too-much-information-the-sequel- Adam’s World Cup Blog: https://www.digitalshadows.com/blog-and-research/threats-to-the-2018-football-world-cup/ News Stories:http

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team first looks at Avast, which encountered a cyber espionage attempt. Then NordVPN announced that a hacker had breached servers used by NordVPN. And finally Dr. Richard Gold put out a new blog this week on dispelling the myths around using public wifi, so the team helps summarize some of the key points. Check out the full blog at https://www.digitalshadows.com/blog-and-research/wifi-security-dispelling-myths-of-using-public-networks/To check out our weekly intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-oct-24-oct-2019More Resources from this week’s episode:- Avast breach attempt: https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss- NordVPN breach & PR nightmare: https://nakedsecurity.sophos.com/2019/10/23/hacker-breached-servers-used-by-nordvpn/- Krebs: https://krebsonsecurity.com/2019/10/avast-

Adam Cook, Philip Doherty, and Xueyin Peh join Viktoria Austin for a special ShadowTalk episode around the Singapore Cyber Threat Landscape. The team looks at the heightened threat level for Singapore, why it’s being targeted, and the types of organizations being impacted. Read the full analysis in our blog post here: https://www.digitalshadows.com/blog-and-research/singapore-cyber-threat-landscape-report-h1-2019/

Fall is upon us! Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). We’re now all professional chefs. Then the team dives into this week’s hot topics:- Typosquatting and the 2020 Elections: https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/- Honeypots: https://www.digitalshadows.com/blog-and-research/honeypots-tracking-attacks-against-misconfigured-or-exposed-services/- The Sudo Vulnerability: https://threatpost.com/sudo-bug-root-access-linux/149169/- Security Bsides Workshop Talk: http://www.securitybsides.com/w/page/134870340/DFW_2019- Orca: https://github.com/digitalshadows/orcahttps://twitter.com/maxdose_/status/1184429401338982401?s=12 Finally with the Chopped event on our minds, we round off the episode with our favorite dishes we want to learn to cook. Thanks for listening and don’t forget to rate us on iTunes and let us know how we’re doing.

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories:- APT35 Targets Email of US political figures & prominent Iranians - Skimming activity by Magecart 4 reveals potential link to Cobalt Group- Chinese threat group Rancour casts phishing line to South-East Asian government- Emotet Resurgence Resources From This Week: Account Takeover Kill Chain 5 Step Analysis: https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summaryMake sure to subscribe to us wherever you listen to your podcasts for the latest episodes. Thanks for listening!- ShadowTalk team

Director of Security Engineering, Richard Gold, joins Viktoria Austin in this special episode of ShadowTalk to look at the attacker goals, their TTPs, and map this to the Mitre PRE-ATT&CK and ATT&CK framework.Some Background…Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the largest computer hacking crimes. The hacking resulted in the theft of information belonging to 100 million customers of the victim companies (including the theft of personal data from 83 million customer accounts at JPMorgan Chase), and securities fraud, in the form of stock market manipulation. While the crimes committed date back to 2015, this week, one of the hackers involved, identified as Andrei Tyurin, pleaded guilty to the following charges:  computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions,

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the top story of the week - Magecart Five Widens Attack Vectors.Recent Magecart Five activity has included loading malicious Javascript files onto commercial-grade Layer 7 routers, injecting malicious code into a free, open-source app module, distributing phishing emails via an unspecified spamming service containing the KPOT trojan, embedding compromised websites with redirect code that results in the download of the RIG or Fallout exploit toolkits onto a target machine, and creating a phishing website imitating “G-Cleaner”, a w Windows garbage cleanup tool. The team also discussed the other top stories of the week including:- Suspected Chinese Threat Actor Targets Airbus Suppliers- Tortoiseshell Lures American military-veteran job seekers- Zendesk discloses 2016 data breachCheck out the full threat intelligence summar

Viktoria hosts this week’s episode in London with Phillip Doherty and Adam Cook. After a quick debate around the top trending sports at the moment, the team digs into the first story of the week: Tortoiseshell Group (a newly identified threat group) has reportedly conducted some supply chain attack campaigns against 11 IT providers in Saudi Arabia. Next they look at two new malware variants that have emerged, attributed to North Korean-associated Lazarus Group. Emotet botnet has been hot in the news lately, so the team also talks about its emergence.  Finally the team rounds up the week with the Tyurin indictment, where Andrei Tyurin pleaded guilty to one of the largest computer hacking crimes involving US financial institutions, financial services, and news publishers. Our own Richard Gold published a blog mapping the indictment to the MITRE ATT&CK framework - definitely worth a read below. To learn more, check out our weekly intelligence summary report at https://resources.digitalshadows.com/weekly-inte

It’s Harrison and Alex this week for your threat intelligence updates. The guys first dig into the NCSC’s recent threat trends report, the first of these that the NCSC has put out. It’s UK-specific, so just like we’ve shared thoughts around the FBI IC3 annual report in the past, which is heavily geared toward the US, it’s good to look across the pond as well. The team digs into 3 main areas: - Office365- Ransomware trends including updates on Emotet, Ryuk, LockerGoga, Bitpaymer, Nemty, and GandCrab- Supply Chain AttacksThe team also digs into some recent research around B.Wanted. A few weeks ago, there was a story that Brian Krebs reported on: essentially a user on a dark web forum was offering to sell access to a federal contractor who managed 20+ different federal agencies. Specifically we were looking into the threat actor responsible for selling the access, who goes by the name B.Wanted. The guys dig into some different theories.Finally we round out the episode with some top shows on Netflix to add to you

In this episode, Viktoria interviews Eliza May Austin (CEO & Co-Founder of th4ts3cur1ty.company), and our own Richard Gold and James Chappell on Purple Teaming, a security assessment that combines both blue teaming and red teaming. The team discusses:- How do we make the blue and red teams collaborate better?- Is purple teaming a cost-effective measure when it comes to a less mature organization?- Why Purple Teaming needs to be at the forefront- What systems would you start testing with the purple team approach? - And more! We end the discussion with a quick overview of Eliza’s other passion: Ladies of London Hacking Society.To learn more, check out this episode’s resources:- https://th4ts3cur1ty.company/- Ladies Hacking Society: https://llhs.com/- Purple Team like you’re preparing for war: https://medium.com/@always0ddba1l/purple-team-like-your-preparing-for-war-ea17cd4d4a91- Purple Teaming with Vector, Cobalt Strike, and MITRE ATT&CK: https://www.digitalshadows.com/blog-and-research/purple-teaming-w

Viktoria Austin is joined by Adam Cook and Phil Dohetry this week in the London office to talk about the top story this week: Metasploit Project publishes exploit for Bluekeep bug. Our Photon Research Team tested the Metasploit exploit in their lab environment and has successfully exploited an unpatched Windows 7 machine. “The exploit not only gives the attacker remote access to a target system, but also gives the attacker the highest level of privilege on the target.” - Dr. Richard GoldThe team then shares updates around APT3 and the Silence cybercrime group.To learn more, check out the full weekly intelligence report at https://resources.digitalshadows.com/weekly-intelligence-summary. Interested in more threat intelligence updates? Sign up to receive our weekly updates at https://info.digitalshadows.com/EmailSubscription-Podcast_Reg.html.

Alex, Alec, and Harrison are in the room today discussing 3 top stories from the week. First up - a hacker deploys Ryuk ransomware against the city of New Bedford, Massachusetts, demanding $5.3 million. What was interesting, though, was that the city tried to negotiate with the attackers for a lower ransom of $400k, but the attackers didn’t want it and ended up cutting off communications. Next the guys chat through the suspension of Twitter’s SMS-based tweet function after the news of Twitter CEO Jack Dorsey’s Twitter account was “hacked”. An interesting attack surface incident for phone numbers. Finally the team discusses an exposure incident where 419 million Facebook records were exposed. So “Come on down” and listen to this week’s ShadowTalk. (The guys thought it would be fun to play The Price is Right at the end … do we like it? Let us know what fun questions you want answered each week).Get the weekly intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryResources from

Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the Imperva breach, where its Incapsula Web Application Firewall product was inadvertently exposing some data, including email addresses, hashed and salted passwords, API keys and SSL certificates. Google’s Project Zero also discovered a series of 0-day exploits being actively used in the wild targeting iPhones. The team discuses how this will factor into risk models moving forward. We close out with everyone’s top (and weirdest) choices at the Texas State Fair. Yummmmm. Enjoy :) Resources From this Week’s Episode:More Sodinokibi

Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases.The group discusses:- Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated, well-resourced adversaries are targeting your environment- Where digital risk protection comes into play including asset exposure, site impersonation, phishing campaigns, and brand misuse online- Managing 2FA company-wide- And more! Resources from this Episode: 2FA research: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review