In the spotlight this week: A recently discovered campaign has used the legitimate storage services of BitBucket to facilitate malware distribution and increase the perceived trust between an unknown threat actor and a targeted system. These methods likely facilitate obfuscation and increase the likelihood of maintaining persistence on a target. The campaign detonated a suite of malware variants on a single host, not only to inflict maximum damage on a victim, but also to make identifying and eradicating the different malware from a system comparatively more arduous. Apart from abusing Bitbucket, the attackers went through great lengths to avoid detection, such as providing regular updates to malware and using packers to impede analysis attempts.
Most Recent Flipbooks
Weekly Intelligence Summary 27 Mar 2020
This week an online troll took advantage of Zoom’s screen-sharing feature to subject participants of a daily public Zoom meeting to pornographic and other graphic content, disrupting an otherwise ...
Weekly Intelligence Summary 20 Mar 2020
Microsoft and partners in 35 countries have taken legal and technical steps to disrupt the highly prolific “Necurs” botnet. Analysis of the domain generation algorithm (DGA) used by Necurs led to iden
Weekly Intelligence Summary 13 Mar 2020
The financially motivated threat actor “TA505” has continued unleashing phishing-related cyber attacks in late 2019 and early 2020, regularly debuting new or updated malware to better evade detection
Weekly Intelligence Summary 06 Mar 2020
In the Spotlight this week: The “Cerberus” banking trojan was observed stealing one-time password (OTP) codes from the Google Authenticator app to gain access to user accounts.
Weekly Intelligence Summary 28 Feb 2020
After a two-year hiatus, the “OurMine” group has conducted three cyber campaigns in 2020, compromising organizations’ social media accounts to promote the group’s own security services.
Weekly Intelligence Summary 21 Feb 2020
With the Tokyo 2020 Olympic Games fast approaching, the cyber security concerns and evolving attack methods are already taking centre stage of threat intelligence discussions
Weekly Intelligence Summary 07 Feb 2020
The recent disclosure of a vulnerability in Citrix devices was quickly followed by multiple exploitations before patches were introduced, reflecting the danger of announcing a critical vulnerability w
Weekly Intelligence Summary 31 Jan 2020
The “Fractured Statue” cyber-threat campaign of 2019 has highlighted the difficulties in naming perpetrators based on overlapping tools and tactics. The campaign, carried out over four months and targ
Weekly Intelligence Summary 24 Jan 2020
During the past 12 months, Digital Shadows has observed a rise in “mobile malware”―the use of malware targeting mobile devices/operating systems (OS)―as well as legitimate apps used maliciously.
Weekly Intelligence Summary 17 Jan 2020
The cyber-extortion landscape has shown real signs of strength and advancement in the past three months...
Weekly Intelligence Summary 10 Jan 2020
In the spotlight this week: Iranian cyber response neither impossible nor guaranteed
Weekly Intelligence Summary 12 Dec - 19 Dec 2019
Despite a decline in overall exploit kit activity during 2018 and 2019, several new variants have emerged with new techniques and a geographical focus, making them likely to retain their threatening p
Weekly Intelligence Summary 05 Dec - 12 Dec 2019
“Lazarus Group” has been linked to a new trojanized Mac OS X application, demonstrating the threat group’s preference for employing OS X malware over the past two years.
Weekly Intelligence Summary 28 Nov - 05 Dec 2019
The Digital Shadows Intelligence Team discusses the risks of information exposure by Internet users, challenging contemporary thinking about standard security practices.
Weekly Intelligence Summary 21 Nov - 28 Nov 2019
In the spotlight this week is a technique that enables the bypass of security products to initiate ransomware infections.
Weekly Intelligence Summary 14 Nov - 21 Nov 2019
Digital Shadows reviewed nation-state–linked advanced persistent threat (APT) activity in 2019, and highlighted several trends. Some are likely to continue into 2020, and will be supplemented by ...
Weekly Intelligence Summary 07 Nov - 14 Nov 2019
Multiple reports of successful ransomware attacks have highlighted the risk to organizations of all sizes but, despite the media attention, other extortion tactics are being overlooked.
Weekly Intelligence Summary 31 Oct - 07 Nov 2019
A string of data breach incidents affecting perceptively smaller organizations this week has outlined the need for all companies, regardless of size, to take a proactive security stance in preference
Weekly Intelligence Summary 24 Oct - 31 Oct 2019
In the spotlight this week: A card skimming operation targeted the online retailer First Aid Beauty and evaded notice for months.
Weekly Intelligence Summary 17 Oct - 24 Oct 2019