We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely.
Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum.
Listen below 👇👇👇
Iranian cyber response neither impossible nor guaranteed
Since the recent airstrikes by the United States in Iran, which resulted in the death of General Qasem Soleimani, security researchers and media outlets have been focused on the potential of any Iran-associated response. The geopolitical tension that already existed between the United States and Iran has sometimes resulted in offensive cyber activity―mostly destructive, disruptive, and/or espionage campaigns. A cyber response from Iran is an option but in this case there is no guarantee, considering the nature and impact of the physical event. If any does occur, the Iranian threat actors’ capabilities, tool sophistication, and tactics, techniques, and procedures (TTPs), as well as impact of a successful cyber attack, would likely be similar to those previously exhibited, although the motive and attack focus may differ.
Another malicious Chrome extension aids cybercrime
A malicious Chrome browser extension has been observed stealing sensitive information, including login credentials and private keys from cryptocurrency wallets. The extension, named Shitcoin Wallet, allows users to manage cryptocurrency coins and tokens, but researchers claim that it relays private keys to a third-party website and actively injects malicious JavaScript code. An associated desktop application is also available, although it remains unconfirmed whether this is also malicious.
Travelex services taken offline after cyber incident
The foreign currency exchange service Travelex has suspended some of its online services after a suspected malware attack. The technical details of the attack remain unconfirmed, but the company’s United Kingdom website and some of its systems were taken offline as a precautionary measure, likely to stop the spread of malware. Customers were temporarily unable to use the service, although Travelex claims that no user data has yet been compromised.
Phishing emails drop newly detected DeathRansom
Security researchers have identified and tracked a new strain of ransomware named DeathRansom, being distributed via the common method of phishing email campaigns. The latest version of the ransomware uses an effective encryption scheme and can detect language used on an infected machine. Researchers tracking DeathRansom activity have linked its author to wider credential-stealing campaigns and cryptocurrency mining attacks by extracting strings from DeathRansom’s source code.
For more details, read the full Weekly Intelligence Summary here:
And to stay up to date with the latest from Digital Shadows (now ReliaQuest), subscribe below.