This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.

Listen to this week’s episode now 👇

Threat actors attempt to attack remote NASA workers

On 06 Apr 2020 NASA released a memo stating that recent cyber attacks have targeted federal United States employees working from home. Although mitigation tools used by NASA’s Security Operations Center have prevented a successful attack, phishing attempts have doubled in number, and malware attacks on NASA systems have also increasedThe memo highlights the continuous cyber threat that will remain as attackers take advantage of remote workers during the COVID-19 pandemic.  

Microsoft PowerPoint users vulnerable to hyperlink flaw  

On 08 Apr 2020 security researcher Madar Satam discovered a new vulnerability affecting Microsoft PowerPoint. The flaw could allow attackers to trigger the download of malicious files hosted on a remote server by simply having the user hover over a hyperlink in a PowerPoint file. The attack, dubbed Hover with Power, works by manipulating pointers in hyperlinks and using a HyperLink action set to “Other file”. Upon hovering over the link, a pop-up box, which can be manipulated by the attacker, appears and asks the user if they want to run a file. Although this vulnerability allows for malware to be downloaded without the need for users to click on hyperlinks, it still requires human interaction to successfully infect victims.  

Malicious applications exploit videoconferencing demand 

On 08 Apr 2020 cyber-security researchers reported a significant uptick in the number of malicious applications, containing either malware or adware, masquerading as videoconferencing apps. This included approximately 120,000 suspicious malware and adware packages in the wild masquerading as versions of Skype,  in addition to imitations of Zoom, WebEx, GoToMeeting, Flock, and Slack. Threat actors are likely increasing their development of videoconferencing applications to capitalize on the recent increase in remote working. 


For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 17 Apr 2020