Weekly Intelligence Bulletin – Week 3

14. January 20

QuoScient’s Weekly Intelligence Bulletin for the week of 9 January – 16 January 2020 is now available! Please contact our sales team at intel@quoscient.io to subscribe today.

Find a summary below.

 

CYBER

Vulnerability

Industry impacted: Information Technology

Following Citrix’s advisory last month of a critical remote code execution vulnerability, QuoINT is aware of widespread scanning activity for vulnerable systems and exploitation attempts in the wild.

In the first Patch Tuesday of 2020, Microsoft addressed 49 security fixes across multiple products. Of the vulnerabilities patched this month, eight are listed as ‘critical’ Remote Code Execution (RCE) and 41 as important in severity. Also included in the patch release is a severe Windows CryptoAPI spoofing vulnerability, which has public public proof-of-concept (PoC) exploits available.

Current Threat

Industry Impacted: Financials

Researchers at SentinelOne reported about PowerTrick, a new tool allegedly linked to the TrickBot cybercrime enterprise. The malware was observed to drop different types of second stage samples, including more_eggs. QuoINT analyzed the more_eggs sample and, based on its configuration, attributed it to the FIN6 threat actor group.

Geopolitics

Industry impacted: Government

The UK, France, and Germany formally accused Iran of violating the Iranian nuclear deal and triggered the deal’s dispute mechanism, which could lead to new sanctions. Iran’s president threatened the safety of European soldiers in the Middle East.

Outlook

19 January – Peace Summit on Libya Scheduled in Berlin, Germany
20 January – Eurogroup Meeting in Brussels, Belgium
21 January – Senate Impeachment Trial of President Trump Scheduled to Begin
21 January – World Economic Forum Annual Meeting in Davos, Switzerland