QuoScient’s Weekly Intelligence Bulletin for the week of 9 January – 16 January 2020 is now available! Please contact our sales team at intel@quoscient.io to subscribe today.
Find a summary below.
CYBER
Vulnerability
Industry impacted: Information Technology
Following Citrix’s advisory last month of a critical remote code execution vulnerability, QuoINT is aware of widespread scanning activity for vulnerable systems and exploitation attempts in the wild.
In the first Patch Tuesday of 2020, Microsoft addressed 49 security fixes across multiple products. Of the vulnerabilities patched this month, eight are listed as ‘critical’ Remote Code Execution (RCE) and 41 as important in severity. Also included in the patch release is a severe Windows CryptoAPI spoofing vulnerability, which has public public proof-of-concept (PoC) exploits available.
Current Threat
Industry Impacted: Financials
Researchers at SentinelOne reported about PowerTrick, a new tool allegedly linked to the TrickBot cybercrime enterprise. The malware was observed to drop different types of second stage samples, including more_eggs. QuoINT analyzed the more_eggs sample and, based on its configuration, attributed it to the FIN6 threat actor group.
Geopolitics
Industry impacted: Government
The UK, France, and Germany formally accused Iran of violating the Iranian nuclear deal and triggered the deal’s dispute mechanism, which could lead to new sanctions. Iran’s president threatened the safety of European soldiers in the Middle East.
Outlook
19 January – Peace Summit on Libya Scheduled in Berlin, Germany
20 January – Eurogroup Meeting in Brussels, Belgium
21 January – Senate Impeachment Trial of President Trump Scheduled to Begin
21 January – World Economic Forum Annual Meeting in Davos, Switzerland