QuoScient’s Weekly Intelligence Bulletin for the week of 18 October – 25 October 2018 is now available for download in the Media Center!
Find below a summary.
Current Threat Industry Impacted: ANY
A joint report from U.S. government agencies highlights observed Trickbot banking Trojan activity used for targeting customers of U.S. financial institutions. The malware compromises the credentials primarily through Man in the Browser attacks, and then moves laterally exploiting SMB vulnerabilities. In earlier attacks, the malware also targeted various locations throughout at least Europe.
Vulnerabilities Industry Impacted: ANY
A researcher identified an unauthenticated arbitrary file upload vulnerability existing in the Blueimp jQuery File Upload plugin affecting version 9.22.0 and earlier. Reportedly, the issue has
existed for ten years with active exploitation in the wild for an unknown amount of time.
Threat Actor Activity Industry Impacted: Financials
QuoINT observed a new Cobalt spearphishing attack imitating the European Central Bank on 23 October in order to drop a new version of the Cobint malware. Changes in the reconnaissance
malware include: improved resilience to avoid detection and bug fixes in some functionality.
Over the previous week, several countries announced regulations on crypto assets which might influence the prices for crypto assets, as research has shown a correlation. The crypto asset exchange Trade.io confirmed that 50 million TIO coins, worth EUR 9.5 million at the time, were stolen from a wallet in cold storage.
The website of Saudi Arabia’s Future Investment Initiative conference was reportedly defaced on 22 October. This comes after Saudi journalist Khashoggi was murdered in Saudi Arabia’s
consulate. The U.S. will withdraw from the Intermediate-Range Nuclear Forces Treaty (INF) as it said Russia has not ”honored the agreement.”
27 October – Chancellor Merkel, Presidents Putin, Erdogan and Macro Hold Syria Summit
30 October – DevCon 4