Weekly Intelligence Bulletin – Week 49

10. December 18

QuoScient’s Weekly Intelligence Bulletin for the week of 29 November – 06 December 2018 is now available for download in the Media Center!

Find below a summary.


Current Threat Industry Impacted: Health Care

On 29 November, researchers identified a previously unknown remote code execution vulnerability in Adobe Flash Player for Windows used in an attack they attributed to an APT. On 5 December,
Adobe released a patch for the vulnerability and a POC was made publicly available. Then on 6 December, QuoINT identified a new Cobalt campaign exploiting the vulnerability in a new spear
phishing attack.

Threat Actor Activity Industry Impacted: Energy, Financials

On 4 December, we detected a new Cobalt attack wave impersonating Wells Fargo. The email contains a malicious link that, if clicked, drives the user in downloading a malicious document ultimately leading the user into downloading the Cobint malware.
Researchers observed a new PowerShell-based backdoor used in spear phishing attacks targeting organizations in the financial and energy sector in Turkey resembling one attributed to the MuddyWater threat actor.

In the previous week, the total market capitalization for crypto assets continued falling to EUR 106,082 billion, a 11.5 percent decrease from last week. Since the beginning of 2018, the market
has fallen by around 85 percent.

The Saudi dissident and friend of Khashoggi, Omar Abdulaziz, filed a lawsuit charging spyware created by Israel’s NSO Group was installed on his phone.
The U.S. will postpone a scheduled increase in tariffs on Chinese products after President Xi agreed to increase the purchase of U.S. goods to decrease the trade deficit.

11 December – Patch Tuesday
11 December – Parliament to Vote on Brexit Agreement
12 December – 1st Deutor Cyber Security Best Practice Conference
13 December – European Council Meeting