The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: ActionSpy, APT, Data breach, Magecart, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Magecart Strikes Amid Corona Lockdown
(published: June 15, 2020)
Security researchers at Sansec have identified how retail chain Claire’s Accessories had customer card data stolen. The day following Claire’s announcement to close all stores in response to the COVID-19 pandemic, a domain “claires-assets.com” was registered. During the last week in April, the online stores of Claire’s and its sister company, Icing, had malicious code injected into them that would exfiltrate customer information to the above mentioned server. Having gained write access to the store, through unknown means, the threat actors added the malicious code to the submit button of the checkout form. Appending the data to an image address, the threat actors are able to receive the payload, and may have a higher chance of going undetected since not all image requests will be monitored by security software.Recommendation: While it is not known how the threat actor gained access, it may have been through spearphishing, or stolen credentials. As a result, all employees should be educated on the risks of spearphishing and how to identify such attempts. Employees should also use different password for business-related accounts because actors will often test other accounts with previously ..
Support the originator by clicking the read the rest link below.
