The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT15, Backdoor, Magecart, Ransomware, ThiefQuest, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
North Korean Hackers Linked to Credit Card Stealing Attacks on US Stores
(published: July 6, 2020)
Researchers from Sansec have attributed various MageCart attacks to the Lazarus group, a North Korean threat group. Using skimmers, sensitive information such as payment card details were stolen from the checkout pages of multiple stores. These include Claire’s Accessories, Wongs Jewellers, Paper Source, Focus Camera, among others. The group compromised legitimate businesses to dump the stolen data, and attempt to cover their tracks. Sansec believes this activity has been ongoing since at least May 2019.Recommendation: Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external-facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs. In addition, supply chain attacks are becoming more frequent amongst threat actors as their Tactics, Techniques, and Procedures (TTPs) evolve. Therefore, it is paramount that all applications in use by your company are properly maintained and monitored for potential unusual activity.MITRE ATT&CK:
Support the originator by clicking the read the rest link below.
