The various threat intelligence stories in this iteration of the Weekly Threat Briefing (WTB) discusses the following topics: BitPyLock, Business Email Compromise, Data Breaches, Konni Group, Phishing and Zero-Day Bugs. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Threats
Paypal, American Express Phishing Kits Added to 16Shop Service (January 25, 2020)The phishing distribution network, 16Shop, has started circulating phishing templates specifically targeting PayPal and American Express users. 16Shop does this by legitimising licenses in real-time that blocks web crawlers from vendors to ensure that the phishing page can continue to exist. Kits distributed for PayPal and Amazon templates have been in various languages including but not limited to; English, German, Japanese, Spanish and Thai. The phishing focuses on capturing login credentials, card details, personal address and other pieces of Personally Identifiable Information (PII). Researchers from Zerofox have found that 16Shop have attached several techniques to ensure longevity of their phishing campaigns. It includes bot detection, blacklisting security vendor products and the use of web crawler detection software.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Credential Dumping - T1003 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] User Execution - T1204 | weekly threat briefing organisations successfully phished
