Tailored Intelligence

Carnival Cruise Lines’ Long-Running Breach Problem

Carnival Corporation is back in the news again with another data breach. This time, the company disclosed in a recent 8-K filing that its network was compromised by an unnamed ransomware on August 15th which “encrypted a portion of one brand’s information technology systems” and “the download of certain of our data files.” This is the second public disclosure Carnival has made this year. In March, it also disclosed a data beach from April 11 – July 23 2019 which gained access to employee email accounts containing sensitive information. However, these are...

Share Post

How PHP’s Labyrinth Weaponized WordPress Themes for Profit

New findings from Prevailion’s Tailored Intelligence team indicate the rapid expansion of a series of supply chain attacks that transform installations of the popular Wordpress content management system into hosts for a malicious advertising network. More than 20,000 web servers have been identified to be compromised in this campaign. WordPress has grown to become the backbone of 60% of content management systems, comprising 34% of all websites on the internet. This widespread user base and the ease in which a website can be personalized without knowledge of coding has created a fertile...

Share Post

The Triune Threat: MasterMana Returns

Prevailion’s Tailored Intelligence team has discovered new campaigns associated with the Gorgon Group, suspected Pakistani based actors, who previously operated the MasterMana botnet. While this group relied upon an amalgamation of multiple open-source and commercially available tools, they have proven themselves to be highly capable. By utilizing various 3rd party websites and services, they are able to bypass common network defense mechanisms. Recently they have added new capabilities to evade host-based detection through encoding payloads and renaming file extensions. In some cases, they took a more audacious approach by incapacitating the Windows...

Share Post

TA 505 – Global Ransomware Criminals

Prevailion’s Tailored Intelligence Team has continued to follow an evolving threat actor group dubbed TA505 - a known cyber criminal organization that has likely been active since at least 2017, whose motives are speculated to be financial in nature. This group has been known to infect victims through business email compromise. Once a victim’s system is initially compromised, TA505 has been observed utilizing a wide variety of commercially available and custom remote access trojans. Upon gaining access, with a trojan in the network, they have been observed stealing sensitive financial data...

Share Post