Posted July 14, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
An employee’s unauthorized access of 3,200 patient medical records has caused a potential health data breach at Orlando Health. During a routine patient record access audit on May 27, 2015, Orlando Health discovered that a certified nursing assistant had inappropriately accessed patient records outside of normal job functions. While it was not entirely clear what information was viewed, Orlando Health said the data could include patient names, dates of birth, addresses, medications, medical tests and results, other clinical information, and the last four digits of Social Security Numbers. There were also “a limited number of patients” who may have had their insurance information accessed as well, Orlando Health reported.
Legal and Regulations
Lawmakers on Capitol Hill may strip the Office of Personnel Management (OPM) of its control over security clearances following two data breaches that compromised records for about 22 million people.
– The Hill
Mastercard, in an effort to provide additional security for online shoppers, is testing various ways to verify a buyers identity through biometrics. Mastercard will be developing an app, Mastercard ID Check, which may ask for an image of the individual, fingerprint, or voice recognition test. Mastercard is working with many manufacturers and will begin testing the app this fall.
19,000 malicious emails have been sent in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe fil that acts as a downloader that fetches and executes the Dyreza banker Trojan, also known as Dyre targeting customers of reputable financial and banking institutions from the UK, France, Germany, the US, Australia and Romania.
EU law enforcement agency Europol has supported the Spanish police force in an effort to take down a cyber-crime group operating with a ‘sophisticated’ illegal call center from Barcelona. Under a joint operation codenamed ‘Walker’, raids and arrests took place on 6 July in the Catalan capital. The telecommunications-based cyber-crime in this case is classified as International Revenue Share Fraud (IRSF). Reports suggest that ‘Grupo de fraudes de las telecomunicacione’ police officers ‘dismantled’ six houses and seized over 100 smartphones, stolen SIM cards, computer equipment and a significant amount of cash and credit cards. Europol’s own website states that the aim of this investigation was to target the cyber criminals and their accomplices who were involved in large scale telecommunication fraud, as well as channelling and cashing-out the proceeds of their crimes. The unnamed cyber-crime group had established a channel to receive mobile phones stolen from tourists in Spain. A further network of premium rate numbers had been set up and managed by other members of the criminal group based outside the EU. Stolen device phone numbers were then harvested and exploited until the point at which they were blocked by telecom operators in their country of origin.