Posted March 31, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
Top Cyber Security Incidents
- Washington state’s insurance commissioner announced Tuesday a multistate investigation into this winter’s cyberattack on Premera Blue Cross. Insurance Commissioner Mike Kreidler said he plans to work with his counterparts in Alaska and Oregon to look into operations at Premera, which is based in Mountlake Terrace, Washington. The investigation will explore the cyberattack disclosed by Premera last week, in which hackers accessed the personal information of 11 million consumers, including 6 million in Washington, between last May and the exploit’s Jan. 29 discovery.
– ABC News
- Flash files that are vulnerable to a serious flaw patched by Adobe Systems over three years ago still exist on many websites, exposing users to potential attacks. The vulnerability, known as CVE-2011-2461, was found in the Adobe Flex Software Development Kit (SDK) and was fixed by Adobe in November 2011. The development tool, which has since been donated to the Apache Software Foundation, allows users to build cross-platform rich Internet applications in Flash.
Legal and Regulations
- An industry-led committee advising the Federal Communications Commission (“FCC”) on cybersecurity released its final report on best risk management practices tailored to each of five main industry segments—broadcasting, satellite, cable, wireless and wireline. The report’s primary objective is to ensure that companies have taken sufficient steps to give the FCC and the public assurance that communications providers are managing cybersecurity risk. The committee report concludes that it is not a matter of if a communications company will be attacked, but when, rendering knowledge of potential threats “essential.” The report adapts to the communications sector the cybersecurity risk management framework (“NIST Cybersecurity Framework”) developed by the National Institute of Standards and Technology.
- If terrorists ever orchestrate a cyberattack against the U.S., the odds are 9 in 10 that spear-phishing will be the first step of their assault. The same technique that has breached Sony, Anthem, Target, the Pentagon and thousands of organizations every year, spear-phishing is used in some 91 percent of cyberattacks, according to the security firm Micro Trend.
- An auxiliary officer of the NYPD is accused of installing devices in the Traffic Safety Office of the police department that offered access to restricted information related to traffic accidents in the greater New York area, and of using the details to obtain money from those involved in the events. The accused, Yehuda Katz, who is a community volunteer and not an actual police officer, is said to have installed devices onto a computer in the Traffic Safety Office of NYPD’s 70th Precinct, enabling him to control the machine from afar. Using this method, he allegedly logged in to databases with credentials belonging to uniformed officers. It is said that Katz ran more than 6,400 queries in the databases that returned personally identifiable information of traffic accident victims along with other details. Then, Katz is said to have contacted the victims pretending to be an attorney at the bogus “Katz and Katz law firm” and claiming he could assist with potential legal claims. The events were recorded between May and August 2014.