Posted May 12, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
- Criminal attacks in the healthcare sector – including those involving hackers and malicious insiders – have more than doubled in the last five years, according to a new study. The “Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data” by the research firm Ponemon Institute concludes that criminal attacks in healthcare are up 125 percent since 2010. Cybercriminal incidents involving external and internal actors were the leading cause of a data breaches over the past two years, the study shows. In previous studies, lost or stolen computing devices had consistently had been the top breach culprit.
- A US cosmetics retail giant disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data. Sources close to the investigation said that the intruders gained access through a Citrix remote access portal set up for use by employees who needed access to company systems while on the road. After obtaining the login credentials of a district manager, the attackers gained easy entry into the corporate network and located all shared drives and scoured those for Visual Basic (VB) scripts. The intruders were able to locate a VB script on the company’s network that contained the username and password of a network administrator at the company. That allowed them to copy files to the cash registers. The attackers then used a simple batch file loop, put in all the cash register Internet addresses they found while scanning the network, looped through that access point and copied the malware to all of the roughly 6,000 point-of-sale devices.
Legal and Regulations
- The Cybersecurity Unit of the U.S. Department of Justice (the “Justice Department”) released a guidance document, entitled Best Practices for Victim Response and Reporting of Cyber Incidents (“Guidance”), discussing best practices for cyber incident response preparedness based on lessons learned by federal prosecutors while handling cyber investigations and prosecutions. The Guidance is intended to assist organizations with preparing to respond to a cyber incident, and emphasizes that that the best time to plan a cyber response strategy is before an incident occurs. The Justice Department drafted the Guidance with smaller, less-experienced organizations in mind, but also believes that larger organizations may benefit from its summary of best practices.
– Hunton & Williams
- Security researchers at RSA and FireEye reported cybercriminals began mimicking cyberespionage advanced persistent threat (APT) groups by deploying spear-phishing campaigns designed to infect point-of-sale PoS payment systems. The attacks delivered the Vawtrak banking trojan and a new document-based exploit kit (EK) called Microsoft Word Intruder (MWI).
– DHS.gov [PDF]
- Cyber-criminals are increasingly adopting tactics and techniques of cyber-espionage groups to target their victims. The cyber-criminals are employing spear-phishing and malicious documents as a means to infect their targets.
- A Florida utility company has told federal regulators it is certain Verizon has a plan to exit its landline and wired broadband businesses within the next 10 years to become an all-wireless service provider. The utility argued in a regulatory filing with the Federal Communications Commission it was clear Verizon had plans to exit its wire line business after the phone company suddenly informed regulated utilities it no longer seemed interested in fighting over pole attachment fees and pole ownership and use issues.
- A software vulnerability discovered in Boeing’s 787 Dreamliner jet could potentially cause pilots to lose control of the aircraft mid-air, the US aviation authority has warned. The bug resembles an integer overflow and was discovered in laboratory testing. It is located in an electrical system which generates power, and is triggered when a generator has been running non-stop for just over eight months.
– IT News