Threat Intelligence Blog

Welcome to the Cyveillance Weekly Threat IntelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... Brief

News on digital tablet.

Threat intelligence is constantly evolving. We publish this weekly security brief to keep our customers updated on the latest threats across a variety of industries. For the latest security news stories throughout the day, follow us on Twitter, and subscribe to our blog to stay up-to-date on highlights from our analyst research reports!

 

Insurance/Healthcare

“CareFirst BlueCross BlueShield is facing a proposed data breach class action lawsuit filed by customers who allege their personal data held by the health insurance provider was hacked and that CareFirst failed to prevent that cyberattack. Approximately 1.1 million plan members were affected. […] It was in late May 2015 that CareFirst announced an unauthorized access to a single database had occurred in June 2014 which enabled unknown parties to potentially obtain names, dates of birth, email addresses and subscriber identification numbers of members who signed up before that date. CareFirst claimed information such as Social Security numbers or credit card information was not accessed. […] According to the complaint, […] claimed that CareFirst failed to adequately secure the computers storing customers’ personal information, despite becoming aware of an attempted data breach last year.”

Big Class Action

Financial Services

“Two data-brokerage firms illegally sold the financial information of at least 500,000 people who applied for payday loans to a third party that stole millions from them, the Federal Trade Commission alleged in a case announced Wednesday. […] In a complaint filed [August 7], the government said that [the two firms] collected sensitive financial data about people seeking payday loans. They purchased some of the data from other outlets and obtained the rest through a variety of Web sites the companies owned that claimed to help people obtain payday loans. The firms then sold the data to others […] according to the FTC.”

– The Washington Post

Legal and Regulations

On July 31, the White House released a report on its 30-day cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. “sprint,” launched on June 12 in the wake of the Office of Personnel Management (OPM) hacks. The report is brief, providing statistics on each agency’s use to-date of two-factor authentication (2FA), and highlighting the dramatic 30 percent jump in 2FA adoption since the outset of the cyber sprint.  The July 31 report indicates that use of 2FA increased from about 42 percent to over 72 percent during the cyber sprint, which represents a significant jump in such a short time span, and immense progress after the 2011 initiative stalled at 42 percent in 2014.  Fourteen agencies met the goal for stronger user authentication set at the beginning of the cybersecurity sprint, while ten agencies fell below the target.  However, the report is silent regarding the results of the other goals to 1) deploy technology that scans for malicious activity, 2) patch critical vulnerabilities, and 3) limit the number of privileged users.

Performance.gov

Retail

“The Square Reader, used by millions of businesses in the United States, could at one point be converted in less than 10 minutes into a skimmer that could steal and save credit card information, according to three recent [Boston University College of Engineering] grads. Their findings [were] presented […] at the Black Hat USA 2015 cybersecurity conference in Las Vegas. […] The trio also found that Square Register software could be hacked to enable unauthorized transactions at a later date. “The merchant could swipe the card an extra time at the point of sale,” says Moore. “You think nothing of it, and a week later when you’re not around, I charge you $20, $30, $100, $200… You might not notice that charge. I get away with some extra money of yours.””

BU Today

Technology

“Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission (SEC). The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department. […] Known variously as “CEO fraud,” and the “business email compromise,” the swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.”

Krebs on Security

Law Enforcement

Calling it the “largest-known computer hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. security fraud scheme,” the FBI charged nine people in indictments that allege they managed to break into three newswires and accessed embargoed press releases containing financial information. The FBI reports that the international scheme netted its participants $30 million in illegal profits. The suspects are accused of stealing confidential information about companies traded on the New York Stock Exchange (NYSE) and NASDAQ. The FBI said the group stole about 150,000 confidential press releases from the servers of newswires.

– FBI

Additional Posts

Formulating a Threat Intelligence Plan, Part III

  Author: Eric Olson, VP of Product Strategy In our previous posts in this series on making ...

LookingGlass Weekly Phishing Report – August 17, 2015

  Phishing Report: Top Targets Week of August 9 - 15, 2015 Author: Robert McDaniel   In ...