Threat Intelligence Blog

Posted December 8, 2015


We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!


Financial Services

“A malicious hacker that successfully breached the IT systems of a large bank in the United Arab Emirates (UAE) demanded nearly $3 million worth of cryptocurrency or the financial information of hundreds of its customers would be leaked online. The hacker […] reportedly gained access to the bank’s systems last month. He threatened to release customers’ account statements if a payment of 8,500 bitcoins was not made. According to the Dubai-based newspaper Xpress, the bank refused to pay the ransom and contacted law enforcement.”

Trip Wire

Legal and Regulations

“The Securities and Exchange Commission today charged two Bitcoin mining companies and their founder with conducting a Ponzi scheme that used the lure of quick riches from virtual currency to defraud investors. According to the SEC’s complaint filed in federal court in Connecticut, “mining” for Bitcoin or other virtual currencies means applying computer power to try to solve complex equations that verify a group of transactions in that virtual currency.  The first computer or collection of computers to solve an equation is awarded new units of that virtual currency.”



“Cybercrooks are selling a new strain of potent Point of Sale malware through underground forums. “Pro PoS” weights in at just 76KB and packs mechanisms to frustrate antivirus analysis, as well as root-kit functionality, according to [a] threat  intelligence […] Developers of the malware also integrated a polymorphic engine, so that each build has different signatures, for added stealth and as a measure designed to foil security defences.”

The Register


“Microsoft said [December 3] it aided law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide. The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix. It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.”

PC World


“The Chinese government recently arrested a handful of hackers it says were connected to the breach of Office of Personnel Management’s database this year, a mammoth break-in that exposed the records of more than 22 million current and former federal employees. The arrests took place shortly before a state visit in September by President Xi Jinping, and U.S. officials say they appear to have been carried out in an effort to lessen tensions with Washington. The identities of the suspects — and whether they have any connection to the Chinese government — remain unclear.”

The Washington Post

Additional Posts

The Duty of Care: Using Threat Intelligence to Prepare for Physical Threats

By Hans Mathias Moeller This is the first blog in a two-part series from one of our analysts in our ...

Cyveillance Weekly Phishing Report – December 7, 2015

  Phishing Report: Top Targets Week of November 29 - December 5, 2015   In this week's ...