We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!
“Fully 81 percent of healthcare executives say their organizations have been compromised by malware, botnets or cyber attacks at least once in the past two years, according to the findings of the 2015 KPMG Healthcare Cybersecurity Survey [PDF]. The survey of 223 chief information officers, chief technology officers, chief security officers and chief compliance officers at healthcare providers and health plans also found that 13 percent of respondents said they’re targeted by external hack attempts about once a day, and another 12 percent are seeing about two or more such attacks a week.”
– eSecurity Planet
“The extortion group known as DD4BC has stepped up the number of attacks this year and is now targeting the financial services industry, according to a new report. […] the report, has identified 114 attacks carried out by DD4BC since April 2015.”
– Coin Desk
Legal and Regulations
According to the Secretary of Defense, “urgent and compelling” reasons led to the introduction of new rules regarding incident reporting by Department of Defense (DoD) contractors, as well as security standards for cloud service providers. The interim rules are putting into effect sections of the National Defense Authorization Act for Fiscal Years 2013 and 2015, and were announced without prior opportunity for public comments. The DoD will consider public comments – which have to be submitted on or before Oct. 26 – before issuing the final rule.
“Databases used to storage electronic medical records are prone to information leakage despite being encrypted, according to research from Microsoft. In a paper due to be presented at the ACM Conference on Computer and Communications Security in October, sensitive medial data on patients could be stolen using four methods of Hacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system..”
“The Justice Department on Friday moved to drop charges against a Temple University professor accused of trying to send sensitive superconductor technology to China, a setback in the U.S. government’s push to become more aggressive with China over economic espionage. The dropped charges come as the Federal Bureau of Investigation and the Obama administration have been ramping up efforts to counter what they say is a growing problem of economic espionage directed at U.S. companies by Chinese firms.”
“Stung by recent court decisions that have gone against them, Justice Department lawyers are pushing to clarify a computer trespass law that critics malign as overly broad. The 1986 law, known as the Computer Fraud and Abuse Act, was intended to punish hackers who breach someone else’s computer network and steal information from it. But federal prosecutors have struggled at times in applying it to people who have permission to access a computer — a police department database, for instance, or a corporate network — but abuse that right by using it for purposes that have not been authorized.”
“Hackers infiltrated the Pentagon food court’s computer system, compromising the bank data of an unknown number of employees. Lt. Col. Tom Crosson, a Defense Department spokesman, said on Tuesday that employees were notified that hackers may have stolen bank account information from people who paid for concessions at the Pentagon with a credit or debit card.”