Threat Intelligence Blog

Posted December 16, 2014


Welcome to the Cyveillance Weekly Trends Report

Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

Top Incidents


  • The National Health Information Sharing & Analysis Center is making available to its members a new intelligence platform that aims to help ease cyberthreat information sharing.  The introduction of the new NH-ISAC Threat Intelligence Platform comes as another healthcare industry organization, the Health Information Trust Alliance, is also gearing up to release a previously announced cyber-alert system for the sector in January.

Financial Services

  • Cybercriminals are using a new variant of the Neverquest malware to target the customers of financial institutions worldwide. The banking Trojan was first spotted in November 2013, and the threat is believed to be an evolution of the Snifula malware family. New variants of Neverquest were released this summer with most infections spotted in the United States and Japan.

Global Regulations

  • A Chinese news outlet reports 1.5 million Wi-Fi passwords have been stolen from a Shanghai company that develops WiFi hotspot applications. According to the article, the hackers exploited WiFi sharing applications to remotely control by injecting malicious codes to these applications and turned users devices to bots.

Legal and Regulations

  • On December 10, the New York Department of Financial Services (NYDFS) issued a letter to banking institutions chartered or licensed in New York notifying them of an expansion of the NYDFS information technology examination procedures to focus on cyber security issues as an integral aspect of risk management. The expanded procedures will look at cyber security in a comprehensive manner and will include a review of corporate governance as it relates to cyber security risks, the relationship between information security and core business functions, shared infrastructure risks, training, disaster planning and insurance coverage and other third-party protection.


  • Drug makers and Internet companies are quietly working together to link U.S. pharmacy records with online accounts in order to target ads to people based on their health conditions and their prescription drugs, Bloomberg News writes. In a little-known process, third-party companies assign patients unique numerical codes based on prescription records, a practice websites also rely on to track their registered users, the news service writes. The data sets, Bloomberg explains, can be linked without names changing hands, allowing drug makers to identify who uses a specific medicine and to send customized Internet ads. The practice has become an essential part of digital marketing efforts by drug makers, according to Bloomberg. But while the industry says the technique complies with federal medical privacy laws because patient names are concealed, critics see a breach of confidentiality.


  • Earlier this month, security researchers discovered a new PoS malware family, which they named “LusyPOS” after a reference in Russian underground forums. We detect this as TSPY_POSLUSY.A. In their analysis, they mentioned that it had some characteristics linked to the Dexter family of PoS malware. It also had behavior similar to the Chewbacca PoS malware (which we detect as TSPY_FYSNA.A), which is known to use the Tor network to connect to its command-and-control (C&C) servers.


  • A growing number of flaws in web browsers is viewed as the biggest endpoint security headache by today’s IT decision-makers, according to Malwarebytes. With the number of exploitable browser vulnerabilities accelerating this year, 72% of the 685 IT decision-makers questioned said this made security difficult in their organization, more so than any other issue.


  • Fallout from the Sony hack has continued after reports that sensitive contracts, unpublished scripts and salaries of top executives were leaked online. A recent email paper chain between two high-level executives disclosed an internal battle regarding the movies “Jobs” and the in-development Angelina Jolie film “Cleopatra.” This is just the latest of what may be many devastating leaks following the recent data breach on Sony.


  • A sophisticated cyber-espionage campaign believed to be the continuation of the Red October operation has been identified to target specific users of Android, iOS and BlackBerry mobile devices through spear-phishing attacks. Researchers from provider of security and network solutions Blue Coat have uncovered the endeavor that leverages a complex infrastructure relying on “a convoluted network of router proxies and rented hosts, most likely compromised because of poor configurations or default credentials,” to deliver targeted malicious emails. In an extensive report on Inception/Cloud Atlas, Blue Coat revealed that the threat actor planned attacks on mobile devices of high-profile targets in different sectors, from finance and oil industry to military, engineering and politics, in different parts of the world.

Cyveillance clients get access to the entire Weekly Trends Report, covering all of the above topics and much more. Contact us to find out how we can help your organization. And don’t forget to register for our upcoming webinar, Making the Business Case for Threat Intelligence.

Additional Posts

Watch that Pin: Trojans Are Now Using Pinterest

  New Trojans targeting banks in South Korea have been using Pinterest as a Command and ...

Targeted Attacks: A Defender’s Playbook

Most cyber attacks today are random, automatically generated exploits that prey on vulnerable ...