Threat Intelligence Blog

weeklytrends

Welcome to the Cyveillance Weekly Trends Report

Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

Top Incidents

Agribusiness

  • While urban America has nearly universal access to wired broadband, the rate in rural America is 78 percent, according to industry data. The USDA’s 2012 Census of Agriculture says 70 percent of farms have Internet access, but a third of them use dial-up, satellite or mobile connections “that may not be adequate when it comes to accessing and delivering the large quantities of data that are associated with some precision agriculture processes,” write Brian Whitace, Tyler Mark and Terry Griffin in Choices, the journal of agricultural economics. “The availability of broadband for farm offices and land in production has serious implications for the future of agriculture.”

Insurance/Healthcare

  • Beginning in early 2015, the Office for Civil Rights plans to audit 200 covered entities, including healthcare providers and group health plans, to measure their compliance with the HIPAA privacy, security, and breach notification rules requirements. These audits of covered entities will be followed by up to 400 audits of business associates to measure their compliance with the security rule and how they intend to approach their obligations under the privacy and breach notification rules.

Financial Services

  • A leading U.S. investment firm fired one of its financial advisers after it accused him of stealing account data on about 350,000 clients and posting some of that information for sale online, in potentially the largest data theft at a wealth-management firm.

Global Intelligence

  • A Chinese security news outlet reports a security vulnerability on wireless routers that use admin/admin as username/password could be exploited by embedding a malicious webpage. Once users visit the malicious page, the router’s DNS IP address will be modified, and personal information like banking information could be obtained.

Legal and Regulations

  • The International Standards Organization’s new cloud standard, ISO 27018, strives to ensure that public cloud service providers (such as Amazon, Google, and Rackspace) “offer suitable information security controls to protect the privacy of their customers’ clients” by securing the personally identifiable information (PII) entrusted to them. The new standard, adopted by ISO and the International Electrotechnical Commission in August, is voluntary. It is expected to be followed by ISO 27017, which will cover non-privacy information security aspects of cloud computing. According to the ISO, the new standard is intended as “a reference for selecting PII protection controls within the process of implementing a cloud computing information security management system ….” Broadly, ISO 27018 addresses the questions of confidentiality and security of the customer’s personal information and the prevention of its unauthorized use.

Retail

  • According to findings from IBM, the number of cyber attacks against US retailers has declined 50%, however, the number of records stolen from them remains at near record highs. Contrary to expectations, cyber attackers scaled back on Black Friday and Cyber Monday 2014 hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. efforts.

Entertainment

  • The FBI revealed more details related to the Sony investigation. It claims that messages sent by the attackers included IP addresses only used by North Korea. Some experts still believe Sony employees may have been the culprits, whether it was an isolated incident or a joint effort with North Korea.

Defense

Law Enforcement

  • French law enforcement officers have been told to erase their social media presence and to carry their weapons at all times because terror sleeper cells have been activated in the country, according to a French police source. Amedy Coulibaly, a suspect killed Friday during a deadly kosher market hostage siege, had made several phone calls about targeting police officers in France, according to the source. It was also reported in a French-language magazine that brothers Cherif and Said Kouachi had been under watch by the French, but despite red flags, authorities there lost interest in them.

Cyveillance clients get access to the entire Weekly Trends Report, covering all of the above topics and much more. Contact us to find out how we can help your organization.

Additional Posts

Cybersecurity Education: An Interview with Arlington County CISO David Jordan

  We recently interviewed a Virginia government Chief Information Security and Privacy ...

What’s “On Trend” in the Criminal World? Ransomware

If You Ever Want to See Your Hard Drive Again… While ransomware has been around for decades, the ...