Posted October 28, 2014
Welcome to the Cyveillance Weekly Trends Report
Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below, and follow us on Twitter, and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
- A recent audit by the Office of the Inspector General revealed that the Food and Drug Administration’s (FDA) computer network is vulnerable to a potential data breach. The news is especially critical as almost exactly one year ago it was discovered that the FDA’s online submission system was breached by an unauthorized user.
- In the last five years, the number of data breaches in the medical sector has quadrupled. Last year, for the first time, the medical sector experienced more breaches than any other. It’s again on track to lead in 2014 – so what is behind the dramatic rise in medical identity theft? A decentralized U.S. health system, increasing digitization of records, and demand in the black market are fueling a surge in thefts.
Legal and Regulations
- A new class action lawsuit alleges that on LinkedIn “any potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained.” The case is Tracee Sweet et al v. LinkedIn which was filed on October 4, 2014 in the US District Court for the Northern District of California
- One of the biggest attack campaigns against critical infrastructure since Stuxnet might not actually have been aimed at critical infrastructure. New research on the Dragonfly, a.k.a. Energetic Bear, attacks that were first reported by F-Secure in June poses the theory that the group’s true target was the pharmaceutical and biotechnology industry, not the energy sector. In a report released by the signal transmission solution company Belden, Joel Langill, an industrial control systems security expert at RedHat Cyber, explains why he thinks Dragonfly was attacking small companies that supply original equipment manufacturers, which in turn supply the pharma-biotech sector.
- Staples is looking into a potential credit card data breach and has been in touch with law enforcement officials about the issue. The office supplies retailer said last week that if it turns up any data discrepancies during its investigation, customers won’t be responsible for fraudulent activity on their credit cards as long as it is reported in a timely manner.
- A Chinese web monitoring group published a report saying Apple users in China have been targeted in a sophisticated and widespread attack by hackers seeking private user data stored on the iCloud service.
- Fraud scams targeting the customers of several large American technology companies are seeking to provide password recovery and technical support to consumers for a weekly fee. These services, which target customers of Yahoo!, Google, Cisco, Apple to name a few, are otherwise offered for no charge by the company.
- Trend Micro researchers identified a cyberespionage operation dubbed “Operation Pawn Storm” that uses targeted emails and compromised Web sites to infect users in government, military, and media organizations with the SEDNIT (also known as Sofacy) malware.
Cyveillance clients get access to the entire Weekly Trends Report, covering all of the above topics and much more. Contact us to find out how we can help your organization.