Threat Intelligence Blog

Posted April 26, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.



“According to a recent study, most healthcare data breaches in 2015 were caused by cyberattacks, such as phishing scams and ransomware.

Cyberattacks were the top cause of healthcare data breaches in 2015, according to a recent study by Symantec Corporation on healthcare cybersecurity.

The study showed that providers have shifted their views on healthcare cybersecurity to account for the rise of cyber threats, such as ransomware and phishing scams, and the increasing risk to care delivery and patient safety.

Health IT Security

Financial Services

“Researchers have come across a new banking Trojan that appears to borrow code from the notorious Zeus.

Dubbed Panda Banker, the threat was discovered in February by Fox IT and later analyzed in detail by experts at Proofpoint.

According to Proofpoint, cybercriminals have used both spear-phishing emails and exploit kits to deliver the Trojan. In one spear-phishing campaign observed on March 10, attackers sent an email containing a malicious document to people working in mass media and manufacturing organizations. When recipients opened the document, Panda Banker was downloaded from a remote server.”

– Security Week

Legal and Regulations

The Cabinet Office published the UK Cyber Security Strategy 2011-2016 final report, looking at the impact and highlights of the program since its launch with particular reference to the program’s central objectives of business security, resilience to cyber attacks, to create a open, vibrant, and stable cyberspace able to support an open society, and to enhance skills, knowledge, and capabilities around cyber security in the UK.



“An “Anonymous” YouTube user named “TheAnonMessage” has just announced #Op_Pharma, a coordinated effort to expose the “lies and corruption of the medical system” and Big Pharma.

The video introduction uses clips from a documentary that includes the voice of the Health Ranger and other outspoken critics of the pharmaceutical cartels. From there, the video shows a “V for Vendetta” video while a computer generated voice speaks […]”

Natural News


“A new version of the NewPosThings PoS malware is using a clever technique to extract data from infected PoS terminals that almost no security solution monitors for malware activity.

The NewPoSThings malware appeared many years ago, and for a long time, it didn’t stand out from the crowd of other PoS malware families.

Just like the competition, NewPoSThings infected Windows processes that handled credit card data, scraping content for financial information, and then sending it to its C&C server.”



“Malware authors have put together a strain of malicious code written entirely in Python, in what may turn out to be an experiment in creating a new type of cross-platform nasty.

PWOBot is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable.

The malware has already infected a number of Europe-based organisations, particularly in Poland, according to new research.”

The Register

Law Enforcement

“The FBI cannot unlock 13% of the password-protected cellphones it has seized as evidence in the past six months, a top bureau official told a House panel Tuesday.

About 30% of the 3,000-plus phones that the FBI has seized since Oct. 1 require passwords to open, said Amy Hess, executive assistant director of the FBI’s science and technology branch. The FBI was able to unlock most of those phones, but the number that they can’t get into is growing as tech companies build devices with stronger data encryption, Hess said. She also said passwords are becoming longer and more difficult to guess, even with special computer programs designed to crack them.”

USA Today

Additional Posts

Introducing scoutPRIME®, Part 1 – Threat Intelligence Collection, Aggregation, & Distribution

This blog series from CTO Allan Thomson will explore the three fundamental challenges LookingGlass ...

Weekly Phishing Report: April 25, 2016

Phishing Report: Top Targets Week of April 17 – April 23, 2016 In this week’s phishing report, ...