Weekly Threat Intelligence Brief: August 30, 2016

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“Cybercriminals wielding Locky crypto-locking ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! are continuing to ramp up their assaults, especially in the healthcare sector, with attackers distributing less banking malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. and more ransomware, according to new research.

So far this month, several “massive” new phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. campaigns have been launched, targeting victims in multiple industries with Locky ransomware, security researcher Chong Rong Hwa from cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. firm FireEye says in a blog post […].”

– Healthcare Info Security

Financial Services

“Scammers on popular photo-sharing platform Instagram are targeting thousands of followers of major financial institutions in an effort to extort victims into handing over money or disclosing personal banking information, new research has found. A report released by social media security firm ZeroFox titled “Post Grams Not Scams” has found over 4,000 unique instances of money flipping scams on the platform spread across more than 1,300 different Instagram accounts since 2013.

Using an in-house machine-learning classifier designed to analyse Instagram scam posts related to 37 of the biggest US financial institutions, ZeroFox researchers went into more than two million public Instagram posts from the last two years over a recent four-month period. The researchers identified thousands of money flipping scam posts created to lure users into sending money, particularly targeting the poor and members of the military.”

– International Business Times

Legal

In U.S. v. Caira, the United States Court of Appeals for the Seventh Circuit found that there is no reasonable expectation of privacy in an IP address and related subscriber information, allowing law enforcement to obtain that information from third-party communications companies without a warrant. The issue was brought to court when a defendant was convicted of drug charges after his email address was tracked through administrative subpoenas to technology companies, which provided his subscriber information and IP login history.

– U.S. Court of Appeals, 7th Circuit

Defense

“Ports in the US have reported attacks using an SQL injection flaw made public by a hacker known as bRpsd, who released a fully working exploit online without notifying the vendor in advance.

Following these events, ICS-CERT, the US-CERT division in charge of security alerts for industrial control systems (ICS), has issued advisories regarding the vulnerability’s existence and the ongoing series of attacks.

The affected application is Navis WebAccess, the Web-based component of the Navis maritime transportation logistics software suite, sold by the Cargotec Corporation.”

– Softpedia

You May Also Be Interested In…

• [WEBINAR] Operationalizing Threat Intelligence: ESG Analyst Research, Insight, Use Cases
• [Data Sheet] LookingGlass Cyber Threat Center
• [Data Sheet] Information Protection