This weekly brief highlights the latest Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.
“Hackers are looking to exploit the surging interest and value in Bitcoin by targeting traders with a fake advertisement for a bitcoin trading bot called Gunbot, researchers have found. However, the advertisement actually spreads the malicious Orcus remote access trojan (RAT) to steal bitcoin. Researchers spotted a new Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. campaign that targets eager bitcoin investors through a phishing campaign that claims to offer Gunbot, a new and legitimate bitcoin trading app. The phishing email with the phony ad comes with a .zip file attachment called “sourcode.vbs” that contains a simple VB script. When executed, it downloads a file that looks like a JPEG image but is actually a PE binary file.”
“Reuters reports hackers likely working for a nation-state, recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations. It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing attention on breaking into utilities, factories and other types of critical infrastructure. Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks. A security firm disclosed the incident on Thursday saying it targeted Triconex industrial safety technology from Schneider Electric. Schneider confirmed the incident had occurred and that it had issued a security alert to users of Triconex, which cyber experts say is widely used in the energy industry, including at nuclear facilities, and oil and gas plants.”
Insurance + Healthcare
“In November 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) received 21 reports of healthcare data breaches that impacted more than 500 individuals; the second consecutive month when reported breaches have fallen. While the number of breaches was down month on month, the number of individuals impacted by healthcare data breaches increased from 71,377 to 107,143.”
“A call to arms has been sent out to hacktivists around the world to unite and attack US and Israeli government websites. Anti-US and anti-Israeli factions within the Anonymous collective have recently declared a cyberwar of sorts against government-affiliated websites linked to the US and Israel. OpIsrael, which was first launched in 2013 by Anonymous hackers on the eve of Holocaust Remembrance Day, has become an annual campaign. Every year in April, the hacktivists involved in the campaign attack Israeli government and even private websites with DDoS attacks and more, however, the campaign has been resurrected for a second time this year, after US president Donald Trump, on 6 December, recognized Jerusalem as the Israel’s capital. Now factions within Anonymous are calling for hackers across the world to join forces to hack, deface, dox, hijack, leak and DDoS any target in Israel and websites associated with the US government.”