Threat Intelligence Blog

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

 

Energy

“It’s estimated that power companies in Russia suffered more than 350 serious cyber-attacks in 2016, a 50 percent increase on the previous year.

The precise extent of attacks on power plants in Russia is difficult to assess

Large energy facilities and nuclear power plants may become a main target of cyber-attacks in Russia and Western countries in the coming year, according to a recent report, issued by the experts of Kiberbezopasnost, one of Russia’s leading analysts in the field of cyber-security and IT.

According to the report, in recent years the number of cyber-attacks on large-scale energy facilities in Russia and the EU has significantly increased, while, in addition to data leakage and the loss of profits, such attacks may result in the complete suspension of operations of these objects or even man-made disasters.”

SC Magazine

Insurance/Healthcare

“Many courts have dismissed class action lawsuits involving data breaches due to a lack of evidence of harm to plaintiffs whose data was compromised.

That was the initial legal outcome in a consolidated class action data breach lawsuit against Horizon Blue Cross Blue Shield, which was tossed out back in April 2015 due to lack of proof of harm. At the center of the case was the 2013 theft of two unencrypted laptops containing information on nearly 840,000 individuals.”

– Healthcare Info Security

Financial Services

“New vulnerabilities in Netgear routers could potentially allow hackers to hijack devices and expose passwords. The vulnerabilities could also allow malicious entities to recruit compromised devices into a botnet and use them to launch large-scale cyberattacks.

Trustwave security researcher Simon Kenin uncovered that the vulnerabilities can be exploited remotely if the routers’ management options are enabled. Netgear acknowledged the vulnerabilities and issued firmware fixes for models affected by the issue.”

International Business Times

Technology

When Apple refused to compromise iOS security last year and unlock the iPhone 5c belonging to the San Bernardino shooter, the FBI turned to an Israeli mobile forensics firm called Cellebrite to find a way in to the encrypted iPhone. Now Motherboard reports that a hacker has released files allegedly from Cellebrite that demonstrate how cracking tools can’t be kept private.

The hacker claimed to have taken the newly released data from a remote Cellebrite server, and said they had extracted them from UFED images. They told Motherboard that the files were encrypted, likely in an attempt to protect Cellebrite’s intellectual property, but that they managed to bypass the protections.

Motherboard says Cellebrite had 900GB of data stolen in last month which suggested the firm sold security cracking tools to countries including Russia, Turkey, and the UAE. The report adds that the hacker responsible is claiming to have released a cache of stolen files from Cellebrite related to cracking older iPhones.”

9to5 Mac

Law Enforcement

A hacker has stolen over 700,000 user accounts the from a popular law enforcement forum PoliceOne and is offering for sale the entire database.

The PoliceOne forum is used by verified police officers and investigators to exchange information on techniques of investigation, training or other law enforcement centric discussions.

“PoliceOne.com is the #1 resource for up-to-the-minute law enforcement information online. More than 500,000 police professionals nationwide are registered PoliceOne members and trust us to provide them with the most timely, accurate and useful information available anywhere.” reads the description of the website.

Security Affairs

Defense

“A threat actor has used sophisticated Word documents to deliver Flash exploits in attacks aimed at NATO governments, reported Cisco’s Talos security intelligence and research group.

According to researchers, attackers have used specially designed documents to perform reconnaissance on infected systems and avoid sandboxes. Talos has compared this reconnaissance framework to the Russian Matryoshka nesting doll due to its complex workflow.

The attacks observed by Cisco were launched during the Christmas and New Year holidays. The Word document used as bait was titled “Statement by the NATO Secretary General following a meeting of the NATO-Russia Council,” which has led experts to believe that the targets were likely NATO member countries.”

– Security Week


You May Also Be Interested In…

Additional Posts

Weekly Phishing Activity: February 13, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: February 6, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...