This weekly brief highlights the latest Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.
Information Security Risk
“A breach of the Unique Identification Authority of India’s Aadhaar biometric system is putting personally identifiable information (PII) of more than 1 billion Indian residents at risk. Attackers created a gateway to the biometric database, in which any Aadhaar user’s ID number can be entered into a portal. Once the number is entered, it will pull up the resident’s name, address, postal code, photo, phone number, and email address. Cyberthieves are selling access to the portal for 500 rupees and are charging an additional 300 rupees for software that allows a victim’s Aadhaar card to be printed, according to the report.”
Insurance + Healthcare
“Healthcare Ransomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money. Ch-ching! attacks increased by 89 percent from 2016 to 2017, according to recent research from Cryptonite. Furthermore, one-quarter of all IT/hacking events reported to OCR in 2017 were attributed to ransomware incidents. Gathering data from OCR, Cryptonite also determined that there was an overall drop in compromised records. Researchers explained though that this was likely due to attackers going after a wider array of healthcare organizations.”
Legal, Litigation, + Regulatory Risk
“Two Democratic senators introduced a bill that would provide the Federal Trade Commission (FTC) with punitive powers over the credit reporting industry for poor Cybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. practices. The bill is in response to a huge breach disclosed in September 2017. If the bill succeeds, it will become the Data Breach Prevention and Compensation Act of 2018. It will create an Office of Cybersecurity at the FTC, “headed”, says the bill (PDF), “by a Director, who shall be a career appointee.” This Office would be responsible for ensuring that the CRAs conform to the requirements of the legislation, and would have the power to establish new security standards going forwards. The punitive power of the Act comes in the level of the potential fines, beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer.”