Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Information Security Risk

“A new variant of the Satori botnet has sprung back to life, and this one is hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. into mining rigs and replacing the device owner’s mining credentials with the attacker’s own. Analysis of the malware’s code suggests the same person behind the original Satori bot is behind this new wave as well. Now, almost three weeks after the botnet went silent, researchers have spotted a new Satori variant. “The infection speed is much slower,” a researcher said. This new version keeps the old exploits, but also adds another one. The third exploit was a total surprise for researchers because it did not target IoT and networking devices, like previous Satori payloads.”

 –Bleeping Computer

Insurance + Healthcare

“Hancock Health was recently targeted with a SamSam ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! infection. A hacker used an administrative account set up by one of the hospital’s vendors to gain unauthorized access to a system managed by the vendor and infected its systems with the ransomware. After payment of four Bitcoins, worth approximately $55,000, the files were released, and hospital operations were restored.”

IT Security Central

Operational Risk

“A new variant of the disk-wiper malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. known as KillDisk has been spotted by security firm researchers in attacks aimed at financial organizations in Latin America. The security firm is in the process of examining the new variant and the attacks, but an initial analysis showed that the Trojan appears to be delivered by a different piece of malware or it may be part of a bigger attack. The latest variant, tracked as TROJ_KILLDISK.IUB, goes back to its roots and focuses on deleting files and wiping the disk. The malware, designed to target Windows systems, goes through all drives in order to delete files, except for system files and folders. It then proceeds to wipe the disk, which includes reading the master boot record (MBR) and overwriting the extended boot record (EBR). The file removal and disk wiping procedures involve overwriting files and disk sectors in order to make recovery more difficult.”

SC Magazine UK

Technology

“Another site in the booming cryptocurrency wallet sector has been hacked after what looks like a DNS hijacking attack. The victim this time is BlackWallet, whose users reportedly lost 670,000 of a currency called Stellar Lumens (XLMs) worth around $425,000 at the point they were stolen on the afternoon of 13 January.News that something was amiss first emerged in a Reddit posting claiming to be from the site’s admin. The stolen XLMs were reportedly siphoned off to the Bittrex cryptocurrency exchange, before (most likely) being laundered into another cryptocurrency. Once they have control over any domainDomain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website., attackers clearly have a lot of power to manipulate, monitor or redirect users logging in, but the deeper question always comes down to how they got this far. The person claiming to be BlackWallet’s admin mentions that the attacker accessed the site’s hosting provider account, which could have happened in one of two ways. Either the attackers got hold of the credentials through some kind of remote compromise or had the account reset by tricking staff at the DNS hosting provider. The defence against this is to identify people claiming to be account holders using a combination of multi-factor authentication and phone call checks to more than one registered number. The lack of these checks – and other weaknesses in credential security – has led to a series of attacks on cryptocurrency wallets using DNS hosting as a convenient backdoor. Just before Christmas, currency exchange EtherDelta suffered a reported DNS takeover – the consequences of which are still not clear. Similarly, last July Classic Ether Wallet users lost money to attackers who it was suggested had phoned up the German hosting company and passed themselves off as legitimate.”

 


Additional Posts

How the World Swung – and Missed – in Attempting to Reach Consensus in Cyberspace

On a global level, cyberspace has grown increasingly complex. Specifically, nations remain at an ...

Panel Discussion: Growth Strategies That Work