Threat Intelligence Blog

Posted July 12, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“With the exception of one large theft incident involving an insider, hacker attacks – including some involving ransomware – remain the leading culprits in the biggest health data breaches reported so far this year to federal regulators.

As of July 3, 149 breaches affecting a total of nearly 2.7 million individuals have been reported to federal regulators so far in 2017, according to the Department of Health and Human Services’ so-called “wall of shame” website of breaches affecting 500 or more individuals.

Of those 2017 breaches, 53 are listed as hacking/IT incidents. And although they only represent about one-third of the breaches reported in 2017, those incidents are responsible for affecting 1.6 million individuals, or about 60 percent of the victims impacted.”

Careers Infosecurity

Information Security

“WikiLeaks has published documents detailing BothanSpy and Gyrfalcon, tools allegedly used by the U.S. Central Intelligence Agency (CIA) to steal SSH credentials from Windows and Linux systems.

A document dated March 2015 describes BothanSpy as a tool that steals credentials for active SSH sessions from Xshell, an SSH, telnet, and rlogin terminal emulator for Windows.

Using a mode dubbed by its developers “Fire and Collect,” BothanSpy collects SSH credentials and sends them to the attacker’s server without writing any data to the compromised machine’s disk. If the mode “Fire and Forget” is used, the stolen credentials are written to a file on the disk.”

– Security Week


“A new variant of the Zeus banking trojan has emerged, dubbed Neutrino, which is custom-made to collect credit card information from point-of-sale systems, among other things.

“From time to time authors of effective and long-lived trojans and viruses create new modifications and forks of them, like any other software authors,” said Sergey Yunakovsky, a Kaspersky Lab researcher, in a posting. “One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year. In a strange way this malware becomes similar to his prototype from Greek mythology.”

Neutrino first takes a long “sleep” before it starts, to avoid AV sandboxes, and then connects to a C&C server. It can download and start files; make screenshots; search processes by name; change register branches; search files by name on infected host and send them to C&C; and run proxy commands.

– Infosecurity Magazine


“Eugene Kaspersky has offered to show his company’s source code to US government experts in a bid to prove, once and for all, that the company’s products don’t contain any malicious code or spyware that could be covertly utilised by Russia’s security services.

It comes as Congress is considering new sanctions against Russia, with the high-profile company also in the firing line in the US over allegations that Kaspersky’s code could contain code that could be used by Russia’s SNB – no hard evidence of any kind, however, has been presented to back-up these claims.

Nevertheless, US security services have suggested that Kaspersky products should be avoided by Congress, just in case. “

– V3


Additional Posts

Balancing Passive and Active Cybersecurity Measures

Cybersecurity is one of the top challenges organizations face. No matter the size of a company, it ...

Weekly Phishing Report: July 10, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...