Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.


“Three out of four oil and natural gas companies fell victim to at least one cyber attack last year as hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. efforts against the industry become more frequent and sophisticated.

That’s the finding from a report released Monday by industry consultant Deloitte LLP. Technology advances, such as Royal Dutch Shell Plc’s recent control of operations in Argentina from an operating center in Canada, offer new openings for hackers, the authors wrote. At the same time, older equipment retrofitted for cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good., including the pumps known as nodding donkeys, make it tougher to defend against sophisticated attacks.”



“Michigan-based Airway Oxygen was hit by a ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! attack in April that may have compromised the data of 500,000 clients, the home medical equipment supplier reported to the U.S. Department of Health and Human Services on Friday.

Airway Oxygen reported the breach to the Vermont Attorney General’s office earlier this month.

According to the official notification, Airway Oxygen discovered the breach on April 18. The hacker gained access to the network and installed ransomware, which shut employees out of the system. Personal health information was stored on the affected network.”

– Healthcare IT News

Information Security

“The second global outbreak of file-encrypting malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. in as many months sees cyberattackers having designed potent, rapidly spreading malicious code far faster than organizations have been shoring up their defenses.

On Wednesday, computer security experts were analyzing how ransomware – an apparent variant of previously seen malware known as Petya – first struck organizations in the Ukraine. The malware quickly spread across Europe, Asia and North America, including Russian oil producer Rosneft, a Cadbury chocolate factory in Tasmania and global shipping giant Maersk (see Another Global Ransomware Outbreak Rapidly Spreads).

Microsoft said Tuesday that it had seen infections affecting more than 12,500 machines in 65 countries.

“The new ransomware has worm capabilities, which allows it to move laterally across infected networks,” Microsoft says. “Based on our investigation, this new ransomware shares similar codes and is a new variant of [Petya]. This new strain of ransomware, however, is more sophisticated.””

– Bank Info Security

Financial Services

“Researchers are warning of a new iteration of the sophisticated Marcher banking trojan, capable of targeting over 40 financial applications.

Zscaler explained in a blog post that the latest version of the malware is disguised as an Adobe Flash player update: Adobe_Flash_2016.apk.

The malware will also use social engineering to trick users into disabling security on their Android device and allowing third party apps to install.

Once installed, the malware will hide itself from view and remove any icons on the main menu, before registering the victim’s device and any relevant metadata to its C&C server.”

– InfoSecurity Magazine


“The alleged Vietnamese ATP group OceanLotus has evolved its Mac spyware trojan, creating what researchers at Palo Alto Networks are calling” one of the more advanced backdoors we have seen on macOS to date.”

This newer rendition of the backdoor malware has added decoy documents, string encoding, modularity, and custom binary protocol traffic with encryption, while eliminating command-line utilities. Like past versions, the malware is being used primarily within Vietnam itself.

In a blog post published on Thursday, Palo Alto’s Unit 42 threat intelligence team reported that the this version has been active for more than a year, and was spotted in the wild as recently as early June 2017. It is not clear from the report exactly when this variant was first discovered.”

– SC Magazine


“Merck missed two critical opportunities earlier this year to inoculate themselves from the vicious cyberattack they suffered this week, roiling operations and raising questions about their lack of preparation to defend themselves.

The June 27 “Petya/NotPetya” cyberattack hit the multinational Merck and several other companies, such as the law firm DLA Piper, shipping giant Maersk, and even a West Virginia hospital, which was forced to scrap its electronic medical records in favor of paper.

The core technology in Petya is called ETERNALBLUE and it was developed by American spy agencies, the Washington Post previously reported.  Obviously, it was never intended for wide distribution. It relied on bugs in Windows that Microsoft presumably wasn’t aware of until earlier this year, when a group of still-unknown hackers calling themselves ShadowBrokers allegedly broke into the US NSA and demanded payment in exchange not releasing the ultra-secret exploits.”

– EndPoints News


Additional Posts

Real-Time Threat Killers – Threat Intelligence Gateways and Platforms

Threat intelligence has evolved dramatically over the past three years with the volume and speed of ...

Don’t Believe the Hype: The Dark Web is just another source for intelligence

View on Demand - The media, prime time television, and a dozen startups are all hyping the Dark Web ...