Threat Intelligence Blog

Posted June 15, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“A new Department of Health and Human Services report to Congress containing more than 100 recommendations for how healthcare can better address cybersecurity threats is stirring debate over whether smaller organizations will be able to take the recommended actions.

Among the report’s recommendations, for example, are that organizations replace or upgrade outdated systems, carefully review how much data they retain and take a team approach to maintaining medical devices.”

– Healthcare Info Security

Information Security

“Documents published by WikiLeaks on Thursday describe a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to spread malware on a targeted organization’s network.

The tool, named “Pandemic,” installs a file system filter driver designed to replace legitimate files with a malicious payload when they are accessed remotely via the Server Message Block (SMB) protocol.

What makes Pandemic interesting is the fact that it replaces files on-the-fly, instead of actually modifying them on the device the malware is running on. By leaving the legitimate file unchanged, attackers make it more difficult for defenders to identify infected systems.”

– Security Week


“The images were made public earlier this week by a hacking group that is known by many names, including “Tsar Team” and APT28, but it’s most famous under the name Fancy Bear. According to The Guardian, the hackers got into the servers of the Grozio Chirurgija clinic sometime earlier this year. They apparently demanded ransoms from the clinic’s clients before dumping the content online.

It seems that this isn’t even the first time they’ve leaked private photos featuring the clinic’s patients, including nude pictures. Part of the database was released in March, the police says, but the rest was dumped on Tuesday. Dozens of clients have come forward, accusing the hackers of blackmail.

According to their testimonies, the hackers demanded between €50 and €2,000 in Bitcoin, depending on the sensitivity of the stolen data. Nude photos, as expected, raised the price, as did passport scans and national insurance numbers since those can be used for identity theft.”



“In a letter to customers dated June 2, the company said online transactions between August 2016 and February 2017 might have been compromised.

GameStop said it’s still investigating the breach and is encouraging customers to keep a close eye on their bank statements for any unauthorized activity.”



“As cyberattacks sow ever greater chaos worldwide, IT titan Microsoft and independent experts are pushing for a new global NGO tasked with the tricky job of unmasking the hackers behind them.

Dubbed the “Global Cyber Attribution Consortium”, according to a recent report by the Rand Corporation think-tank, the NGO would probe major cyberattacks and publish, when possible, the identities of their perpetrators, whether they be criminals, global hacker networks or states.

“This is something that we don’t have today: a trusted international organisation for cyber-attribution,” Paul Nicholas, director of Microsoft’s Global Security Strategy, told NATO’s Cycon cybersecurity conference in Tallinn last week.

With state and private companies having “skills and technologies scattered around the globe” Nicholas admits it becomes “really difficult when you have certain types of complex international offensives occurring.”


Law Enforcement

“The European Union is seeking to make it easier for police and law enforcement agencies to retrieve electronic evidence from US tech firms, including directly from cloud storage.

In the wake of terrorists attacks across Europe, the European Commission is proposing new legislation to speed up the transfer of crucial data from companies such as Facebook and Google, even when it is stored in another EU member state – which is often a slow process.

The EC is set to propose three options that will form the basis of a future legislative proposal. ”

– The Guardian


“Homeland Security Secretary John Kelly told senators on Tuesday that he would review legislation to create a “bug bounty” program to probe vulnerabilities in the Department of Homeland Security’s (DHS) networks.

The measure, introduced by Sens. Rob Portman (R-Ohio) and Maggie Hassan (D-N.H.), would establish a pilot program offering incentives for third-party researchers to find undiscovered vulnerabilities in DHS networks and data systems.

Kelly committed Tuesday to taking a “hard look” at the legislation. His comments came in response to questioning from Hassan during a Homeland Security and Governmental Affairs hearing focusing on the department’s fiscal year 2018 budget request.”

– The Hill

You May Also Be Interested In…

Additional Posts

LookingGlass Executive Allan Thomson to Present at Borderless Cyber

LookingGlass® Cyber Solutions, a leader in threat intelligence driven security, today ...

NY InfoSec Meet-Up

Join us on June 22nd at Galvanize New York, to hear Paul Fulton, Managing Director, Head of ...