Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.


“Healthcare is the industry most frequently targeted by cyber attacks, with 164 threats detected per 1,000 host devices, according to a recent Vectra Networks study. Education came in second with 145 detections per 1,000 host devices.

“The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report states.

At the same time, the study found attack rates increasing across the board, with the average number of reconnaissance, lateral movement and exfiltration detections all increasing by more than 265 percent. Reconnaissance detections, a first step in ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! campaigns, were up by 333 percent over 2016.”

– eSecurity Planet

Information Security

“WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.

Dubbed “Cherry Blossom,” the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its ‘Cherry Bomb’ project.

Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware.”

– The Hacker News

Financial Services

“Morphisec researchers spotted the same group that launched spearphishing campaigns targeting Securities and Exchange Commission (SEC) filings using a new fileless attack framework.

The group, dubbed FIN7, was spotted delivering a macro-enable Word document in phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. emails sent to high profile enterprise targets, according to a March 19 blog post.

Researchers said this is likely the same group that carried out the DNS PowerShell messenger attacks discovered by Talos on earlier this month, the Meterpreter attack discovered by Kaspersky, and the campaign spotted by FireEye which targeted personnel involved in SEC filings, the blog said.”

SC Magazine


“31 suspects were arrested (21 in Spain, 9 in Bulgaria and one in the Czech Republic) and 48 house searches (14 in Spain and 34 in Bulgaria) were carried out. The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards.

Between 2014 and 2017, the criminal network installed skimming devices on an average of 400 ATMs every year, to copy and clone the data contained on the bank cards. The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru, the Philippines and Costa Rica. Approximately 3000 EU citizens were affected by the criminal network, with losses of at least EUR 500,000.”

– Help Net Security


You May Also Be Interested In…

Additional Posts

Dark Web Threats: Data Breaches Get Headlines, But Other Threats Loom Large Online

New database breaches are reported every day, most of which reveal insufficient security protocols ...

Weekly Phishing Report: June 19, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...