Threat Intelligence Blog

Posted June 20, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“Healthcare is the industry most frequently targeted by cyber attacks, with 164 threats detected per 1,000 host devices, according to a recent Vectra Networks study. Education came in second with 145 detections per 1,000 host devices.

“The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report states.

At the same time, the study found attack rates increasing across the board, with the average number of reconnaissance, lateral movement and exfiltration detections all increasing by more than 265 percent. Reconnaissance detections, a first step in ransomware campaigns, were up by 333 percent over 2016.”

– eSecurity Planet

Information Security

“WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.

Dubbed “Cherry Blossom,” the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its ‘Cherry Bomb’ project.

Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware.”

– The Hacker News

Financial Services

“Morphisec researchers spotted the same group that launched spearphishing campaigns targeting Securities and Exchange Commission (SEC) filings using a new fileless attack framework.

The group, dubbed FIN7, was spotted delivering a macro-enable Word document in phishing emails sent to high profile enterprise targets, according to a March 19 blog post.

Researchers said this is likely the same group that carried out the DNS PowerShell messenger attacks discovered by Talos on earlier this month, the Meterpreter attack discovered by Kaspersky, and the campaign spotted by FireEye which targeted personnel involved in SEC filings, the blog said.”

SC Magazine


“31 suspects were arrested (21 in Spain, 9 in Bulgaria and one in the Czech Republic) and 48 house searches (14 in Spain and 34 in Bulgaria) were carried out. The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards.

Between 2014 and 2017, the criminal network installed skimming devices on an average of 400 ATMs every year, to copy and clone the data contained on the bank cards. The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru, the Philippines and Costa Rica. Approximately 3000 EU citizens were affected by the criminal network, with losses of at least EUR 500,000.”

– Help Net Security


You May Also Be Interested In…

Additional Posts

Dark Web Threats: Data Breaches Get Headlines, But Other Threats Loom Large Online

New database breaches are reported every day, most of which reveal insufficient security protocols ...

Weekly Phishing Report: June 19, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...