Weekly Threat Intelligence Brief: June 7, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Energy

“Homeland Security has said that an internet-connected industrial monitoring device — typically used in US industrial power plants and energy facilities — is vulnerable to a string of serious security vulnerabilities.

The US government department’s Computer Emergency Readiness Team (CERT) posted an advisory, saying that the ESC 8832 data controller, which allows a plant worker to see exactly how an industrial unit is working at a glance, could be trivially exploited by a “low skilled” attacker.”

– ZDNet

Insurance/Healthcare

“Last year is often referred to as the “Year of the Hack” for healthcare, with the majority of healthcare data breaches being caused by third-party cyber attacks. The top three incidents alone combined to potentially affect nearly 100 million individuals, and were all involved hacking.

So far, 2016 is not immune from healthcare data breaches, but the leading cause of incidents is unauthorized access, according to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) data breach reporting database.“

– HealthIT Security

Financial Services

“Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo.

– The Hacker News

Legal and Regulations

Half of all EU Member States have penned a letter to the European Commission and the Netherlands (which currently holds the rotating presidency) calling for the removal of barriers to the free flow of data within and outside of the EU. The countries responsible for  the letter, include the UK, Finland, Ireland, Denmark, and Sweden. They cite the need to ensure that the EU continues to benefit from new data-driven technologies. The letter, delivered on May 23, urged the Commission to ensure that the development of these technologies is not hampered by regulation and encouraged it to avoid a “one size fits all” approach.

– Netherlands Minister of Economic Affairs

Retail

“CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. The data available so far suggests that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider, and that multiple other retailers have been targeted by this same cybercrime gang.”

– Krebs on Security