Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“As a new story about hospital ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! or a stolen laptop containing PHI seemingly emerges every day, it comes as no surprise that healthcare data breaches have steadily increased in frequency and severity since 2010.

Researchers at the Ponemon Institute and ID Experts found that the volume of healthcare data breaches has not declined in the past six years, which has substantially affected the industry’s financial resources and reputation.

HealthIT Security

Financial Services

“The hacktivists collective, Anonymous had launched a 30-day operation called OpIcarus, against “all central banks” and major financial institutions, claiming that it would be one of the biggest attacks in its history. The hacktivist group, who have collaborated with fellow hackers Ghost Squad Attackers, are targeting bank websites worldwide.

It started with the Bank of Greece with Anonymous successfully being able to bring the website down. However, a Bank of Greece official said: “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website.”

– Tech Worm

Legal and Regulations

Georgia Attorney General Sam Olens has come out in support of federal data breach preemption as a more realistic way to ask companies to comply with regulatory requirements in the wake of a breach or data loss incident.  His statement comes on the heels of California Attorney General Kamala Harris’ report that the burden on companies to comply with the patchwork of state data breach laws is too heavy, and that state laws should be harmonized to lessen that burden.

Speaking at the National Association of Attorneys General summit May 3, Olens asserted, “I frankly think it’s absurd that there are 30 or 40 different state laws on cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. and breach.””

– Technology Law Dispatch

Retail

In the latest battle over chip-enabled plastic, Wal-Mart Stores Inc.sued Visa Inc. for the right to choose how customers verify debit-card purchases at the checkout counter.

The retail giant wants customers to verify their purchases with a personal identification number when they use a chip-enabled debit card. In the lawsuit, filed in New York state court Tuesday, Wal-Mart said Visa has prohibited it from requiring PINs only, forcing the retailer to allow customers to use a signature in those transactions.

Wall Street Journal

Technology

“Google employees’ personal details have been spilled by a vendor who handles the company’s benefits management.

Somebody working at the third-party vendor accidentally breached the employees’ information by sending an email with sensitive data to a benefits manager at another company.

On Monday, Google sent a data breach notice to an undisclosed number of employees. That letter was also posted to the Californian Attorney General’s website.

Naked Security

Law Enforcement

“As big data transforms industries ranging from retailing to health care, it’s also becoming a more important tool for police departments, which are turning to data and analysis in an effort to boost their effectiveness.

Known as predictive policing, the practice involves analyzing data on the time, location and nature of past crimes, along with things such as geography and the weather, to gain insight into where and when future crime is most likely to occur and try to deter it before it happens.”

Wall Street Journal

Additional Posts

Are Public Disclosures of Exploit Kits Helping or Hurting the Cyber Landscape?

By: Michael Perry The demand for threat intelligence has given rise to many companies publishing ...

LookingGlass Weekly Phishing Report: May 16, 2016

PHISHING REPORT: TOP TARGETS Week of May 8 – May 14, 2016 In this week’s phishing report, we ...