Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Energy

“The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.”

Reuters

Defense

“There is evidence showing that the same infamous hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. group responsible for last year’s breach at the Democratic National Committee has attempted to spy on people interested in an upcoming D.C.-based cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. conference, according to Cisco’s Talos research team.

In a blog post published Sunday, Talos noted that Group 74 — otherwise known as APT28 or Fancy Bear — recently sent a wave of spearphishing emails carrying malware-laden Microsoft Word attachments. These malicious emails contained information regarding a conference known as CyCon scheduled for early November.

The event is produced by the U.S. Army Cyber Institute in collaboration with NATO. The conference often features top leaders from both the U.S. government and other allied nations who help guide cybersecurity-relevant policies and missions.”

Information Security

“On Tuesday, reports surfaced that a new kind of malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. was spreading around Europe. The apparent ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! which researchers are calling Bad Rabbit bubbled up in Russia and Ukraine and appears to also be affecting Turkey and Germany, though spread isn’t fully known at this time.

Initial targets include Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system. The Russian news service Interfax also issued an official update stating that it had been hacked and that it was working to restore its systems. Kaspersky reports that Russian news group Fontanka.ru was also affected and focuses on the trend of targeted media outlets in its initial analysis. So far, Kaspersky and ESET have both noticed ties to the malware known as NotPetya or ExPetr.”

– Tech Crunch

Insurance

“The increase of hackers infiltrating the networks of companies can inflict serious damage, especially when they are being acquired since the breaches can lower their valuations by a large percentage.

The role of cybersecurity insurance can serve as a stopgap measure as fraudsters penetrate systems through various mechanisms such as malware and phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait.. Hacks which occur as companies are hammering out the details of an acquisition can be extremely expensive – after Yahoo, a Sunnyvale, Calif.-based Internet company, reported its breaches, New York-based Verizon (VZ – Get Report) renegotiated the terms of their deal, slashing $350 million off the table.

The number of cybersecurity insurance policies has risen as companies are seeking solutions to lower their financial liability in case of a major attack. The market reached an estimated $3.5 billion in written premiums in 2016 of which $3 billion was written for U.S.-based companies, said Greg Reber, CEO at AsTech, a San Francisco-based security consulting company in a research paper. Experts predict the number of policies sold could easily double by 2020.”

– The Street

 


Additional Posts

Weekly Phishing Activity: November 8, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: October 30, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...