Threat Intelligence Blog

Posted November 1, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.”



“There is evidence showing that the same infamous hacking group responsible for last year’s breach at the Democratic National Committee has attempted to spy on people interested in an upcoming D.C.-based cybersecurity conference, according to Cisco’s Talos research team.

In a blog post published Sunday, Talos noted that Group 74 — otherwise known as APT28 or Fancy Bear — recently sent a wave of spearphishing emails carrying malware-laden Microsoft Word attachments. These malicious emails contained information regarding a conference known as CyCon scheduled for early November.

The event is produced by the U.S. Army Cyber Institute in collaboration with NATO. The conference often features top leaders from both the U.S. government and other allied nations who help guide cybersecurity-relevant policies and missions.”

Information Security

“On Tuesday, reports surfaced that a new kind of malware was spreading around Europe. The apparent ransomware which researchers are calling Bad Rabbit bubbled up in Russia and Ukraine and appears to also be affecting Turkey and Germany, though spread isn’t fully known at this time.

Initial targets include Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system. The Russian news service Interfax also issued an official update stating that it had been hacked and that it was working to restore its systems. Kaspersky reports that Russian news group was also affected and focuses on the trend of targeted media outlets in its initial analysis. So far, Kaspersky and ESET have both noticed ties to the malware known as NotPetya or ExPetr.”

– Tech Crunch


“The increase of hackers infiltrating the networks of companies can inflict serious damage, especially when they are being acquired since the breaches can lower their valuations by a large percentage.

The role of cybersecurity insurance can serve as a stopgap measure as fraudsters penetrate systems through various mechanisms such as malware and phishing. Hacks which occur as companies are hammering out the details of an acquisition can be extremely expensive – after Yahoo, a Sunnyvale, Calif.-based Internet company, reported its breaches, New York-based Verizon (VZ – Get Report) renegotiated the terms of their deal, slashing $350 million off the table.

The number of cybersecurity insurance policies has risen as companies are seeking solutions to lower their financial liability in case of a major attack. The market reached an estimated $3.5 billion in written premiums in 2016 of which $3 billion was written for U.S.-based companies, said Greg Reber, CEO at AsTech, a San Francisco-based security consulting company in a research paper. Experts predict the number of policies sold could easily double by 2020.”

– The Street


Additional Posts

Weekly Phishing Activity: November 8, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: October 30, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...