Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Defense

“Operators, vendors, academics, and government officials offered new insights into meeting the growing incidence of cyber-threats across the industry during the 12th Annual American Petroleum Institute CybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. Conference on 7–8 November in The Woodlands, Texas.

In a session on cyberattacks and emerging threats, Michael Leigh, the global head of incident response at consultant NCC Group, said his company sees a lot of ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! attacks on companies that seek his firm’s help in response. The firm has looked at all different types of ransomware and how long certain ransomware attack models have been around, and the effort has led to the realization that tactics and methods do not change, but the vulnerability is always the same, a clear sign that security professionals are not enforcing adaptation.  Justin Harvey, managing director and lead for the FusionX global incident response practice at Accenture Security said that “cyber defense is no longer a digital or an IT problem, it is a health, safety, and environment problem.” The grand strategy is to stop data breaches, and the strategy for directly accomplishing it is to adopt a “zero trust” practice toward those seeking to use any part of an organization’s system.”

 – SPE

Information Security Risk

“Several popular antivirus products are affected by a type of vulnerability that allows an attacker to escalate privileges on a compromised system by abusing the quarantine feature, a researcher warned on Friday. Once an attacker hacks into a system, they might need to somehow obtain higher privileges in order to access information that would allow them to move laterally within the network. An information security auditor at an Austria-based security firm, claims to have discovered a new way to achieve this: abusing the uarantine feature of some antiviruses. The attack method, dubbed by the researcher AVGater, relies on a combination of flaws and known techniques. According to the researcher, an attack starts with a malicious DLL file being placed into quarantine by the antivirus software.”

Retail

“Several MailChimp Accounts Compromised as PhishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. Attack Impersonates Major Brands – Aldi, Bunnings, Amcal and Others. In the latest example of brandjacking, this evening we are seeing a run of phishing emails impersonating major retail brands. The criminal emails are leveraging several different compromised MailChimp accounts to bypass traditional email scanning software, and then using the power of major household name brands to entice users to click. Despite being simple HTML emails that are emanating from the compromised MailChimp accounts, the emails are well formatted and could be easily mistaken for the real thing by unsuspecting recipients. Carrying links that redirect to a survey page, they ultimately lead users to a phishing page to steal their credentials and to deliver adware”

IT Security Guru

Operational Risk

“An in-development ransomware named J. Sterling Ransomware has been discovered that targets the high school students of a district in Cicero, Illinois by pretending to be a student survey. While this ransomware currently does not encrypt files, it shows how a developer can make an effective and targeted ransomware attack. When run, this ransomware will display a screen called the “J. Sterling Student Survey”, which prompts the student to login into the survey and select their school grade. In order to make the survey look legitimate, the developer included the school’s logos and slogans. Once the student enters any email or password and selects their grade, the screen will change to a ransomware message.”

Bleeping Computer

 


Additional Posts

Weekly Phishing Activity: November 27, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: November 20, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...