Threat Intelligence Blog

Posted September 26, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“A cyber espionage group linked by security researchers to the Iranian government has been observed targeting aerospace and energy organizations in the United States, Saudi Arabia and South Korea.

The threat actor, tracked by FireEye as APT33, is believed to have been around since at least 2013. Since mid-2016, the security firm has spotted attacks aimed by this group at the aviation sector, including military and commercial aviation, and energy companies with connections to petrochemical production.

Specifically, the cyberspies targeted a U.S. organization in the aerospace sector, a Saudi Arabian business conglomerate with aviation holdings, and a South Korean firm involved in oil refining and petrochemicals. In recent attacks, the hackers used job vacancies at a Saudi Arabian petrochemical firm to target the employees of organizations in South Korea and Saudi Arabia.”

– Security Week


“The University of Edinburgh have released results from a new study that reveals how personal information can be stolen from Fitbit fitness bands.

Researchers analysed the Fitbit One and Fitbit Flex wristbands, and discovered a way of intercepting messages transmitted between fitness trackers and cloud servers – where data is sent for analysis. This allowed them to access personal information and create false activity records. Dan Lyon, principal consultant at Synopsys commented below.

Dan Lyon, principal consultant at Synopsys:

“The recent article on Fitbit highlights a vulnerability that enables someone with physical access to the Fitbit to extract specific data from the device.  Currently the attack requires physical access, and is limited to acquiring a limited amount of data, however it helps to highlight the growing importance of physical activity data.

As corporate wellness programs evolve, they are including things like physical activity as a basis to offer discounts on insurance or rewards such as gift cards.  These monetary incentives are being tied to and distributed based on user’s activity data.  While the current monetary impact is small, the future is likely going to have this data being more and more valuable.  Wearables in general are evolving to collect much more data to provide increased benefits, but this also increases the potential risks.”

– Information Security Buzz

Information Security

“The top U.S. markets regulator said on Wednesday that hackers accessed its corporate disclosure database and may have illegally profited by trading on the insider information stolen.

The Securities and Exchange Commission (SEC) said the hack occurred in 2016 but that it had only discovered last month that the cyber criminals may have used the information to make illicit trades.

The hackers exploited a software glitch in the test filing component of the system to gain access to non-public information, the agency said.”

– Reuters

Operational Risk

“Security researchers have discovered a new banking trojan targeting Android devices called Red Alert 2.0 that’s being sold on the dark web and has begun hitting Android-powered smartphones and tablets.

The malicious attack, discovered by researchers at SfyLabs, has been spreading through Russian-speaking hacking forums since spring and has started to appear in third-party app stores that offer an unregulated marketplace for people to download apps beyond the offerings in Google’s official app store.

According to SfyLabs, the attack has been spotted in the while and is communicated with command and control servers that allow the malicious tool to steal information from victims who download infected apps.”

International Business Times


“Merck & Co. has been guarded with the details of how extensive the effects of the Petya malware attacks were on its manufacturing operations, but now it is going to have to come clean. The House committee on Energy and Commerce wants Merck CEO Ken Frazier to give it the scoop on what exactly happened and what his company has been doing about it.

Committee Chairman Rep. Greg Walden, R-Ore., and Rep. Tim Murphy, R-Penn., chairman of the subcommittee on oversight and investigations, in a letter (PDF) Wednesday, asked Frazier to report by Oct. 4 on the “circumstances surrounding Merck’s initial infection by NotPetya, as well as what steps it has taken in order to recover and resume full manufacturing capabilities.”

The Congressional committee has made (PDF) essentially the same request of Tom Price, secretary of Health and Human Services, asking what he is doing to protect life-saving medicines from future disruption.”



“Retailers are responding to cyber attacks on average twice a week — this is according to the latest research from Zynstra, an enterprise-grade IT software provider. 16% of retailers said they experienced an attack or attempted attack every day, 11% said they responded 2-3 times per week, and 64% said once a month.

The incidence of cyber attacks was found to be especially high in the grocery industry with 29% of respondents dealing with attempted security breaches every day, and 55% every week. In other retail verticals, 65% of respondents in the sports and outdoor sector said they responded once a week, as did 49% of fashion retailers and 40% of department stores.

The research, conducted by independent survey consultants Censuswide on behalf of Zynstra, surveyed 300 IT professionals and C-level executives in the retailer sector in the UK and US.”

– IT Security Guru


Additional Posts

2017 Actionable Threat Intelligence Survey

We recently partnered with ISMG to develop and administer a survey delving into the current state ...

Weekly Phishing Activity: September 25, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...