Threat Intelligence Blog

Posted September 7, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


Financial Services

Dropbox hurriedly warned its users last week to change their passwords if their accounts dated back prior to mid-2012. We now know why: the cloud-based storage service suffered a data breach that’s said to have affected more than 68 million accounts compromised during a hack that took place roughly four years ago.

The company had previously admitted that it was hit by a hack attack, but it’s only now that the scale of the operation has seemingly come to light.

Tech site Motherboard reported—citing “sources in the database trading community”—that it had obtained four files, totalling 5GB in size, which apparently contained e-mail addresses and hashed passwords for 68,680,741 Dropbox users.”

– Ars Technica

Information Security

“As if stealing your personal data wasn’t bad enough, one form of Trojan malware has now become the first of its kind by also infecting victims with ransomware, forcing targets to pay to regain access to their computer as well as compromising their credentials.

Betabot, which steals banking information and passwords, has been around since March 2013. It disables antivirus and malware-scanning software on infected Windows machines before modifying them to steal users login credentials and financial data.”

– ZDNet


Researchers have spotted a website setting EMV skimmers — at, if it hasn’t already been taken down — that claims to sell “the most advanced EMV chip data collector in the world.”

And it’s a scary piece of equipment.

According to the seller, it’s powered by the point of sale terminal, and can hold information on up to 5,000 credit cards in its memory. It can also be used on machines made by Ingenico and Verifone, as well as terminals on gas station pumps, ticket purchase stations, and on small ATMs, specifically those manufactured by Triton.”

– CSO Online


“Defense One, a news site dedicated to US military topics, reports that a Russian-linked cyber-espionage group known as APT29 has attempted to hack several Washington-based think tank organizations.

According to the Defense One report, the attacks took place last week and were successfully detected and stopped by CrowdStrike, the US security vendor that was called in to investigate the infamous DNC hack incident.

According to CrowdStrike founder Dmitri Alperovitch, the attacker fits the pattern found in attacks carried out by a cyber-espionage group called APT29, also known as COZY BEAR or CozyDuke.”


You May Also Be Interested In…

Additional Posts

LookingGlass Cyber Solutions Honored as Best Overall IT Company of the Year by Network Products Guide and the 2016 IT World Awards

LookingGlass also Received Bronze Distinction in the Best Products for Security Software Category ...

Weekly Phishing Activity: September 6, 2016

Phishing Activity: TOP TARGETS Week of August 28 – September 3, 2016 In this week’s phishing ...