Threat Intelligence Blog

Posted April 11, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“Federal regulators are warning healthcare sector entities that some products used as part of their end-to-end security could make the organizations vulnerable to man-in-the-middle attacks.

In its April cyberawareness newsletter, the Department of Health and Human Services’ Office for Civil Rights warns about the threat of man-in-the-middle attacks and related risks associated with the use of some Secure Hypertext Transport Protocol, or HTTPS interception products.

Man-in-the-middle, or MITM attacks occur “when a third party intercepts and potentially alters communications between two different parties, unbeknownst to the two parties,” OCR explains. These attacks can be used to inject malicious code, intercept sensitive information such as protected health information, expose sensitive information, and modify trusted information, OCR notes.”

– Healthcare Info Security


“Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable.

PDoS attack bots (short for “permanent denial-of-service”) scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device’s storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.”

Ars Technica

Financial Services

“Scammers are using Twitter as a vehicle to target people looking for customer support or asking general questions. They interject themselves into legitimate discussions, offering friendly chatter and a link that directs the target to a Phishing page designed to harvest credentials.

On Twitter, someone – or perhaps a group of people – are following support accounts for large financial institutions and watching their interactions with customers. Depending on the question asked, the scammers will respond to the customer (usually after the official account has) and direct them to take ‘additional’ measures.

Social Engineering is a powerful tool, and given the right construct it can be hard to detect or defend against. The recent Phishing attempts were brought to Salted Hash’s attention, after they were mentioned by Sam Stepanyan on Twitter. It didn’t take long to fine active examples.”

CSO Online

Information Security

“A recently patched Apache Struts 2 vulnerability has been exploited by cybercriminals to deliver Cerber ransomware to Windows systems, researchers warned.

The flaw, tracked as CVE-2017-5638, can be exploited for remote code execution. Malicious actors started exploiting the vulnerability to deliver malware shortly after a patch was made available and a proof-of-concept (PoC) exploit was released.

In many cases, attackers targeted Unix systems with backdoors and distributed denial-of-service (DDoS) bots, but recently experts also spotted a campaign targeting Windows machines.”

– Security Week

You May Also Be Interested In…

Additional Posts

LookingGlass Delivers Corporate and Supplier Cyber Attack Surface Analyses

Provides Cost-Effective Way for Customers to Evaluate Security Posture RESTON, Va.--(BUSINESS ...

Weekly Phishing Report: April 10, 2017

Phishing Activity: TOP TARGETS Week of April 2 – April 8, 2017 This week, we saw an increase ...