Threat Intelligence Blog

Posted May 24, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“President Trump’s recently signed cybersecurity executive order, which requires federal agencies to use the cybersecurity framework developed by the National Institute of Standards and Technology, highlights strategies some security experts would like all healthcare organizations to follow as well.

Trump’s May 11 executive order also places responsibility for cybersecurity on departmental secretaries and agency directors and emphasizes the use of risk management throughout the federal government to secure digital assets (see Trump Finally Signs Cybersecurity Executive Order).

Some healthcare information security experts say the executive order includes common-sense measures that hospitals, clinics and others should adopt.”

– Healthcare Info Security


“Companies without cyber insurance are dusting off policies covering kidnap, ransom and extortion in the world’s political hotspots to recoup losses caused by ransomware viruses such as “WannaCry”, insurers say.

Cyber insurance can be expensive to buy and is not widely used outside the United States, with one insurer previously describing the cost as $100,000 for $10 million in data breach insurance.

Some companies do not even consider it because they do not think they are targets.

The kidnap policies, known as K&R coverage, are typically used by multinational companies looking to protect their staff in areas where violence related to oil and mining operations is common, such as parts of Africa and Latin America.

Companies could also tap them to cover losses following the WannaCry attack, which used malicious software, known as ransomware, to lock up more than 200,000 computers in more than 150 countries, and demand payments to free them up.”


Financial Services

“Researchers have discovered a new worm that utilises exploits leaked from the US National Security Agency (NSA), following the destructive WannaCry ransomware outbreak.

Dubbed EternalRocks, like WannaCry the worm targets vulnerable implementations of Microsoft’s Server Message Block (SMB) file sharing protocol.

Penetration tester Miroslav Stampar, also a member of the Croatian government computer emergency response team, captured a sample of the worm and posted an analysis on Github. ”

– IT News

Information Security

“An updated variant of Jaff ransomware boasts a more professional design and now encrypts victims’ data with the WLU extension.

On 23 May, Internet Storm Center (ISC) handler Brad Duncan collected 20 malspam emails that all used a fake invoice theme and a spoofed email address. The emails also came with a PDF attachment containing an embedded Word document. This document leveraged malicious macros to infect a Windows computer.”



“Malware installed at point-of-sale (POS) systems has been stealing credit card data out of Brooks Brothers for a year, the clothing giant said in a breach advisory (PDF).

The New York-based retailer says that it only found out about the incident recently. It says that an “extensive” forensic investigation points to an unauthorized individual gaining access to and installing malicious software designed to capture payment card information on some payment processing systems at retail and outlet locations.

Hundreds of stores in the US and Puerto Rico have been affected. Brooks Brothers has published this searchable list of 223 affected locations.”

– Naked Security

Follow and connect with us on TwitterFacebook, and LinkedIn if you would like to discuss any of our blogs in more detail!

You May Also Be Interested In…

Additional Posts

Weekly Phishing Activity: May 30, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: May 22, 2017

Phishing Activity: TOP TARGETS Week of May 14 – May 20, 2017 This week, we saw a decrease in ...