Threat Intelligence Blog

Posted May 31, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“Attention Gen Xers and millennials: Your parents and grandparents are under attack!

Seniors, pay attention! A major scamming effort is underway targeting Medicare recipients and those eligible for services. The attack is being mounted on three fronts — mail, phone and internet and includes multiple tactics.

Why are con artists attracted? Medicare represents a huge “cash cow” waiting to be milked by scammers. According to the Kaiser Family Foundation, in 2015 Medicare covered 57 million people at an expense of $632 billion — 15 percent of the entire federal budget. Adding to the attraction is the reality that Medicare is often difficult to understand, complex and undergoing change, making it a playground for con artists.

Telephone and email scams focus on the upcoming changes to Medicare accounts. In 2018, Social Security numbers will be dropped from the cards and replaced with numbers unique to Medicare. Fraudulent emails and calls focus on this change by requesting verification of current Medicare numbers as part of this process. Medicare and Social Security do not use phone calls or email to communicate. Letters are sent for this purpose and contain secure contact information for inquiries. Any calls or emails requesting Medicare numbers are scams!”

– The Berkshire Eagle

Information Security

“A recently discovered network worm leverages a total of seven hacking tools stolen from the National Security Agency (NSA)-linked Equation Group.

Dubbed EternalRocks and capable of self-replication, the threat emerged over the past couple of weeks, with the most recent known sample dated May 3. The malware was discovered by security researcher Miroslav Stampar, who also found that the tool was initially called MicroBotMassiveNet.

The seven NSA hacking tools included in the network worm include the EternalBlue, EternalChampion, EternalRomance, and EternalSynergy exploits, along with the DoublePulsar backdoor and the Architouch, and Smbtouch SMB reconnaissance tools.”

– Security Week


“Target will pay $18.5 million to 47 states and the District of Columbia as part of a settlement with state attorneys general over a huge security breach that compromised the data of millions of customers.

The settlement ends a yearslong investigation into how hackers obtained names, credit card numbers and other information about tens of millions of people in 2013.

New York will receive $635,000, while California will receive $1.4 million, the largest amount of any state, according to the Eric T. Schneiderman, New York’s attorney general. Dollar figures were determined “largely” based on each state’s population size, his office said.”

NY Times

 Financial Services

“In an effort to work around the security measures built into EMV credit cards, a Brazilian criminal gang has created a skimmer-type device that steals the chip right out of the card when it is inserted into a compromised ATM.

The operation is pretty simple, but requires a certain level of inattentiveness by the victim, according to a FlashPoint blog by Analyst Olivia Rowley and Senior Intelligence Analyst Ian W. Gray. The criminal first installs a skimmer-like device onto the ATMs card slot. However, instead of reading information off the magnetic strip like a typical skimmer, the device punches out the chip, leaving a big hole in the card, which can them be inserted into a blank card for future use. The bad guys also rig up a camera at the ATM so they can record the person’s name and PIN.

The researchers are not entirely certain what happens to the chips after they are removed, but believe they are most likely stored in what they called an overlay that is installed by the criminals.”

– Naked Security

You May Also Be Interested In…

Additional Posts

Success Factors in Threat Intelligence: Part 1 – Business Requirements

View on Demand - Part 1: Success Factors in Threat Intelligence: Business Requirements - (30 mins; ...

Weekly Phishing Activity: May 30, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...