Threat Intelligence Blog

Posted May 9, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Financial Services

“On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it’s possible Wednesday’s five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident “curious” to engineers at network monitoring service BGPmon. What’s more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.”

– Ars Technica


“Researchers have discovered a significant software flaw in the energy grid equipment sold by General Electric (GE) that could allow even lone attackers with limited resources to “disconnect sectors of the power grid at will”.

Until last week, this alarming sentence was little more than a one part of a placeholder for July’s Black Hat conference, advertising a session by three researchers from New York University.

Last week, however, GE suddenly announced that it had issued fixes for five of the six flaws, with the last on its way.”

– Naked Security


“Sophisticated malware threats that appear to be leveraging stolen administrative credentials may affect numerous industries, including healthcare, according to a recent National Cybersecurity and Communications Integration Center (NCCIC) warning.

NCCIC said the campaign has been happening since at least May 2016, and uses multiple malware implants.

“Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments,” NCCIC stated on its website. “Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.””

– Health IT Security


“Just released data from Radial’s leading eCommerce Fraud Technology Lab adds another alarming statistic for retailers to contend with when delivering a seamless customer experience. To date in 2017, data shows a 200-percent increase in credit card testing, a tactic used by fraudsters to test stolen credit card numbers with small incremental purchases before making large-dollar purchases on the card, compared to the same quarter in 2016. Fraud also is up 30 percent year over year, proving to already struggling retailers that this is just the beginning of online fraud in the post-EMV world.

Managing fraud continues to be a double-edged sword for retailers. Many either apply tools that over-reject orders, but in the process decrease their customer transaction approvals and lose valuable revenue in return. Or, retailers build their fraud teams in-house, which often lack the historical data and rules to catch subtle card testing tactics like the ones identified by Radial. Card testing leads to more eCommerce fraud as it’s easily identifiable when a retailer is allowing these types of fraudulent transactions through.”



“The Google Doc phishing scam that started spreading Wednesday compromised more than one million Gmail users.

There were 1 billion active Gmail users every month as of February 2016, a figure that has undoubtedly increased since.”

– Recode


“Russia no longer owns the airwaves in Eastern Europe. Two decades after the US Army unilaterally disarmed its electronic warfare branch, two years after Russian jamming crippled Ukrainian units, the Germany-based 2nd Cavalry Regiment is field-testing new EW gear.

“We have kit in Europe today,” said Doug Wiltsie, director of the Army’s recently created Rapid Capabilities Office. Successive upgrades based on 2nd Cav soldiers’ feedback will enter testing in July and October, and fielding will follow later this year — despite budget turmoil that has slowed RCO’s other projects.”

– Breaking Defense

You May Also Be Interested In…

Additional Posts

LookingGlass Cyber Security Thought Leaders to Present at Secure360

LookingGlass® Cyber Solutions, a leader in threat intelligence-driven security, today ...

LookingGlass Weekly Phishing Activity: May 8, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...