Threat Intelligence Blog

Posted November 8, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“SecurityScorecard is out with its 2016 Healthcare Industry Cybersecurity Report, and it paints a grim picture about how vulnerable healthcare entities are to socially engineered schemes. CEO Aleksandr Yampolskiy shares insight from the study.

How low does healthcare score? Out of 18 industry sectors reviewed, healthcare placed 15 as one whose employees are most susceptible to fall for socially engineered schemes.”

BankInfo Security

Financial Services

“A recently discovered variant of the Nymaim dropper brings several new features and capabilities, including new obfuscation and delivery methods, the use of PowerShell, and what researchers call an interesting anti-analysis and anti-detection mechanism.

Nymaim has been around since 2013 and it has mainly been used as a dropper for other threats, including file-encrypting ransomware and banking Trojans. The malware has not attracted too much attention since 2013, until this year, when ESET reported seeing a 63 percent increase in infections compared to 2015. Nymaim’s authors also recompiled the malware with code taken from Gozi ISFB and created a hybrid banking Trojan dubbed GozNym.”

– Security Week


China adopted a controversial cyber security law on Monday to counter what Beijing says are growing threats such as hacking and terrorism, but the law triggered concerns among foreign business and rights groups.

The legislation, passed by China’s largely rubber-stamp parliament and set to take effect in June 2017, is an “objective need” of China as a major internet power, a parliament official said.

Overseas critics of the law say it threatens to shut foreign technology companies out of various sectors deemed “critical”, and includes contentious requirements for security reviews and for data to be stored on servers in China.”


Law Enforcement

” Law enforcement agencies across the globe staged a crackdown on so-called darknet web sites last week, targeting marchants and thousands of customers who were looking to obtain illegal drugs and goods.

From Oct.22 to the 28th, the agencies took action against merchants and customers that used these sites for illicit items, U.S. Immigration and Customs Enforcement said in a statement on Monday.

Unlike other websites, these underground marketplaces reside within the darknet — a sort of parallel internet accessible to visitors via anonymizing software like Tor. While the software has legitimate uses, such as safeguarding communications in authoritarian countries, it has been adopted for more illicit means.”

CSO Online


“Ian Levy, technical director of the National Cyber Security Centre (NCSC), has laid out ways in which the agency will improve the nation’s cyber security.

Chancellor Philip Hammond announced the government’s £1.9bn National Cyber Security Strategy yesterday that aims to allow the UK to “defend ourselves in cyber space and to strike back when we are attacked”, making it plain that the UK will develop offensive as well as defensive capabilities.

Part of this effort will be undertaken by the NCSC, which has previously said that the UK is subject to 200 serious cyber security incidents every month.”


You May Also Be Interested In…

Additional Posts

5 Insights on Building a Successful Threat Intelligence Program

Recently, I had the opportunity to present on Building Successful Threat Intelligence Programs at ...

Weekly Phishing Activity: November 7, 2016

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...