Weekly Threat Intelligence Brief: October 19, 2016

Posted October 19, 2016

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations make inform decisions regarding their response to the threat. news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“As ransomwareRansomware: A type of malicious software designed to block access to a computer system until a sum of money is paid. and other cyberattacks on healthcare entities continue to surge, federal regulators are alerting organizations about the importance of safeguarding network-attached storage devices and other gear that supports or enables file transfer protocol services.

The Department of Health and Human Services’ Office for Civil Rights’ monthly cyber awareness alert for October reminds HIPAA covered entities and their business associates that FTP services are proving particularly vulnerable to cyberattacks.”

– Healthcare Info Security

 Financial Services

“A previously undocumented banking Trojan is targeting financial institutions across the globe and is being used by cybercriminals to spy on networks of compromised organisations and stealthily defraud them of funds.

The Odinaff trojan has been active since January this year, carrying out attacks against organisations operating in the banking, securities, trading, and payroll sectors, as well as those which provide support services to these industries.”

– ZDNet

Legal and Regulations

The Vermont Attorney General announced a settlement with business-to-business software developer Entrinsik, Inc., regarding allegations that the company’s Informer program violated state law placing restrictions on the use and disposal of data containing Social Security numbers. The Informer program is used by businesses, including seven colleges in Vermont, to analyze and create reports of data by extracting that data from databases and presenting it in a web browser. However, when a plain-text, unsecured file of this extraction with 14,000 Social Security numbers was stored on a users’ local hard drive and backed up to a later misplaced external drive, Vermont’s data breach notification statute was triggered – probably causing the investigation into Extrinsik and the Informer program.

– Vermont Government

Retail

“Vera Bradley, a US handbags manufacturer and retailer, has announced today a breach of its payment card processing system that exposed the card details of some of its in-store customers.

According to a statement posted on Vera Bradley’s website, law enforcement approached the company last month and informed them of a potential intrusion.

After investigating the tip with the help of a cyber-security firm, the two concluded that a hacker (or a group) had gained access to Vera Bradley’s payment processing system and installed PoS malwareMalware: Software that is intended to damage or disable computers and computer systems..”

– Softpedia

You May Also Be Interested In…

• [WEBINAR] Operationalizing Threat Intelligence: ESG Analyst Research, Insight, Use Cases
• [Data Sheet] LookingGlass Cyber Threat Center
• [Data Sheet] Information Protection