Posted May 15, 2018
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“The report summary released this week by the Senate intelligence committee gives an overview of initial findings focused on how Russian government operatives affected U.S. elections systems. The full report is undergoing a review to check for classified information. Two years after Russia’s wave of cyberattacks against American democracy, a Senate committee investigating election interference says those hackers hit harder than previously thought in several states. The committee also added that it still doesn’t know with complete certainty exactly how much of U.S. voting infrastructure was compromised. Committee members also said that they uncovered no evidence that any vote tallies were manipulated or that any voter registration data was deleted or changed, a finding that is similar to what the intelligence community and other lawmakers have said consistently since 2016. Some of the report’s other findings also are familiar: Russian cyber attackers targeted or scanned the elections systems in at least 21 states, and the Department of Homeland Security was slow in reaching out to the correct officials in those states to let them know.”
Information Security Risk
“Meituan Dianping, the internet giant backed by China’s most valuable tech corporation, has begun investigating reports of a data breach that exposed the private information of tens of thousands of users. The food-delivery and e-commerce giant said it’s working with police to investigate an alleged leak that’s drawn fire from concerned consumers and again cast doubt on the ability of Chinese web firms to safeguard sensitive personal information. In Meituan’s case, allegedly tens of thousands of data snippets — everything from names and mobile numbers to home addresses — on food-delivery customers went on sale online for as little as 0.1 yuan (2 cents) per item. “Because of the multiple parties involved in food delivery, such as merchants and third-party delivery services, some unlawful participants might have been able to gain access to information,” the company said in an emailed statement.”
“The spread of breached identity information has resulted in an outbreak of new account creation fraud with a new ground zero for the crimes pointing right at Latin America. Developing economies are emerging as epicenters for global cybercrime expansion, with Brazil being in the top five attacking nations during the first quarter of the year. Those attacks center on neighboring countries such as Argentina and Colombia and spread into key digital economy areas in the U.S. and U.K. One-quarter of all account registrations from Latin America are being rejected as fraudulent, according to the first-quarter cybercrime report from a threat research company. The stolen and synthesized identities are being used to attack the growing Latin America e-commerce market, as well as major global American retail corporations.”