This weekly brief highlights the latest Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.
Information Security Risk
“A popular car-sharing company has disclosed a major data breach seven months after it was first detected in June 2017 as the alleged hacker was arrested by Australian police. In an email sent to customers on January 31, the firm said its IT team identified “unauthorised activity” on its system on 27 June last year and immediately launched a full internal investigation. Between May and July last year, the man allegedly illegally accessed the service’s database and downloaded customers’ personal data on two occasions and used it to access vehicles on at least 33 occasions without consent. The compromised data includes customers’ names, addresses, email addresses, phone numbers, dates of birth, driver’s license details, employers, emergency contact details and administrative account details.”
“Five Greenpeace activists were arrested after breaking into Port Taranaki and boarding the Mermaid Searcher (an Amazon Warrior supply vessel) in protest of oil and gas exploration. The group gained entry to the port operations area by breaching security fences early Wednesday morning. While on board, two of the women chained themselves to the deck and the two men climbed the ship’s mast where they unveiled a Greenpeace banner. Greenpeace posted a press release addressing the incident, saying the protest “follows a decade of popular opposition to oil and gas from local communities and iwi up and down the country. Taranaki iwi have written an open letter to Ardern, calling on her to halt seismic testing off their coastline. In a second press release, Greenpeace announced that the activists involved in the protest are being threatened with charges under the Anadarko Amendment – a 2013 Amendment to the Crown Minerals Act making it an offense to interfere with oil exploration ships at sea.”
“Security researchers have spotted a new strain of sophisticated Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. that is targeting several high-profile entities, including five universities, twenty-three private companies and several government organizations. The Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. email, disguised as a message from FedEx, claims that the delivery service could not deliver a package that exceeded its “free-deliver limit” and the user must physically collect it at a nearby outlet. It requests users to click on a link to download and print out an “attached label” that needs to be submitted to receive the parcel. The malicious link itself is disguised as a Google Drive link. Once a user clicks on it, the hackers’ website pops up with the malicious “Lebal copy.exe” file ready to download. Masquerading as a normal Adobe Acrobat document, Lebal copy is actually a piece of malicious malware designed to harvest a slew of sensitive data from victims.”