Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Operational Risk

“All ATMs that are still running on Windows XP operating system are at the risk of getting hacked easily, as the OS is no longer supported except for emergency security patches (for instance, patch blocking the WannaCry ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! released this year). An employee of a Russian blogging platform recently discovered that ATMs operated by a state-owned Russian bank running Windows XP have inherent security vulnerabilities that can be easily exploited by hackers. According to the user, a full screen lock that prevents access to various components of an ATM operating system could be bypassed by turning on the Sticky Keys when special keys like SHIFT, CTRL, ALT, and WINDOWS were pressed 5 times. By pressing SHIFT key 5 times in a row, it allowed access to Windows settings and displayed the taskbar and Start menu of the operating system giving users to access deep within Windows XP from the touch screen. This vulnerability allows hackers to deploy malicious software or modify ATM boot scripts.”


Legal, Litigation, and Regulatory Risk

“The U.S. Securities and Exchange Commission is planning to update its 6-year-old cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. guidance for how publicly traded firms report data breaches to investors. The agency has indicated that it expects to refine guidance around how businesses disclose cybersecurity risks to investors as well as require insider trading programs to include blackout rules in the event that a suspected data breach gets discovered. With the refresh, officials say businesses should expect to have to disclose more cyber risks, refine their insider trading policies and prove that they’re taking information security seriously. “We’re likely to see an increased emphasis on having public companies disclose the cyber risks they face, focusing on their business model, the nature of their operations and the evolving and changing nature of cyber risks,” an official said. Businesses will likely be called on to prove that they have mechanisms in place to increase the likelihood that they can detect breaches in a timely manner, escalate these concerns to senior management and rapidly “figure out if the breach is material to investors and needs to be disclosed in a timely basis.””

Bank Info Security

Insurance + Healthcare

“Ransomware emerged as a significant threat on the worldwide stage in 2017, but new variants will challenge healthcare organizations well into 2018, with some versions of new malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. not even needing a network to distribute themselves throughout an organization. Matt Sherman, a malware outbreak specialist at Symantec, notes that while the healthcare sector is particularly vulnerable, ransomware is everywhere, including the business associates within healthcare and other industries. Any time a healthcare organization selects a new partner, it must assess whether the security controls of the partner match the organization’s controls.”

Health Data Management


“Some retailers make return policies more lenient during the holiday season, while others may tighten their return policies to account for an increase in return fraud. According to National Retail Federation’s 2017 Organized Retail Crime Survey, 13 percent of holiday sales will be returned and of those 11 percent will likely be fraud.”



Additional Posts

Weekly Phishing Activity: January 3, 3018

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

The CyberWire Daily Podcast: Down the BadRabbit Hole

LookingGlass Threat Researcher, Marcelle Lee recently wrote on the BadRabbit ransomware strain. ...