Threat Intelligence Blog

Posted January 3, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Operational Risk

“All ATMs that are still running on Windows XP operating system are at the risk of getting hacked easily, as the OS is no longer supported except for emergency security patches (for instance, patch blocking the WannaCry ransomware released this year). An employee of a Russian blogging platform recently discovered that ATMs operated by a state-owned Russian bank running Windows XP have inherent security vulnerabilities that can be easily exploited by hackers. According to the user, a full screen lock that prevents access to various components of an ATM operating system could be bypassed by turning on the Sticky Keys when special keys like SHIFT, CTRL, ALT, and WINDOWS were pressed 5 times. By pressing SHIFT key 5 times in a row, it allowed access to Windows settings and displayed the taskbar and Start menu of the operating system giving users to access deep within Windows XP from the touch screen. This vulnerability allows hackers to deploy malicious software or modify ATM boot scripts.”


Legal, Litigation, and Regulatory Risk

“The U.S. Securities and Exchange Commission is planning to update its 6-year-old cybersecurity guidance for how publicly traded firms report data breaches to investors. The agency has indicated that it expects to refine guidance around how businesses disclose cybersecurity risks to investors as well as require insider trading programs to include blackout rules in the event that a suspected data breach gets discovered. With the refresh, officials say businesses should expect to have to disclose more cyber risks, refine their insider trading policies and prove that they’re taking information security seriously. “We’re likely to see an increased emphasis on having public companies disclose the cyber risks they face, focusing on their business model, the nature of their operations and the evolving and changing nature of cyber risks,” an official said. Businesses will likely be called on to prove that they have mechanisms in place to increase the likelihood that they can detect breaches in a timely manner, escalate these concerns to senior management and rapidly “figure out if the breach is material to investors and needs to be disclosed in a timely basis.””

Bank Info Security

Insurance + Healthcare

“Ransomware emerged as a significant threat on the worldwide stage in 2017, but new variants will challenge healthcare organizations well into 2018, with some versions of new malware not even needing a network to distribute themselves throughout an organization. Matt Sherman, a malware outbreak specialist at Symantec, notes that while the healthcare sector is particularly vulnerable, ransomware is everywhere, including the business associates within healthcare and other industries. Any time a healthcare organization selects a new partner, it must assess whether the security controls of the partner match the organization’s controls.”

Health Data Management


“Some retailers make return policies more lenient during the holiday season, while others may tighten their return policies to account for an increase in return fraud. According to National Retail Federation’s 2017 Organized Retail Crime Survey, 13 percent of holiday sales will be returned and of those 11 percent will likely be fraud.”



Additional Posts

Weekly Phishing Activity: January 3, 3018

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

The CyberWire Daily Podcast: Down the BadRabbit Hole

LookingGlass Threat Researcher, Marcelle Lee recently wrote on the BadRabbit ransomware strain. ...