Threat Intelligence Blog

Posted November 14, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“According to a report released on Tuesday by Forrester Research, Cyber-criminals will up their game in 2018 to drive profits, targeting IoT systems and installing ransomware on mission critical POS systems.

Attackers will look to ransomware to generate profits from POS as the EMV standard and end-to-end encryption systems take hold, making it virtually impossible to scrape card data.

According to the firm, Security professionals should focus their efforts on plugging the gaps exposed by default passwords, weak encryption implementations and inadequate patching/remediation capabilities. The report also claimed the 2018 US midterm elections could be another major opportunity for hackers to disrupt, and will provide a clear indication of how resilient the US voting system is.”



“A Russian-linked hacker group, Energetic Bear (but also known as Dragonfly and Crouching Yeti) has been targeting the energy sector in the United States has leveraged a supply chain attack to compromise a website belonging to a Turkish energy company and later used the site as a watering hole attack targeting people associated with Turkish critical infrastructure.

To set up their attacks, Energetic Bear compromises websites that give them exposure to specific targets. They used the same technique for the website of Turcas Petrol, a Turkish energy company, located at This development in attacks could signal growing abilities and enhanced tools leveraged by the hacking group, raising concern for previously targeted sectors.”

Operational Risk

“Attackers are combining credential phishing, credit card data theft, and malware into a single campaign targeting banking details.

While it’s common to see attacks involving phishing or malware, the combination of these tactics in a single campaign targeting Android devices of financial services and banking customers indicates the extent to which attackers are willing to play a longer game in order to get to their goal.

The attacks combine phishing with the distribution of the Marcher Android trojan, a form of banking malware which has been active since at least late 2013. Lures previously used to distribute Marcher include a fake software update, a fake security update, and a fake mobile game.

Uncovered by researchers, the latest Marcher campaign has been ongoing since January and uses a multistep scheme to target customers of Austrian banks.”


Insurance + Healthcare

“A 2017 data breach report from Risk Based Security (RBS) revealed there has been a 305% increase in the number of records exposed in data breaches in the past year.

In Q3 2017, there were 1,465 data breaches reported, bringing the total number of publicly disclosed data breaches up to 3,833 incidents for the year. RBS reports there has been a steady rise in publicly disclosed data breaches since the end of May, with September the worst month of the year. The severity of data breaches has also increased. In 2016, 2.3 billion records were exposed in the first 9 months of the year. In 2017, the figure jumped to 7.09 billion.”

HIPAA Journal


Additional Posts

LookingGlass Adds Government Vets Taxay, Haas

LookingGlass Cyber Solutions has hired a pair of former law enforcement and intelligence executives ...

LookingGlass Appoints Michael Taxay and Jeremy Haas to Executive Leadership Team

LookingGlass Cyber Solutions, a leader in threat intelligence-driven security, today announced that ...