Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Defense

“The hackers who disrupted the U.S. presidential election last year had ambitions that stretched across the globe, targeting the emails of Ukrainian officers, Russian opposition figures, U.S. defense contractors and thousands of others of interest to the Kremlin, according to a previously unpublished digital hit list compiled by cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. firm Secureworks and obtained by The Associated Press.

In the United States, Fancy Bear (it accidentally exposed part of its phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. operation to the internet) tried to pry open at least 573 inboxes belonging to those in the top echelons of the country’s diplomatic and security services: then-Secretary of State John Kerry, former Secretary of State Colin Powell, then-NATO Supreme Commander, U.S. Air Force Gen. Philip Breedlove, and one of his predecessors, U.S. Army Gen. Wesley Clark.

The list skewed toward workers for defense contractors such as Boeing, Raytheon and Lockheed Martin or senior intelligence figures, prominent Russia watchers and Democrats. More than 130 party workers, campaign staffers and supporters of the party were targeted, including Podesta and other members of Clinton’s inner circle.”

Associated Press

Energy

“The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.

The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.

The report said that hackers have succeeded in infiltrating some targets, including at least one energy generator, and conducting reconnaissance on their networks. It was accompanied by six technical documents describing malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. used in the attacks.”

 – Reuters

Information Security

“A Chinese hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. operation is back with new malware attack techniques and has switched its focus to conducting espionage on western corporations, having previously targeted organizations and individuals in Taiwan, Tibet, and the Philippines.

Dubbed KeyBoy, the advanced persistent threat actor has been operating out of China since at least 2013 and in that time, has mainly focused its campaigns against targets in the South-East Asia region.

But now the group has reemerged and is targeting western organizations with malware which allow them to secretly perform malicious activities on infected computers. They include taking screenshots, key-logging, browsing and downloading files, gathering extended system information, and shutting down the infected machine.”

ZDNet

Insurance + Healthcare

“The protected health information (PHI) of 932 members of the Texas Children’s Health Plan has been discovered to have been emailed to the personal email account of a former employee.

The incident was discovered on September 21 but the former employee emailed the data late last year. The emails were discovered during a routine review.

Texas Children’s Health Plan responded to the breach promptly and took action to mitigate risk. While the reason for the PHI being emailed to the personal email account has not been disclosed, the breach report uploaded to the insurance plan website explains no evidence has been uncovered to suggest any plan member information has been used inappropriately.

However, the incident has been reported to law enforcement. The types of data included in the emails varied for each patient, but typically included: names, telephone numbers, addresses, dates of birth, Medicaid numbers, and waiver types. This type of incident is relatively common, and several HIPAA-covered entities have discovered similar incidents in recent months.”

HIPAA Journal

 


Additional Posts

Moving Beyond Threat Hunting to Actively Counter Threats

For those of you building proactive cybersecurity programs, this blog will cover some tips that I ...

Weekly Phishing Activity: November 8, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...