Threat Intelligence Blog

threat intelligence news

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“For the second year in a row, the vast majority of health data breach victims were affected by hacker attacks in 2016, and the trend shows no signs of abating.

HackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. is just getting rolling in healthcare, or probably more accurately, just beginning to be recognized more often,” says Mac McMillan, CEO of the security consulting firm CynergisTek.

Experts say the healthcare sector should be prepared to deal with more ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! attacks as well as other types of extortion attempts in 2017, as well as an uptick in distributed denial-of-service assaults and security breaches involving internet of things devices.”

Healthcare Info Security

Retail

“Topps this week sent out emails informing users that its website was hacked earlier this year and that personal information, including credit card data, was stolen.

The iconic maker of baseball another sports trading cards sent email notifications to potentially impacted users to inform them on the data breach and that personal information submitted to the Topps website (www.topps.com) might have been compromised. According to the email, “one or more intruders” gained to sensitive information via unauthorized access to the company’s website.”

– Security Week

Technology

“The Federal Trade Commission is taking D-Link to court, accusing the company of poor security practices for its routers, web cameras, baby monitors and other products.

The lawsuit (PDF), filed in San Francisco’s district court, argues that D-Link failed to meet security standards from 2007, leaving widespread vulnerabilities open to hackers.

The commission alleges that D-Link coded easy to crack login credentials into its camera software, enabling hackers to easily spy on the company’s customers.”

CNET

Law Enforcement

“Detectives are being trained to process data gathered from Internet of Things (IoT) “smart” devices for use in criminal investigations, Scotland Yard’s forensic head Mark Stokes has told The Times.

Internet-enabled fridges, toasters, washing machines and coffee makers have endured a mixed press – security flaws that render them potentially hackable have been a recurring theme recently – but to police the forensic opportunity is the real deal.

Consumers are slowly filling their homes with data-gathering IoT devices, which means that tomorrow’s crime scene will start with such items, claimed Stokes: “Wireless cameras within a device such as the fridge may record the movement of suspects and owners. Doorbells that connect directly to apps on a user’s phone can show who has rung the door.  All these leave a log and a trace of activity.””

Naked Security

Defense

A security researcher claims to have discovered a large volume of data inadvertently leaked online by a subcontractor that provides healthcare services and professionals to the United States government.

Potomac Healthcare Solutions provides services to the U.S. Army, the Navy, the Marine Corps, the Air Force, the Army Corps of Engineers, Immigration and Customs Enforcement (ICE) and several other organizations in the public sector. In 2013, after teaming up with Booz Allen Hamilton, Potomac obtained a contract with the U.S. Military’s Special Operations Command (SOCOM).

MacKeeper researcher Chris Vickery discovered that an unprotected remote synchronization (rsync) service linked to a Potomac IP address had been exposing more than 11 Gb of files.”

– Security Week

Follow and connect with us on Twitter, Facebook, and LinkedIn if you would like to discuss any of our blogs in more detail!


You May Also Be Interested In…

Additional Posts

Weekly Phishing Activity: January 17, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: January 9, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...