infy_iranian_apt.jpg

This week's news indicated that the possibilities for malware are endless. The new discovery of a decade old malware, dubbed Infy; the American Dental Association sent out thousands of USB's infected with malware to dental offices nationwide; and the threats from hacking groups are growing to a new level of destruction with data manipulation being recognized as a possible devastating economic threat.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Malware

1. Infy, an Iranian malware family, bypassed mitigations for at least a decade.

why is this signficant?


  • Maliciously infected Word documents, Powerpoint presentations and sly ways of social engineering are linked to being the culprit of spreading Infy.
  • Researchers identified 40 different strains linked to this family. The newest strain of Infy can tap your microphone without any notification.
  • “Due to the low volume of (very targeted) attacks, it didn't receive attention or scrutiny and wasn't publicly reported".

Read the full story on SCMagazine

 

2. The American Dental Association says USB's containing malware were mailed out to thousands of dental offices.  

why is this signficant?

  • These clever criminals are finding weaknesses in systems and successfully planning the logistics of transferring malware in resourceful ways. This case proves, how infiltration is inevitable.
  • The ADA, reportedly blames the Chinese supply chain for the spread of the malware.
  • Dental offices that were hit should be wary of breaching HIPAA regulation in case the threat actors access or compromise information systems storing sensitive Personal Health Information (PHI). Healthcare data is a huge target and doesn't seem to be dying down.

Read the full story on InfoSecurity Magazine

Threat Predictions

Stealing credentials is a huge risk for any enterprise, but state-sponsored hacking groups could have a greater economic impact if/when data manipulation occurs.

why is this signficant?

  • Key data points are at risk by being compromised from subtle attacks which could have a huge domino effect. If/when cyberespionage groups begin manipulating data in their favor with errors, this will influence decision making in enterprises/governments.  NSA's director clarified the growing threat at RSA this year.
  • Ransomware is an obvious means of data manipulation, simply by tampering with files if a requested ransom payment is delayed.  However, undetected data manipulation- as seen in Mr. Robot TV Series when Eli alters his own healthcare data- is becoming a new reality and growing threat.

/** Customers of enSilo are protected from  the tampering of data**/
Read the full story on The Register