While assessing activity over the last week, our Threat and Risk Analysis Cell honed in on some areas of concern in this week’s Threat Dashboard. Two areas particularly stood out – the shifting of focus for cyber threat actors, who have employed social engineering techniques to target the hospitality industry, and the physical security concerns regarding the terrorism threat in Europe, especially during this holiday period of heightened concern. The team dives deeper into both matters in the weekly Torpedo Report.
“A new malware campaign by the Carbanak Group, a well-known criminal group who stole over $1 billion from multiple financial institutions in 2015, has been discovered by Trustwave, with implications for any organization with exterior-facing customer service departments… efforts seem to be specifically targeting the hospitality sector but the tactics being used could be employed to target any community… the attacker will use social engineering techniques to get the staff member to click on said document, as it contains important ‘information.’ Once they confirm the document has been opened, uploading the malware, the attacker quickly ends the call… Threats against the hospitality industry are not new. However, this is one of the more involved social engineering attacks that has been observed and involves several layers. The success of good social engineering attacks begins with the conduct of detailed analysis and research, also known as footprinting… Elegant in its simplicity, this method of guaranteeing a risky click is not restricted to the hospitality community. Any outward facing customer service representative that’s allowed to receive documents from customers is vulnerable to this type of attack, due to its low cost and low technical requirements. And it’s not overly hard for a skilled social engineer to develop a believable story for a representative already inclined to help their customers or prospective clients.”
Addressing the terrorism threat, the team notes, “This week, the US State Department issued an updated European Travel Warning. This warning was based in part because of recent events, such as terrorist arrests in Turkey, Germany and France, as well as warnings from Belgium on the potential of more attacks in the future from returning foreign fighters. Europe remains, and will remain, a prime target for terrorist activity based on proximity to the areas of conflict in the Middle East and North Africa, as well as immigration policies, upcoming symbolic events and other factors… November marks the one-year anniversary of the Paris attacks that killed at least 130 and wounded over 350. That attack involved terrorists targeting a sports stadium, a concert hall and dining venues. Recent arrests in Germany and France point to attackers’ interests in iconic targets and theme parks. Large public gatherings and venues have been and will remain of keen interest to would-be attackers. Additionally, with the holiday season upon us, large gatherings such as Christmas markets throughout Europe are very popular. These markets are ideal soft targets, as they are generally held in city centers and have fluid entrance and exit locations that make it difficult to properly search people. Such opportunities could be a welcome target for potential attacks. Additionally, mass transit – such as trains, planes and bus routes – have been targets in the past and transportation hubs will continue to be enticing targets for extremists.”
The complete Torpedo Report includes additional background and analysis as well as some preparedness and operational ideas for leaders to consider. This week’s reports and previous releases can be linked to from the “Reports” tab of this website.
November is National Critical Infrastructure Security and Resilience Month. It “builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure. Securing the nation’s infrastructure is a national priority that requires planning and coordination across the entire community.” (DHS.gov) At Gate 15, we want to remind everyone to take the time to understand their critical infrastructure dependencies, assess your organization’s relevant risks, and take a prioritized approach to preparedness and operations.
To help leaders maintain active threat situational awareness, we distribute our (free!) daily paper and the above mentioned weekly products. Our team hopes they can help you achieve a sound background as you assess your organizational risks and then apply a threat-informed, risk-based and prioritized approach to preparedness and operations. If you’re not already signed-up, subscribe to our free products and receive them directly! Free reports include our daily paper, the Gate 15 SUN, with additional detail, focus and analysis in the weekly Threat Dashboard and Torpedo Report.
Follow our Gate 15 team on Twitter: @Gate_15_Analyst, subscribe to our free products and find us on LinkedIn (and check out our brand new Gate 15 page on LinkedIn – we’d love to have you “follow” us there!).