Forescout Cyber Weekly Roundup
May 10, 2019
The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.
- Active defense, defend forward and bounty hunters, oh my: Most in the cybersecurity industry are familiar with the Certified Ethical Hacker (CEH) certification, but a new study by two former DoD officials suggests deputizing private sector actors as ‘certified active defenders’—private-sector experts hired under government direction. Novel approaches are certainly needed when it comes to cyber defense, but this proposal calls into question the reach of legal authority for any such cyber privateers.
- To defend is to make the repercussions of an attack more painful: The exact responsibilities of the potential new positions have not yet been defined, but the Army, Navy and Air Force may be gaining Senate-confirmed ‘supercharged CIO’ IT officials. The additional resource would give the military branches additional support and strategies for cyber defense tactics. Final recommendations are expected by June 30.
- Cyberattack results in world’s first physical reaction: There’s been much debate as to when an act in cyberspace crosses the threshold of war. Technically, the U.S. was the first country to use military force in response to a cyber event, using drones to take out the British citizen who leaked U.S. military details online. But now, we’re seeing a real-time physical response to an attack. The question is, will the physical response break the conflict, or result in escalatory measures?
- Defense by engagement: U.S. Cyber Command took an offensive stance against the Russian troll factory during the 2018 midterms, and although that operation, named Synthetic Theology, has since ended, we can expect that CYBERCOM will launch new operations against Russia, with the hope that persistent cyber engagement will deter adversaries.
- Insert chip face-up, please: There’s been a push in recent years towards a cashless society, but there’s also been some pushback. This week, San Francisco joined several other cities in banning credit-only stores. Many still prefer to pay cash to avoid a digital trail, but many others fear that—in the event of a cyberattack—cash will be the only way to buy or sell.
- Consumer cyber hygiene—an oxymoron? A new report ranks U.S. states based on consumer cybersecurity practices. The most interesting—and unsettling stat—is that only 5% of U.S. consumers back up their data.
- Have you seen my inbox? New research finds that ransomware is the number one data breach threat facing healthcare institutions. Even more interesting, the research suggests that the deluge of email limits the ability of healthcare professionals to carefully review each message before taking appropriate action.
- Cyber enemies to patient safety: Connected medical devices and legacy systems pose the biggest cyber threat to the healthcare industry, and network segmentation and device visibility are the strongest safeguards against malicious attack.
- Quiet Panic—All top 100 US accounting firms impacted by cyber attack: Wolters Kluwer, the leading tax accounting software and cloud services company, is still grappling with downed communication channels. Although the firm suggests data breach and customer infection are not outcomes, the event serves as a reminder that Financial Services must factor cyber risk into their operational models.
- Quantifying the problem: Jamaican banks are repeatedly hit with cyberattacks—to the tune of two attacks per week and average losses of $4 million per month. Jamaican banks are not only having trouble quantifying the problem, but defending against it as well.
- PayPal cyber payout: More than $500 million was lost on account of fraud in 2017, and the numbers for 2018 are expected to be even higher. This story details some of the methods attackers are employing, and just how easy it can be to siphon funds under the radar through electronic money transfer accounts like PayPal and Venmo.
- Situational awareness and communications needed for critical infrastructure defense: Unique operational frameworks, access points, and a variety of legacy systems and emerging technologies are specific challenges to effectively defending U.S. critical infrastructure. The author calls for improved public-private partnerships based on risk management frameworks to defend against threats. https://www.forbes.com/sites/cognitiveworld/2019/05/06/public-private-partnerships-and-the-cybersecurity-challenge-of-protecting-critical-infrastructure/#5d95e0735a57
- Who pays to defend U.S. critical infrastructure? Cyberattacks on critical infrastructure put power grid availability and reliability at risk. This article explores the potential costs, and who may ultimately foot the bill. Most interestingly, this article suggests that consumers may shift from simply paying their electric bill to evaluating electricity providers based on the guarantee of power.
- Vital cyber roles need vital cyber resources: The new State Cyber Resiliency Act is seeking to provide more assistance to state and local governments, but in the interim, states must prepare independently of federal assistance.
- City of Baltimore says ‘no’ to $76,000 RobbinHood ransom, shuts down services: At least this time 911 dispatches were not affected, as they were last year in a similar strike. Officials suggest the cyberattack resembles one last month that targeted Greenville, North Carolina—and Greenville was still struggling with its impact two weeks later.
- Before the Shadow Brokers leak, the Chinese had already captured NSA hacking tools in the field: In ancient archery manuscripts, shooting nockless arrows results in an enemy that cannot shoot them back at you. Perhaps that’s the equivalent of fileless malware, but unfortunately for the NSA, “American officials will need to factor in the real likelihood that their own tools will boomerang back on American targets or allies.”
- 17-year-old security researcher finds something ‘interesting’ in Dell web-based driver updates: How can a website detect the drivers on your computer? Via pre-installed remote support bloatware, of course! This is not the first time manufacturer-installed remote control agents have proven to be a weak link in countless devices still available for sale in retail channels.
- MegaCortex ransomware drops Matrix references while targeting enterprise networks: The sudden spike seems to be due to rapid deployment from Emotet- and Qbot-compromised jump servers internationally, which were likely used to deploy the MegaCortex payload—making spam the original, but technically indirect path to infection. Overall, the operation appears to have the makings of a successful cybercriminal joint venture.
Operational Technology / Industrial Control Systems
State, Local & Education