Forescout Cyber Weekly Roundup
April 12, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

Public Sector
1. Nine executable files found to be infected with Lazarus’ HOPLIGHT Trojan malware strain: The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant referred to as HOPLIGHT that appears to be used by the government of North Korea.
   https://www.us-cert.gov/ncas/current-activity/2019/04/10/North-Korean-Malicious-Cyber-Activity
2. Agency upper ranks are thinning: Claire Grady, acting deputy secretary at the Department of Homeland Security (DHS) resigned this week on the heels of Kirstjen Nielsen, DHS secretary, who resigned Sunday after a meeting with President Trump. Many agree that the departures will leave DHS with a cyber void that must be filled quickly.
   https://thehill.com/homenews/administration/438145-dhs-deputy-secretary-resigns-nielsen-says

Defense

3. One of our battles is going to be just getting off of the pier: The Navy announced this week that it’s seeking a new assistant secretary to focus on cyber and information issues. The volume of foreign attacks on the U.S. military and defense contractors is unsettling, but it’s also a relief to see the Navy responding with focus and determination.
   https://breakingdefense.com/2019/04/navy-needs-cyber-secretary-wouldnt-say-no-to-truman-refueling-secnav-spencer/
4. Living in the grey zone: Many believe that Washington and the country as a whole must shift some of our cultural and societal norms to no longer think of war and peace as two distinct states but instead endure a continuum of conflict in which peace is simply war by other means.
   https://breakingdefense.com/2019/04/cyber-warfare-in-the-grey-zone-wake-up-washington/

Retail

5. Sniffers on the loose: New analysis has found that JavaScript sniffers—specialized malware that skims credit card data from online shopping—are being used more frequently across the globe. Online shoppers should use the same card for online purchases, check the URL before purchasing to ensure the site uses a valid certificate, and never store payment information on any site.
   https://www.bankinfosecurity.com/e-commerce-javascript-sniffer-attacks-proliferate-report-a-12350
6. Spring break savings and cyber scams: While the scams highlighted in this article aren’t the type of ‘attacks’ we usually cover (e.g., the JS Sniffer above), they are still a legitimate problem for consumers when it comes to security. This article offers some tips to help consumers avoid being scammed and also includes some additional consumer tips from the Federal Trade Commission (FTC).
   https://www.consumeraffairs.com/news/new-vacation-rental-scams-enter-the-scene-just-in-time-for-spring-break-041019.html

Healthcare

7. New cyber insurance policy targets healthcare companies: More than 70 percent of healthcare organizations lack cyber insurance. While the details included in this release seem to indicate that the new policies will provide more coverage than cyber insurance policies have in the past, it’s also important for healthcare organizations to remember that while cyber insurance can aid in the restoration of digital assets and costs of response and replacement, it can’t prevent an attack—and ultimately, guarantee patient safety. When it comes to healthcare, availability is the most important pillar in the CIA triad.
   https://www.scnow.com/news/business/wire/article_ceed79ee-21d3-5f74-8be6-eea40ef3a20c.html
8. The Department of Health and Human Services to participate in public-private coalition: HHS is among 10 other federal agencies and participants, but could arguably benefit the most from the new effort. The Cybersecurity Talent Initiative will choose from student applicants who will be guaranteed a two-year placement at participating federal agencies.
   https://www.healthcareitnews.com/news/microsoft-mastercard-workday-help-create-cybersecurity-talent-initiative

Financial Services

9. Cyber top of mind for bank CEOs testifying before House Financial Services Committee: When asked about some of the biggest risks facing financial services, cyber risks, slowed global growth, shadow banking and leverage lending were commonly listed by most CEOs.
   https://www.cnbc.com/video/2019/04/10/cybersecurity-is-the-biggest-risk-for-banks-says-analyst.html
10. Don’t let TrickBot steal your tax refund: Hackers have launched a phishing campaign to impersonate employees from Paychex and ADP in an effort to steal valuable data such as banking credentials and wire money without immediate detection.
    https://www.cyberscoop.com/tax-scam-2019-adp-paychex-fake-emails/

Operational Technology / Industrial Control Systems

11. Triton strikes twice: Although out of the limelight since the 2017 ICS attack, Triton recently resurfaced and is following the common pattern in sophisticated ICS intrusions: gaining access to corporate IT, shifting to operational technology (OT) networks, and lurking in the shadows waiting for the perfect moment to strike.
    https://threatpost.com/triton-ics-malware-second-victim/143658/
12. The odds are good—too good: Recent findings have revealed that nine out of 10 operational technology (OT) companies face cyber threats at least once every two years. Among major problems cited, few organizations possessed sufficient visibility into their network and attack surface.
    https://www.itwire.com/security/86648-90-in-operational-tech-sector-face-cyber-attack-every-2-years.html

State, Local & Education

13. Forget the National Spelling Bee, it’s time for the Cyber Patriot National Finals: Beating out the initial 6,000 participants, the final 28 students will have three hours to secure an operating system and configure a network.
    https://www.wbaltv.com/article/towson-high-schoolers-compete-in-cybersecurity-competition/27089285
14. Cyber credentials, certificates and credibility: The National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) have designated Southeast Missouri State as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through 2024, making it one of only 250 such programs nationwide. As these programs grow, so too will the number of credible cyber professionals, but many will still face the challenge of proving their worth in terms of years of experience.
    https://news.semo.edu/nsa-dhs-designates-southeast-a-national-center-of-academic-excellence-in-cyber-defense-education/

Editor’s Choice

15. Co-operative cyber data sharing: This article highlights “crypto-splitting” as an emerging method that companies can partner to combat cyber criminals. In short, a handful of companies agree to share data with one another. Company A would then have bits of data from companies B, C and D, etc. The objective is to create a puzzle so complex that hackers choose another target because of the time required to solve the puzzle.
    https://www.bbc.com/news/business-47724438
16. Where did all the CEOs go? We noted a few weeks ago that many companies invest in their executives after a cyberattack instead of replacing them. A recent study from the Warwick Business School even found that CEOs were more likely to receive an increase in total and incentive pay several years after a breach. This week, however, we’re seeing a new bill called the Corporate Executive Accountability Act, which is designed to establish criminal liability for negligent executive officers of major corporations. In other words, executives may soon be looking at more jail time, not vacation time.
    https://www.forbes.com/sites/bobzukis/2019/04/10/regulators-want-ceos-to-go-to-jail-for-cyber-failings-should-you/
17. Data theft at Dutch chipmachine maker ASML: In 2014, Chinese employees working in the San Jose R&D division of Dutch chipmachine maker ASML stole source code, manuals and marketing information for competitor XTAL, which could improve its products substantially with this information. A judge in California sentenced XTAL to pay $223 million dollars in damages.
    https://uk.reuters.com/article/uk-asml-china-spying/chinese-spies-stole-secrets-from-chip-equipment-maker-asml-dutch-newspaper-fd-idUKKCN1RN0DY

Share This: Share on Linkedin Share on Twitter Share on Facebook