Forescout Cyber Weekly Roundup
April 12, 2019
The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.
- Nine executable files found to be infected with Lazarus’ HOPLIGHT Trojan malware strain: The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant referred to as HOPLIGHT that appears to be used by the government of North Korea.
- Agency upper ranks are thinning: Claire Grady, acting deputy secretary at the Department of Homeland Security (DHS) resigned this week on the heels of Kirstjen Nielsen, DHS secretary, who resigned Sunday after a meeting with President Trump. Many agree that the departures will leave DHS with a cyber void that must be filled quickly.
- One of our battles is going to be just getting off of the pier: The Navy announced this week that it’s seeking a new assistant secretary to focus on cyber and information issues. The volume of foreign attacks on the U.S. military and defense contractors is unsettling, but it’s also a relief to see the Navy responding with focus and determination.
- Living in the grey zone: Many believe that Washington and the country as a whole must shift some of our cultural and societal norms to no longer think of war and peace as two distinct states but instead endure a continuum of conflict in which peace is simply war by other means.
- Spring break savings and cyber scams: While the scams highlighted in this article aren’t the type of ‘attacks’ we usually cover (e.g., the JS Sniffer above), they are still a legitimate problem for consumers when it comes to security. This article offers some tips to help consumers avoid being scammed and also includes some additional consumer tips from the Federal Trade Commission (FTC).
- New cyber insurance policy targets healthcare companies: More than 70 percent of healthcare organizations lack cyber insurance. While the details included in this release seem to indicate that the new policies will provide more coverage than cyber insurance policies have in the past, it’s also important for healthcare organizations to remember that while cyber insurance can aid in the restoration of digital assets and costs of response and replacement, it can’t prevent an attack—and ultimately, guarantee patient safety. When it comes to healthcare, availability is the most important pillar in the CIA triad.
- The Department of Health and Human Services to participate in public-private coalition: HHS is among 10 other federal agencies and participants, but could arguably benefit the most from the new effort. The Cybersecurity Talent Initiative will choose from student applicants who will be guaranteed a two-year placement at participating federal agencies.
- Cyber top of mind for bank CEOs testifying before House Financial Services Committee: When asked about some of the biggest risks facing financial services, cyber risks, slowed global growth, shadow banking and leverage lending were commonly listed by most CEOs.
- Don’t let TrickBot steal your tax refund: Hackers have launched a phishing campaign to impersonate employees from Paychex and ADP in an effort to steal valuable data such as banking credentials and wire money without immediate detection.
- Triton strikes twice: Although out of the limelight since the 2017 ICS attack, Triton recently resurfaced and is following the common pattern in sophisticated ICS intrusions: gaining access to corporate IT, shifting to operational technology (OT) networks, and lurking in the shadows waiting for the perfect moment to strike.
- The odds are good—too good: Recent findings have revealed that nine out of 10 operational technology (OT) companies face cyber threats at least once every two years. Among major problems cited, few organizations possessed sufficient visibility into their network and attack surface.
- Forget the National Spelling Bee, it’s time for the Cyber Patriot National Finals: Beating out the initial 6,000 participants, the final 28 students will have three hours to secure an operating system and configure a network.
- Cyber credentials, certificates and credibility: The National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) have designated Southeast Missouri State as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through 2024, making it one of only 250 such programs nationwide. As these programs grow, so too will the number of credible cyber professionals, but many will still face the challenge of proving their worth in terms of years of experience.
- Co-operative cyber data sharing: This article highlights “crypto-splitting” as an emerging method that companies can partner to combat cyber criminals. In short, a handful of companies agree to share data with one another. Company A would then have bits of data from companies B, C and D, etc. The objective is to create a puzzle so complex that hackers choose another target because of the time required to solve the puzzle.
- Where did all the CEOs go? We noted a few weeks ago that many companies invest in their executives after a cyberattack instead of replacing them. A recent study from the Warwick Business School even found that CEOs were more likely to receive an increase in total and incentive pay several years after a breach. This week, however, we’re seeing a new bill called the Corporate Executive Accountability Act, which is designed to establish criminal liability for negligent executive officers of major corporations. In other words, executives may soon be looking at more jail time, not vacation time.
- Data theft at Dutch chipmachine maker ASML: In 2014, Chinese employees working in the San Jose R&D division of Dutch chipmachine maker ASML stole source code, manuals and marketing information for competitor XTAL, which could improve its products substantially with this information. A judge in California sentenced XTAL to pay $223 million dollars in damages.
Operational Technology / Industrial Control Systems
State, Local & Education