Blog

Forescout Cyber Weekly Roundup
April 19, 2019

Colby Proffitt | April 19, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

    Public Sector

  1. The FBI National Academy knows where you live, and now so does the rest of the world: While it appears that the data on the national database was not compromised, the home addresses, phone numbers, emails and employers’ names of at least 1,400 unique records of law enforcement officers were stolen and published online.
    https://www.nbcnews.com/tech/security/hacker-group-posts-hundreds-law-officer-records-n994231
  2. Savings don’t keep you safe: The House Homeland Security Committee is pushing for a higher cap on funding needed within the Department of Homeland Security (DHS). The specific amount of the increase is unknown at this time but it is reported to be “commensurate to the threat.”
    https://www.politico.com/newsletters/morning-cybersecurity/2019/04/15/house-panel-wants-dhs-cyber-funding-hike-583887

  3. Another one bites the dust: Huawei and ZTE have been the primary Chinese companies making headline news in recent months, but recent actions by the Trump administration and the FCC have put a new Chinese company in the limelight: China Mobile. This company will likely not be the last to be blocked from the U.S. telecom market.
    https://www.lightreading.com/regulation/china-mobile-may-be-barred-from-us-telecom-market-under-fcc-proposal/d/d-id/750902

  4. Defense

  5. Network compression may solve the cyber bandwidth challenge: Researchers from The Army Research Lab (ARL) have found that by compressing network traffic, they can detect malicious activity faster. The next phase of the project will focus on network classification and lossless compression techniques.
    https://phys.org/news/2019-04-army-cybersecurity.html
  6. Assemble the dream team: The Air Force has announced that it is creating groups of specialized cyber defense teams called mission defense teams, which will focus on the cyber aspects of each mission—in short, making sure that every fighter jet, weapon and other assets are secured and functional.
    https://www.fifthdomain.com/dod/air-force/2019/04/17/when-malware-hits-an-f-16-call-these-new-air-force-cyber-teams/
  7. Capture the packet: The Army has taken significant strides in the area of cyber training. The Army’s new custom platform can be used to generate new content, exercises and various scenarios in a fraction of the time previously required, all while connecting mission force teams around the globe.
    https://www.fifthdomain.com/dod/2019/04/16/what-the-army-learned-from-a-february-cyber-exercise/
  8. Retail

  9. Stolen data is everyone’s problem: This article explains some of the common cyber challenges facing the retail industry, highlighting account takeover fraud and general e-commerce fraud, up 80 percent and 30 percent respectively.
    https://www.mytotalretail.com/article/from-dark-web-to-check-out-how-consumer-data-breaches-are-all-retailers-problem/
  10. If your CPA sends you unencrypted emails, it’s time to find a new accountant: New research has revealed that last year’s tax forms can be purchased on the dark web for as little as $1.04. Increasingly, tax forms and related personally identifiable information (PII) is being stolen from accounting firms, largely because they fail to take basic security precautions with client data.
    https://wwmt.com/news/local/criminals-are-putting-old-tax-returns-up-for-sale-on-the-dark-web

  11. Healthcare

  12. Trust but verify: New research has revealed that third party healthcare vendors were responsible for at least 20 percent of healthcare data breaches in 2018. And going beyond business associates, IT vendor sprawl is a major headache for healthcare organizations—and any one of a healthcare delivery organization’s suppliers could unintentionally introduce a devastating security incident.
    https://www.informationsecuritybuzz.com/expert-comments/3rd-party-vendors-behind-20-of-healthcare-data-breaches/

  13. Hackers target financial data, not just health information: Some might assume that patient data is the only type of data hackers are after when it comes to hospitals and healthcare delivery organizations (HDOs). However, recent incidents within the healthcare industry highlight that hackers are just as inclined to target a hospital’s financial systems as its systems for electronic health records (EHRs).
    https://www.healthcareinfosecurity.com/data-breaches-in-healthcare-affect-more-than-patient-data-a-12379
  14. Think before you open that .dcm file: Hiding malicious code within a file isn’t new, but leveraging DICOM files, which are often used for CT and MRI scan imaging data, to spread malicious binaries is a new tactic in attackers’ toolkits.
    https://www.bleepingcomputer.com/news/security/new-malicious-medical-dicom-image-files-cause-hipaa-headache/
  15. Financial Services

  16. The Price is Right, to the right degree at the right time: Breaches, hacks and other cyber incidents are often talked about in terms of risk and impact, not necessarily economic outputs or consequences. However, organizations with a mature cybersecurity strategy will apply a return on investment (ROI) approach to decision making—those organizations will want to understand the specific costs and benefits associated with every cyber action or event.
    https://www.cshub.com/interviews/articles/the-economic-side-of-cyber-security-risk-management
  17. Don’t forget about Brazil: Russia, China, North Korea and Iran steal the cyber headlines on a daily basis, but this article highlights a level of organized cyber crime originating in Brazil. Although none of the techniques used by the attackers seem to be revolutionary, the size of the arsenal and the speed at which the attackers shift tactics indicates a well-organized cyber operation.
    https://www.cyberscoop.com/brazilian-pirates-two-factor-authentication-recorded-future/

  18. Operational Technology / Industrial Control Systems

  19. For every action there is an equal and opposite reaction: Newton’s third law still stands true, but as this article points out, the convergence of Information Technology (IT) and Operational Technology (OT) is creating a world where digital actions result in physical reactions and physical actions leave a digital ripple.
    https://www.forbes.com/sites/samcurry/2019/04/16/cyber-sights-on-critical-infrastructure/
  20. Securing the Big Apple: Roughly 18 months ago New York City established the NYC Cyber Command to defend the city from cyber threats. Since then, the Command has built its own data pipeline to create a secure, cloud-based security log aggregation platform for city systems.
    https://www.zdnet.com/article/building-a-data-pipeline-to-defend-new-york-from-cyber-threats/
  21. State, Local & Education

  22. New cyber grant program under DHS for state and local: With more than 70 percent of states reporting a lack of adequate funding for cyber development, this new bill may significantly improve cyber at the state level.
    https://www.meritalk.com/articles/states-in-line-for-dhs-cyber-help-under-new-bill/
  23. Why not hack your way into office? Election meddling at the federal, state and municipal levels has become a near-constant worry in recent years, but this story highlights that any election is subject to cyber tampering—even a high school student council election.
    https://www.forbes.com/sites/leemathews/2019/04/14/even-student-council-elections-are-being-hacked-now/
  24. Editor’s Choice

  25. Cyber insurance—a must-have or a must-not? Cyber insurance has emerged in recent years as a critical cyber solution, but it’s important that organizations understand the common policy exceptions and exclusions and realize that cyber insurance isn’t a solution—it’s a way of sharing cyber risk, not eliminating it.
    https://news.bloomberglaw.com/us-law-week/insight-should-cyber-insurance-be-a-line-item-in-your-security-budget
  26. Fresh DragonBlood downgrade attacks against WPA3-capable devices: The future of wireless took a hit late last week alongside a series of new vulnerability announcements from US-CERT. Solid independent research led to the discoveries—the research was enabled by more than 14,000 commits to the open source Dragonslayer Github repository.
    https://wpa3.mathyvanhoef.com/
  27. Novel IE zero-day flaw leaves Windows users vulnerable—even when not browsing: The way Internet Explorer handles MHT archives leaves something to be desired. The vulnerability relates specifically to the way IE deals with CTRL+K, Print Preview, and Print commands, and it can be easily exploited with a JavaScript function call. Although local file loss is the worst case, the underlying issue—proprietary protocols and file formats that parse and reformat user input—remains relevant.
    https://betanews.com/2019/04/15/internet-explorer-mht-vulnerability/