Blog

Forescout Cyber Weekly Roundup
August 09, 2019

Colby Proffitt | August 9, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

    Public Sector

  1. If you can’t beat ‘em, at least be able to recover: This clever read has a simple but profound truth: “The enemy only has to win one time, while defenders have to win every time.” So long as attackers do a decent job of covering their tracks, or at least elude extradition, the consequences of failure usually aren’t much of a deterrent for attackers. Conversely, the consequences of failing to thwart one attack can be devastating for the victims. It’s this unfavorably tilted battlefield that has stirred increasing focus on resiliency, recovery and risk mitigations as opposed to traditional cyber defense measures.
    https://www.nextgov.com/ideas/2019/08/can-new-technologies-restore-robust-federal-cyber-perimeter/158970/
  2. Huawei, you’re still welcome anyway: Despite security concerns across their southern border, Canada has signed a deal with Huawei to help with the country’s high-speed internet projects. It’s a big win for the company, since their ban in the U.S. proved to be a huge obstacle in their bid to become the world’s biggest smartphone company. This comes as a bit of a surprise following the arrest of a Huawei executive in Canada last year related to alleged illegal activity of the company.
    https://www.washingtontimes.com/news/2019/aug/4/chinas-huawei-help-canadas-far-north-link-internet/
  3. Defense

  4. New UK military unit launched to combat digital dark arts: he UK’s new special cyber operations unit, 6 Division (6 Div), specializes in information warfare—combating fake news, political propaganda and the like—as a means to protect national security. Many argue that such offensive programs are a necessity to combat threats that remain just beneath the threshold of physical war. Others, however, believe that offensive maneuvers—even if intended as defensive warnings—will undoubtedly result in escalation measures.
    https://www.forbes.com/sites/zakdoffman/2019/08/01/social-media-warfare-new-military-cyber-unit-will-fight-russias-dark-arts/
  5. Air Force invites your attacks (seriously): The U.S. Air Force invited a group of ethical hackers to participate in a hackathon designed to expose flaws in their systems, and paid prizes to those who found the most gaping holes. The bug bounty program resulted in 54 vulnerabilities in the system being found and documented, and the person who found the most of them went home with $20,000.
    https://www.fifthdomain.com/dod/air-force/2019/08/06/the-air-force-sends-good-guys-in-to-hack-its-cloud/
  6. Retail

  7. Is convenience synonymous with risk? Retailers continue in the never-ending pursuit of customer satisfaction. In recent years, that’s meant increased digitalization for consumer convenience. But, in many cases, that’s also meant increased risk, as evidenced by the doubling of retail breaches in 2018.
    https://www.consultancy.uk/news/22044/cyber-security-cost-hits-uk-high-street-hard
  8. 7-Eleven payment system does an unfortunate 360: After massive attacks costing its customers hundreds of thousands of dollars, 7-Eleven Japan is shutting down its mobile payments system by the end of September, just three months after it debuted on July 1st. Even though the industry recognizes the trend of cashless payments as the preferred method of conducting business, this situation puts a dent in the pursuit to attract tech-savvy customers.
    https://www.mobileworldlive.com/money/news-money/security-breach-brings-down-shutters-on-7pay/
  9. Healthcare

  10. 32 million patient records breached in first half of 2019: We’re already at more than double the number of breached records from 2018—and, unsurprisingly, 88% of the breaches were due to hacking.
    https://healthitsecurity.com/news/32m-patient-records-breached-in-first-half-of-2019-88-caused-by-hacking
  11. Hospital full of holes (all of them accounted for): A Las Vegas ‘hospital’ will be a target of multiple attacks on its medical devices—luckily, it’s not a real hospital, and the attacks are only exercises. The Medical Device Village is being installed at the DefCon hacking conference BioHacking Village to test out possible scenarios of hostile takeovers in a hospital environment and come up with solutions to countless threats looming over connected medical devices.
    https://www.wired.com/story/defcon-medical-device-village-hacking-hospital/
  12. Financial Services

  13. Leaked information confirms the suspicions of many: A leaked report from the United Nations states that North Korea has used cyberattacks against banks and financial institutions to “generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.” Estimates put the total around $2 billion and many suspect that the funds are being used for nuclear weapons.
    https://www.bbc.com/news/world-asia-49259302
  14. Plain text causing unusual troubles: British mobile-only bank Monzo has informed its 500,000 customers that now might be a good time to consider changing their PIN following a massive data leak. To make things worse, sensitive information such as personal identification numbers were stored by the bank in a plaintext format, raising questions about security regulations applied to institutions in the ever-changing modern banking industry.
    https://www.ft.com/content/f4f1f00a-b78a-11e9-8a88-aa6628ac896c
  15. Operational Technology / Industrial Control Systems

  16. As simple as IoT gets: Russian government-linked hackers used three IoT devices with weak security—namely an office printer, a video decoder, and a voice over IP (VoIP) phone—to access several Microsoft customers’ networks. They then tried to break into more valuable accounts with sensitive data. According to Microsoft researchers, “these simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments.” Forescout Research is keen to attend as they present their findings at the Black Hat security conference in Las Vegas this week.
    https://www.cyberscoop.com/russian-apt-iot-device-security/
  17. The temperature is rising: According to Kaspersky, Distributed Denial of Service (DDoS) attacks are on the rise again, with an 18% increase in the second quarter of 2019 compared to the same period last year. Warm, spring/summer months usually see less attacks than in the colder parts of the year, but the increase in an analogous time frame might be a sign that this vacation season one might be a more stressful one.
    https://isssource.com/Q2-ddos-attacks-up-over-last-year/
  18. State, Local & Education

  19. Forget ‘snow days’—‘cyber days’ might prevent schools from opening at all: Franklin Parish principals in Louisiana insist that the first day of school will remain on schedule ‘no matter what’—but some remain skeptical. Multiple schools have been attacked in recent weeks, causing the LA Department of Education to release a statewide cyberattack warning, which has ultimately enabled first-time access to critical cyber resources from the LA National Guard, State Police, and Louisiana State University, among others.
    http://www.hannapub.com/franklinsun/news/local_state_headlines/schools-take-precautions-after-cyber-attack-warning/article_92e303f4-b884-11e9-8fc9-a72e0cc38892.html
  20. Data of thousands of U.S. students exposed: Pearson, an educational software company based in the UK, signaled a data breach affecting thousands of students across the United States. Leaked data included names, dates of birth, and e-mail addresses, making it potentially dangerous to those affected, yet Pearson claims there’s “no evidence” that stolen data is being misused.
    https://www.siliconrepublic.com/enterprise/pearson-uk-education-breach-students
  21. Editor’s Choice

  22. StockX data breach backstory grows: Back in May the e-commerce platform StockX suffered a massive hacking attack which exposed over 6 million customer records. However, the firm only recently confirmed the data breach – initially, they had asked impacted customers to reset their passwords due to ‘system updates’. Although the vendors claimed buyer financial or payment information was unaffected, several customers reported unauthorized purchases from their accounts – is it coincidence or worse than originally thought?
    https://latesthackingnews.com/2019/08/05/stockx-confirmed-data-breach-exposed-over-6-million-customer-records-to-hackers/
  23. MegaCortex ransomware targets corporations with huge ransom demands – and the malware is already changing: According to a recently released analysis by Accenture’s iDefense, the creators of the relatively new ransomware MegaCortex target enterprises instead of home users possibly because the latter are unable to pay bigger ransoms. And by ‘bigger’ we mean from two to 600 bitcoins – or from $20,000 to $5.8 million. The analysis also finds there’s already an updated version of the dangerous ransomware, the features of which allow the creators behind it to spread it through either an email phishing campaign or a Trojan downloader.
    https://www.healthcareinfosecurity.com/megacortex-ransomware-demands-millions-from-victims-a-12872
  24. Someone’s got the hots for Florida: After Key Biscayne, Riviera Beach, and Lake City, now the southwest Florida city of Naples lost $700,000 in a recent cyberattack. The attack appeared to be “from a trusted source”, posing as a representative from a construction company which was doing infrastructure work in downtown Naples, the Naples Daily News reports. City officials say the attack has not impacted the city’s data systems.
    https://www.washingtontimes.com/news/2019/aug/5/officials-city-of-naples-out-700k-after-cyberattac/