Blog

Forescout Cyber Weekly Roundup
August 16, 2019

Colby Proffitt | August 16, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

    Public Sector

  1. Questions abound: Officials from The Department of Defense (DoD) and the National Institute of Standards and Technology (NIST) are seeking to improve cyber guidance for contractor systems. So far, the general feedback from affected contractors has been confusion and an abundance of questions. The DoD must take steps to safeguard sensitive information, but it will be interesting to see the position of the program in its final state.
    https://fcw.com/articles/2019/08/12/dod-contractor-cyber-johnson.aspx
  2. Experience versus money: The cyber skills shortage persists, but recent discussions from Black Hat 2019 suggest that while the U.S. government can offer cyber professionals experience, the private sector can offer more money. Some of the former feds who now work in the private sector suggested that compensation isn’t always the issue and that the government needs to do a better job marketing its unique capabilities, tools and technologies that aren’t necessarily available in the private sector.
    https://www.fifthdomain.com/2019/08/13/what-government-can-do-to-keep-its-cyber-workforce/
  3. Defense

  4. Cyberattack exception to sovereign immunity: This article offers some interesting insights into the recent ruling regarding the 2016 cyberattack on the Democratic National Committee (DNC). We won’t comment on the legal jurisdictional issues, but it might be time for a review of statues in today’s modern cyber age.
    https://www.justsecurity.org/65809/time-for-a-cyber-attack-exception-to-the-foreign-sovereign-immunities-act/
  5. The future of infantry: Unveiled in 2018, the 15-Marine rifle squad configuration adds two Marines, an assistant squad leader and a squad systems operator. The change is designed to put more capabilities in the squad—specifically, cyber capabilities that can aid Marines in the multidomain warfighting realm, which includes primarily cyber and electronic warfare.
    https://www.marinecorpstimes.com/news/your-marine-corps/2019/08/09/15-marine-rifle-squad-an-exclusive-look-inside-the-future-infantry/
  6. Retail

  7. Cover your ears: Recent research has revealed that some smart home devices can not only be compromised, but bad actors can actually manipulate the devices to the point that they could cause physical harm. Hackers are no longer limited to only listening in on private conversations via baby monitors, they can now turn smart speakers into deafening weapons. Read our full report, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT for more information on vulnerable smart home devices.
    https://www.telegraph.co.uk/technology/2019/08/14/hackers-could-hurt-cars-medical-devices-household-gadgets-become/
  8. The rise and risk of connected cars: This article highlights some of the findings from the Consumer Watchdog report on connected cars, titled Kill Switch. In short, the majority of the 2020 line of vehicles from the top 10 manufacturers will be connected—and will also be vulnerable to cyberattack. When you think about the potential devastation of a zero-day exploit on a stationary PC, one can quickly understand the potential physical consequences of a similar exploit on a computer or other connected device embedded within a moving vehicle. In the U.S. alone there are about 50 million connected vehicles on the road, and experts believe there will be about 17 million added each year for the foreseeable future.
    https://www.cpomagazine.com/cyber-security/connected-cars-a-new-and-dangerous-vector-for-cyber-attacks/
  9. Healthcare

  10. As complicated as it is sophisticated: Email fraud in healthcare rose 473% in the last two years, and as this article explains, phishing remains a major problem within healthcare. As noted in our recent Research Report: Putting Healthcare Security Under The Microscope, healthcare reliance on Microsoft-based and legacy systems persists as a problem, making it even easier for malware to take root via phishing and spread across the network.
    https://www.cpomagazine.com/cyber-security/3-email-security-setbacks-unique-to-healthcare/
  11. High tech healthcare extortion protection: While the focus of this article is on cyber insurance and a policy that came in handy for one hospital, the bigger story is that, because the hospital segmented its network, it avoided a much, much bigger security problem.
    https://www.kctv5.com/news/local_news/ransomware-attack-on-local-hospital-covered-by-cyber-insurance/article_a0f46808-b982-11e9-97ea-f3d0cbf7ff63.html
  12. Financial Services

  13. The North Korean WMD cyber ‘theft’ raiser: Following up on last week’s coverage, North Korea continues to raise funds for weapons of mass destruction via cyber theft. To date, there are at least 35 reported instances; however, this week an unnamed African financial institution apparently managed to foil a recent attack, thanks to the help of a London-based cybersecurity company.
    https://www.computerweekly.com/news/252467937/African-bank-foils-suspected-North-Korean-cyber-attack
  14. You can’t trust https:// anymore: An investigation of the 50 largest global banks found that more than 1900 potential phishing domains were registered in the first half of 2019; meaning that potential phishing domains increased by 14% in the first half of 2019 vs. the same time period in 2018. And, 15% of potential phishing domains registered in the first half of 2019 had valid certificates—meaning they had ‘https’ in a domain URL.
    https://finance.yahoo.com/news/potential-phishing-domains-targeting-top-140000065.html
  15. Operational Technology / Industrial Control Systems

  16. An ICS storm is brewing: This article offers an interesting professional perspective layered on top of survey findings and focuses on organization-wide resiliency as a means of reducing burnout and improving security.
    https://securityboulevard.com/2019/08/an-ics-cyber-security-storm-is-brewing-how-to-prevent-staff-burnout/
  17. IT/OT security market report: Cyberattacks targeting smart buildings and IoT-based infrastructure are on the rise. This report focuses on the key trends in the IT/OT security market, identifies the drivers and restraints, and sheds light on the competitive landscape and evolving market share of major participants.
    https://www.thehindubusinessline.com/news/real-estate/rise-in-cyber-attacks-on-smart-buildings-propels-global-itot-security-market-report/article29008541.ece
  18. State, Local & Education

  19. New Ohio voting machines are ‘virtually unhackable’: In an effort to prevent an election debacle, Lucas County Ohio is debuting new voting machines that some are calling ‘unhackable’ because they never connect to the Internet. Severing ties to the Internet, or air-gapping, might make it harder to execute an attack, but not impossible. And, it’s important to remember that often when something is touted as ‘unhackable,’ it also becomes a top target.
    https://www.toledoblade.com/local/politics/2019/08/13/frank-larose-ohio-elections-cyber-threats-hacking-lucas-county-early-vote/stories/20190813129
  20. An F in Security: A high school graduate from Boston decided to see how safe his school records are, and it turns out that student information systems are way too vulnerable to possible attacks. This raises a question—why do we inherently push for protection of our medical and banking data, but forget our school records?
    https://techcrunch.com/2019/08/09/school-data-student-security-def-con/
  21. Editor’s Choice

  22. Don’t worry, I’ve seen this on TV: Elon Musk’s neurotechnology startup, Neuralink, aims to create a new computer-brain interface with therapeutic applications—like treating brain diseases or spinal damage—by using a “sewing machine for the brain” to weave around 3,000 electrodes into our gray matter. So far the company has tested the system on rats, but will the FDA’s draft guidance on brain-computer interfaces (BCIs) arrive in time, or will biomedical technology again win the “pacing” race to market?
    https://slate.com/technology/2019/08/elon-musk-neuralink-facebook-brain-computer-interface-fda.html
  23. Over 80 cyber mergers and acquisitions in the first half of 2019: A whopping $22 billion in cyber industry M&A transactions aims to get ahead of cyber market-goers who want to buy more security products from fewer vendors. However, according to market research analysts, only 30%-40% of these deals are considered “successful”—mainly because most acquired companies are not allowed to continue on the path that made them attractive in the first place (e.g., the original founders are not incentivized to remain an active part of the company by continuing to conduct research or develop innovative products). However, a lack of proper cyber due diligence can also lead to unsuccessful mergers and even buyer’s remorse, as we explained in our recent study: The Role of Cybersecurity in Mergers and Acquisitions Diligence.
    https://www.cyberscoop.com/cybersecurity-market-size-palo-alto-symantec-cisco/
  24. August Microsoft Patch Tuesday Brings Us DejaBlue, Affecting Windows 7 and Beyond: Security Researcher Marcus Hutchins was tapped in WIRED coverage of DejaBlue, a Microsoft RDP vulnerability that follows on the heels of BlueKeep. Microsoft credits internal product security hardening for the discovery, while patches were delivered in this week’s Patch Tuesday. Similar to the technical response to BlueKeep, best practice guidance suggests turning on Network Level Authentication (NLA), automatic updates, and otherwise patching Windows devices. Security policies to control devices impacted by DejaBlue may be enforced against Windows OS version and device configuration status.
    https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/