Forescout Cyber Weekly Roundup
July 12, 2019
The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.
- ‘Hack Back’ is back: The Active Cyber Defense Certainty Act (ACDC) is back on the table and would enable corporations and victims the ability to move beyond active defense in order to ‘hack back’ and take a more aggressive stance against cyber perpetrators.
- ‘Retro’ is in: This article highlights an interesting move by the U.S. government to revert back to ‘retro’ technologies—analog and manual tech—to secure critical national infrastructure (CNI).
- CVE-2017-11774 under exploit: U.S. CYBERCOM has confirmed active malicious use of CVE-2017-11774. What’s interesting about this malware is that it causes confusion by making it look as if the user were phished, when in reality they were not.
- Many are called, few are chosen: The Joint Artificial Intelligence Center (JAIC) is seeking a wide range of AI tools, from automatically patching weak points in military networks to hunting hacker hangouts deep in the Dark Web. Proposals for cyber and information warfare are due July 26.
- New app, new opportunities for compromise: Japan’s biggest retailer launched a customer mobile payment application, 7pay, on July 1; however, it didn’t take hackers long to find a weak spot in the payment app’s software. So far, losses have been reported at roughly $500,000.
- Chinese online retail juggernaut JD.com adopts AI to drive growth in smaller cities and among female users amid wider e-commerce slowdown: The company’s investment in AI and technology almost doubled last year to $1.75 billion. But what did that extra billion in technology spend actually buy? “JD.com is using AI across the entire purchasing process on its shopping platform, from product search and personalized recommendations to customer-service chatbots and product delivery.”
- Think twice before going under: The U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned this week that a vulnerability in certain hospital anesthesia machines could allow attackers to impair respirator functionality by silencing alarms, altering time and date records, and changing the composition of aspirated gases—all of which could compromise patient safety.
- About that 2,582:1 healthcare cyber worker ratio: Years after WannaCry, outdated equipment, unpatched software and a lack of skills, training and awareness still leave hospital systems subject to compromise. This article highlights recent findings that on average, British hospital trusts employ just one qualified security professional per 2,582 employees. At these cyber workforce integration ratios, old threats like WannaCry will remain a very real problem for the healthcare industry.
- Mega-breach fines: The U.S. hotel group is facing fines of around $123 million. As the second firm to face a massive GDPR fine, we’re starting to see the global impact of regulation.
- Mobile security still an afterthought: Recent research has found that the financial services industry is at higher risk of man-in-the-middle attacks and phishing attacks on the industry are higher than other industries. Banks and other financial organizations are struggling to keep pace with BYOD adoption, cloud migration and increasing regulation.
- Purpose-built OT attacks on the rise: Recent research highlights the latest trends in IT-OT attacks. More rigorous security operations and life-cycle management best practices are needed to protect organizations from major threats to the core of their businesses. Put simply, IT Teams and OT Teams need to talk—fast.
- Know Thy Devices: This article explains the challenges associated with smart buildings and notes that an endpoint security strategy and device identification and control are critical to a sound security posture.
- New state and local cyber resources: Indiana University’s IU Cybersecurity Clinic will support state and local organizations managing cybersecurity, protecting intellectual property and improving privacy. The clinic will also serve as a cyber training hub for the Midwest, and is made possible through a $340,000 grant from the William and Flora Hewlett Foundation and matching funds up to $225,000 from the Indiana Economic Development Corporation.
- When it comes to priorities, nothing should compete with cyber: Currently, there is not a state or local government in the U.S. that is fully funded to defend their information technology networks against cyberattacks. The National Association of State Information Officers (NASCIO) have made it clear that budget is the top challenge state governments face on cybersecurity but the question remains as to federal involvement in the allocation process.
- Zoom Zero Day–A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission: This is a great writeup from security researcher Jonathan Leitschuh. “This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission. On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call. Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”
- New York’s Monroe College hacked, targeted for $2M bitcoin ransom: Technically grand larceny by extortion, the ransom seems to be a bit higher than the college is willing to pay. “We are obviously taking this very seriously…but we’ve rolled up our sleeves,” the spokesperson said, adding: “Monroe was founded in 1933, and what that means is we know how to teach the old-fashioned way.”
Operational Technology / Industrial Control Systems
State, Local & Education