Blog

Forescout Cyber Weekly Roundup March 22, 2019

Colby Proffitt | March 22, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

    Public Sector

  1. Who needs to wiretap when you can just hack a cellphone? Attribution and deception persist as a problem, not just in the U.S., but abroad as well. In this case, Benny Gantz, head of the Blue and White Party, has claimed that Iran hacked his phone and gathered sensitive data, stirring political turmoil just weeks before the upcoming election.
    https://www.reuters.com/article/us-iran-israel-cybercrime/iran-denies-hacking-phone-of-israeli-election-frontrunner-idUSKCN1R11J6
  2. A $500 million dollar supercomputer—now that’s Cray: It’s not crazy, but it is based on Intel and Cray technology. Called Aurora, this machine is anticipated to be the first American computer to achieve exascale performance. Faster computers aren’t the only measure of cyber superiority, but the development of this machine marks a critical step in U.S. cyber defense.
    https://www.nytimes.com/2019/03/18/technology/china-us-500-million-supercomputer.html
  3. Defense

  4. Cyber offense isn’t such a taboo term anymore: The U.S. Air Force and U.S. Cyber Command aren’t being shy about their pursuit of offensive cyber tools. While the details of what those tools entail aren’t fully clear yet, it’s safe to say that the U.S. seems to have moved beyond its historical reluctance to publicly admit any research and development efforts focused on cyber offense as a necessary counterpart to cyber defense.
    https://www.fifthdomain.com/dod/air-force/2019/03/20/the-air-force-wants-to-start-a-new-35m-offensive-cyber-program/
  5. Cause and effect in action: Attribution is hard, cyber criminals often go unpunished, and there isn’t always a decrease in malicious cyber activity after indictments and arrests; however, in this case, it appears that the FBI’s December crackdown on distributed denial of service (DDoS) for hire services directly contributed to a significant decrease in DDoS attack size.
    https://threatpost.com/threatlist-ddos-attack-sizes-drop-85-percent-post-fbi-crackdown/142907/
  6. Lurking in the shadows: China has targeted U.S. academic and research institutions, defense contractors, and military branches for years. While many agree the intent has largely been espionage, there’s been debate in recent years as to what is considered allowable, and when the Chinese have gone too far by stealing U.S. intellectual property (IP) for military and socioeconomic advantage. This newly released report out of the Navy suggests that not only is China lurking in the shadows of U.S. networks, but U.S. attempts to thwart China are akin to shooting in the dark.
    https://www.businessinsider.in/the-us-navy-and-its-partners-are-under-cyber-siege-from-chinese-hackers-and-are-hemorrhaging-national-security-secrets/articleshow/68383668.cms
  7. Retail

  8. If I could turn back time: This consumer-focused story details the rampant misconception that identity theft can be reversed. Credit monitoring and identity theft services, which are often offered free of charge to consumers impacted by a data breach or cyberattack, shouldn’t be discounted as helpful services, but consumers should understand that those services can’t turn back the clock.
    https://www.freep.com/story/money/personal-finance/susan-tompor/2019/03/21/data-breaches-protect-yourself-id-theft/3214021002/
  9. One expensive typo: Script-based payment card malware continues to be the focus for many bad actors in 2019, but we’re also seeing increased criminal efforts to mask their malicious code with new tactics that can potentially make it harder for companies to detect when they’ve been compromised. Tactics such as fake look-a-like domains, for example, which take advantage of users who misspell a domain name, aren’t new; however, criminals are taking those tactics a step further my spoofing both the domains and the LiveChat features that consumers are accustomed to using on many retail websites.
    https://www.bankinfosecurity.com/magecart-nightmare-besets-e-commerce-websites-a-12216

  10. Healthcare

  11. Send in the negotiator: The FDA has received feedback in support of the latest draft premarket device cyber guidance, but it’s also getting some pushback from medical device manufacturers. One of the leading suggestions so far is that the focus should be on a software bill of materials (SBOM) as opposed to a hardware-focused cyber bill of materials (CBOM). The frameworks, processes, and guidance needed within healthcare are challenging, not just because they are fairly new and they require consideration of the explosion of IP-enabled medical devices, but also because they must balance the need for federal regulation and private sector innovation.
    https://www.govinfosecurity.com/groups-ask-fda-to-rethink-some-medical-device-cyber-proposals-a-12210
  12. Just when you thought paper couldn’t be hacked: The fax server for a leading electronic medical records software maker didn’t have a password, and the data transmitted over the fax machine wasn’t encrypted. Unknown quantities of personally identifiable information (PII) could be accessed and read from the transmitted faxes in real-time.
    https://techcrunch.com/2019/03/17/medical-health-data-leak/

  13. Financial Services

  14. Robocall season is upon us: Ignore calls from numbers you don’t recognize, if you get an email from your bank that looks questionable, call your bank (and don’t call the potentially fake number in the email), patch and update your machine, change your passwords, and backup anything you can’t live without (like last year’s tax return).
    https://www.ksfy.com/content/news/Cyber-security-tips-for-tax-season.html
  15. Human in the loop: Many argue that a human should remain in the loop when it comes to artificial intelligence (AI) and decision making. Somewhat ironically, this story highlights how, in some cases, cyber criminals are relying on the human element—cash mules to be specific—to fully execute their plans and collect their loot. While there was some extensive technical groundwork required, ultimately these cyber thieves still needed a person to go to the bank in person.
    https://arstechnica.com/information-technology/2019/03/how-hackers-pulled-of-a-20-million-bank-heist/
  16. Operational Technology / Industrial Control Systems

  17. Did aluminum cans just get more expensive, or did the supply chain just get slower? The fact that a ‘classic’ ransomware attack can halt aluminum production (in the same way NotPetya cost shipping giant Maersk upwards of $300 million last year) is a clear sign of both how vulnerable the industries that power our economies are, how interconnected IT and OT systems are becoming, and how cyber is becoming increasingly physical, as we predicted last year.
    https://www.bloomberg.com/news/articles/2019-03-19/hydro-says-victim-of-extensive-cyber-attack-impacting-operations-jtfgz6td
  18. Segmentation key to ICS security: This article highlights a number of approaches and strategies necessary for the defense of industrial control systems (ICS), including network segmentation. This, and the other approaches, however, shouldn’t be limited to ICS alone.
    https://hub.packtpub.com/defensive-strategies-industrial-organizations-can-use-against-cyber-attacks/

  19. State, Local & Education

  20. When at risk, educate: Hawaii was recently ranked as the state most at risk of cyberattack with 316 cyber victims per 100,000 residents. The state is taking that risk seriously, and recently held a cyber summit for local businesses with panelists and experts from the FBI and NSA.
    https://www.kitv.com/story/40170893/university-of-hawaii-showing-local-businesses-how-to-step-up-their-cy
  21. You can’t patchwork cybersecurity: This article might lead you to believe that new machines are more secure; while we hope that to be true, it often isn’t. What we can hope is that a significant portion of the quarter billion dollar investment on new machines is applied to the proper security of those machines.
    https://www.daytondailynews.com/news/local/protecting-your-vote/qKTqufLlPXvkeUblMTE89N/

  22. Editor’s Choice

  23. Once you’re in, you’re in: This research may seem counterintuitive, and obviously there are plenty of scenarios in which a CEO stepped down after a cyberattack—either voluntarily or by request—but the challenge of finding a new CEO willing to inherit a cyber problem might also be one of the reasons some companies opt to invest in their executives instead of replacing them.
    https://www.helpnetsecurity.com/2019/03/21/pay-rise-after-cyber-attack/
  24. Microsoft Ending Support for Windows 7: This week’s US-CERT warning foreshadows a major problem coming across the horizon. It’s time to figure out how to migrate, sunset, and otherwise segment Windows 7 and Windows Server 2008. These kinds of legacy systems are especially common in OT and Healthcare environments. End of extended support is anticipated on 14 January 2020.
    https://www.us-cert.gov/ncas/current-activity/2019/03/19/Microsoft-Ending-Support-Windows-7