Blog

Forescout Cyber Weekly Roundup March 8, 2019

Colby Proffitt | March 8, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

    Public Sector

  1. Pick the low-hanging fruit, but don’t let it fall on your head: New cyber research is released regularly—and some of the stats in the latest report focused on the Public Sector paint a picture of just how prevalent attacks have become in the last two years. Among the most interesting findings, 44% of respondents said they prioritize based on the ease of remediation, not the criticality of impacted systems—an indicator of immature cyber risk approaches in the Public Sector.
    https://www.oodaloop.com/briefs/2019/03/06/the-public-sector-is-a-cyberattack-magnet-manual-processes-are-to-blame/
  2. If we become worse at deterring one adversary, we become worse at deterring them all: Effective deterrence across the globe and against all adversaries is nearly impossible to achieve. However, this article argues that deterrence can me more effective when aggression and forbearance are tempered based on attribution certainty.
    https://nationalinterest.org/feature/case-cyber-deterrence-plan-works-46207
  3. Defense

  4. If you can’t beat ’em, just steal it from them: China stole the blueprints of the F-35 fighter jet, and now it looks like they’ve stolen sensitive information for U.S. submarines and underwater weapons. Chinese theft of U.S. military technology is a huge problem, yet it’s all rooted in a very small, simple attack method: phishing.
    https://www.wsj.com/articles/chinese-hackers-target-universities-in-pursuit-of-maritime-military-secrets-11551781800
  5. DoD shifts from building to maintaining: The Department of Defense (DoD) started developing a Cyber Mission Force (CMF) in 2013. To aid in the transition of CMF training responsibilities to the services, the Government Accountability Office (GAO) has laid out eight recommendations for Cyber Command and the services.
    https://www.gao.gov/products/GAO-19-362#summary_recommend
  6. Retail

  7. Acknowledgement is just the first step: 85 percent of companies said they need to take mobile security seriously, yet half of the companies polled acknowledged that saving money and cutting corners trumped investments to protect mobile data and boost security.
    https://wwd.com/business-news/technology/verizon-cyber-report-1203077596/
  8. Caught in the premeditated act: With the retail industry losing more than $34 billion in sales on account of shoplifting in 2017, some retailers are looking to advances in AI to stop theft before it happens.
    https://tech.economictimes.indiatimes.com/news/technology/the-ai-cameras-that-can-spot-shoplifters-even-before-they-steal/68288238
  9. National Consumer Protection Week 2019: In case you missed the announcement in last week’s roundup, March 3-9 is National Consumer Protection week. The Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) have made a number of free resources available online to help educate and inform consumers.
    https://www.whitehouse.gov/presidential-actions/presidential-proclamation-national-consumer-protection-week-2019/
  10. Healthcare

  11. Back to old faithful: Trojan malware reclaims the top spot as the greatest cyber threat to the Healthcare industry.
    https://www.lexology.com/library/detail.aspx?g=c8ccd493-5b01-4741-a4c4-8e605243079c
  12. Another week, another healthcare breach: As is often the case with breaches, no one seems to know what was compromised, or how—and the free credit monitoring offers that affected patients will receive in the mail are likely to be read with eye rolls, if they’re read at all.
    https://www.washingtontimes.com/news/2019/mar/4/hospital-system-thousands-may-have-been-impacted-b/
  13. Financial Services

  14. Hot wallets, faked deaths, and misplaced millions: Although bitcoin is supposed to guarantee an irrefutable, unalterable ledger via blockchain, even the FBI is finding it hard to follow the paperless trail.
    http://fortune.com/2019/03/04/quadriga-fbi-bitcoin/
  15. Blockchain isn’t just for banks: Startup leverages blockchain to track cotton from harvest to finished textiles, enabling companies to better secure their supply chain and guarantee the authenticity of their cotton products.
    https://www.forbes.com/sites/alexknapp/2019/03/04/this-blockchain-startup-is-partnering-with-fashion-giants-to-make-organic-cotton-traceable/#590b757e1fd2
  16. Operational Technology / Industrial Control Systems

  17. Are Smart Cities more heavily polluted? There’s a growing push to make cities smarter, but do the unintended consequences outweigh the benefits?
    https://www.forbes.com/sites/cognitiveworld/2019/03/03/the-evolution-of-smart-cities/#3b5e516d5df5

  18. MIT: Triton, the world’s ‘most murderous’ ICS/OT malware, is spreading. “The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.”
    https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/amp/
  19. State, Local & Education

  20. ‘Still vulnerable’ is the new normal: This article points out that U.S. election systems are still vulnerable to Russian interference, but that’s the assumption cyber defenders must make every day. The moment you think you’re safe is the moment before you realize you’ve been compromised.
    https://www.washingtonpost.com/opinions/our-elections-are-still-vulnerable-to-russian-interference/2019/03/06/ce197a22-4005-11e9-922c-64d6b7840b82_story.html
  21. Pay to Play: The SANS Institute, the state of Idaho, and the other 25 states participating in the Girls Go CyberStart Initiative might just be on to something. Not only can students earn tuition scholarships, trips, gift certificates and computers, but the schools that participate also have a chance at monetary prizes. While speaking at RSAC 2019 this Thursday, digital forensics professional Heather Mahalik was recognized as a supporter—even the poster child—for the program.
    https://www.idahostatejournal.com/news/local/state-partners-with-cybersecurity-institute-to-train-idaho-youth/article_5c1b150f-bff3-567e-bbf0-4790536e744c.html
  22. Editor’s Choice

  23. Surprise attacks during holidays aren’t new for the Middle East: “By law, Israeli websites providing public service must be accessible to those with disabilities.” Unfortunately, the third-party plugins that make this happen can be vulnerable, leading to untimely compromise.
    https://www.jpost.com/Jpost-Tech/Hacker-attacks-major-Israeli-websites-temporarily-shutting-them-down-582479
  24. Chrome zero-day exploit spotted in the wild: Although Google has a great track record when it comes to paying out major bounties for such discoveries, this one got out of the sandbox—Google urges all users to update (and turn on automatic updates while they’re at it).
    https://www.cso.com.au/article/658538/patch-immediately-chrome-zero-day-flaw-being-attacked-now/
  25. Passwordless website authentication is coming: Tim Berners-Lee and the W3C worldwide web consortium previously brought us HTML. Hopefully they can bring us a safer world without <forms> that use <inputs> for usernames and passwords.
    https://www.zdnet.com/article/w3c-finalizes-web-authentication-webauthn-standard/
  26. Who left the barn door open? Enterprise networking gear can be the fastest way in, and it’s not the first time nation-states and hackers have jumped on such opportunity—similar exploits were revealed by Shadow Brokers and separately stockpiled for use in the Russian-made VPN Filter botnet. This time it’s Cisco RV small business devices, with hackers reversing a Cisco-issued patch and commencing their attacks within two days of the advisory.
    https://www.zdnet.com/article/hackers-have-started-attacks-on-cisco-rv110-rv130-and-rv215-routers/