Blog

Forescout Cyber Weekly Roundup
May 24, 2019

Colby Proffitt | May 25, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

    Public Sector

  1. Women in cyber: Recent congressional discussions have turned to ensuring equitable representation of women and minorities in the cybersecurity field.
    https://www.nextgov.com/cybersecurity/2019/05/government-needs-diversify-its-cyber-workforce/157174/

  2. The modern draft: Conscription, commonly know as ‘the draft’ within the U.S., has been employed across five major military conflicts, but now, a modernized version of the draft may target cybersecurity professionals.
    https://www.csoonline.com/article/3396116/will-the-u-s-government-draft-cybersecurity-professionals.html
  3. Defense

  4. But the ‘Splunk tool’ malware RAT is for a good cause: This controversial story explains how cyber is apparently being used in war-crimes cases, and raises the question of how government surveillance could potentially amount to illegal spying on journalists and defense attorneys.
    https://www.airforcetimes.com/news/your-air-force/2019/05/21/why-the-air-force-is-investigating-a-cyber-attack-from-the-navy/
  5. More Capable, Adaptive and Pervasive: While adversaries continue to evolve their tactics, the Department of Defense (DoD) is pushing for more timely and adaptive measures to bring in talent and solutions to combat cyber threats, leveraging the Joint Artificial Intelligence Center (JAIC) as a means to bring in both traditional and non-traditional industry partners and solutions.
    https://www.defense.gov/explore/story/Article/1851514/dod-cyber-leaders-address-threats-resilience-working-with-industry/

  6. Retail

  7. And I solemnly swear to maximize shareholder value: The recently released KPMG Cyber Security Consumer Loss Barometer report, which polled 1,800 CISOs and 2,000 customers globally, found that 55 percent of CISOs would rather risk customer relationships than company earnings.
    https://www.itproportal.com/news/uk-businesses-prioritise-financial-loss-over-consumer-trust/

  8. Clear as mud: New research suggests that 97 percent of the 161 sampled breach notification messages to customers or consumers were difficult or fairly difficult to read, which may be one of the reasons so many consumers are prone to inaction. While some legislation requires breach notifications, this research suggests that notification alone may not be enough—concise, clear recommended actions for affected consumers might also be needed.
    https://www.futurity.org/data-breaches-notifications-2066072/

  9. Healthcare

  10. Unaccounted for medical devices are a major cyber risk: The healthcare industry is facing a significant cyber challenge when it comes to connected medical devices. While not all devices are inherently vulnerable, many are. In our recently published healthcare security research report, Putting Healthcare Security under the Microscope, we provide healthcare security and risk management leaders with insight into the types of devices connected to medical networks, their associated risks and recommendations for a comprehensive security strategy.
    http://www.healthcareinfosecurity.com/interviews/tips-on-tackling-medical-device-cybersecurity-challenges-i-4327

  11. Storytelling is the new required skillset for the healthcare CISO: New research highlights an overwhelming number of ‘top priorities’ for security decision makers, and while cyber is among them, it’s often difficult to articulate the impact or implications of cyber incidents, attacks and breaches. An ongoing dialogue, crisp descriptions of cyber events, and the ability to connect those events to potential business impact are critical to ensuring board-level understanding and executive action.
    https://www.fiercehealthcare.com/tech/communicating-value-cybersecurity-to-boards-leadership-7-strategies

  12. Financial Services

  13. Because “the Internet is where the money is.” The panelists from a recent discussion on cyber crime noted that no industry is exempt, and while banks may be a prime target, prevention is ultimately rooted in education and collaboration across industries.
    https://www.augustachronicle.com/news/20190522/panel-all-vulnerable-to-cyber-crime-so-collaboration-needed

  14. Quantum Dawn, Act II: Although the name even sounds like a bad actor title—or a catastrophic cyber event—this second simulation conducted by the Securities Industry and Financial Markets Association (SIFMA) is only a test. But, that’s not to say that it should be taken lightly. The goal of this simulation is to compel financial institutions to discover unknown risks and better anticipate future, real attacks.
    https://www.cnbc.com/2019/05/10/are-financial-advisors-prepared-for-cyber-attacks.html

  15. Operational Technology / Industrial Control Systems

  16. Manufacturing and Energy are top cyber targets: One of the most interesting points uncovered in this new research is that different industries take the top, worst-ranked spot in terms of being a cyber target from week to week. Some industries like manufacturing do not directly involve customer information that’s legally required to be reported, potentially lowering the accuracy of reports.
    https://www.isssource.com/manufacturing-energy-targeted-industries/

  17. ICS Vulnerabilities Abound: An ICS researcher has uncovered more than 100 security holes in ICS systems, while Shodan searches reveal thousands of buildings with these vulnerabilities are connected to the Internet.
    https://www.oodaloop.com/cyber/2019/05/13/extensive-flaws-in-all-major-building-control-systems/

  18. State, Local & Education

  19. Cyber Corridor Advancements: In recent years, Louisiana has created what it calls a ‘Cyber Corridor’—a hub for technology-focused business, education and research institutions. More recently, Gov. Edwards announced a new partnership to create the state’s first cyber education center.
    https://edscoop.com/louisiana-announces-states-first-cybersecurity-education-center/

  20. Notification laws need teeth: Wisconsin laws from 2008 require notification of stolen data, but enforcement is lacking. According to a recent report, it’s unclear whether companies that fail to report can actually face lawsuits for negligence.
    https://www.wpr.org/state-regulator-says-wisconsin-data-breach-laws-lagging-other-states

  21. Editor’s Choice

  22. McAfee publishes BlueKeep RCE exploit for new ‘Wormable’ Microsoft RDP vulnerability: It didn’t take long for Microsoft’s unusual May 14th patch to be converted to an exploit by threat researchers. Given the natural affinity attackers have for legacy Windows, it’s just a matter of time before scores of hopefully patched legacy devices come under fire. Defenders must implement layered controls to deal with an uncomfortable reality where operational assets aren’t always so easily updated. Given the ubiquity of long-lived legacy Windows assets in organizations using operational technology (OT), the issue is of prime interest to Healthcare, Manufacturing, Energy and critical infrastructure providers like Financial Services.
    https://www.bleepingcomputer.com/news/security/researchers-demo-poc-for-remote-desktop-bluekeep-rce-exploit/

  23. SandboxEscaper loves to share, gives us another Windows 10 vuln: Privilege escalation might be less interesting than the latest BlueKeep unauthenticated remote code execution issue, but it’s more relevant to modern ‘up-to-date’ environments—the latest non-responsible disclosure from SandboxEscaper exploits another chink in Windows 10 services.
    https://www.theregister.co.uk/2019/05/22/windows_zero_day/

  24. Does this mean we get to launch a drone testing labs program? Recent major media coverage has fanned concern of mass-produced Chinese IoT products, with a practical focus on drones made by Shenzhen-based SZ DJI Technology, maker of the Phantom and the leader in global drone sales. But are the devices returning sensitive flight data to Chinese headquarters? The only way to know for sure is to take a few months off with hacker friends, travel to exotic locations, and do lots of drone flight-testing.
    https://www.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html
  25. TeamViewer the firm hacked in 2016; TeamViewer the software remains bane to CISOs today: “TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other’s PC over the Internet from anywhere in the world. With millions of users making use of its service, TeamViewer has always been a target of interest for attackers.” Leading German publisher Der Spiegel criticized the TeamViewer firm for not disclosing the breach, while company spokespeople blame bad end-user password hygiene.
    https://thehackernews.com/2019/05/teamviewer-software-hacked.html