Forescout Cyber Weekly Roundup
May 31, 2019
The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.
- The clock is ticking: The deadline to get Huawei, ZTE and other foreign devices off federal, state and local networks is fast approaching, but new Forescout research has found over 2,700 Huawei and nearly 1,400 ZTE devices are still connecting to public sector networks. While agencies have made progress, it’s important to remember that it only takes one device to compromise an entire network.
- The U.S. isn’t alone in the cyber skills shortage dilemma: The struggle to fill cyber roles isn’t limited to the U.S. alone. While this article focuses on the shortage in the UK, the lack of skilled cyber professionals spans the globe.
- “We are not limited to respond in cyberspace when we are attacked in cyberspace.” There’s been talk, and some action, in the U.S. of taking a more aggressive, offensive cyber position, but when NATO—a traditionally defensive organization—starts talking about cyber offense, you know it’s time to pay attention.
- From innovation to integration—rapid, and on the spot: This video explains the Army’s ‘Forge’—a new base for the rapid development of advanced cyber operations. The Forge seeks to rapidly adopt innovative ideas with an Agile-like improvement process.
- Impact of cloud security on retailers: New research claims 60% of IT Decision Makers have incomplete awareness of how their organizations’ security posture in the cloud affects their overall IT security; yet, 73% of retailers have either already migrated workloads or are in the process of doing so.
- Almost impossible to avoid the internet, and almost impossible to avoid cybercrime: New research has found that 71% of respondents feel they will become a victim of cybercrime or identity theft. Personal information is often collected and stored in the cloud by service providers, yet consumers rarely know where their data is stored, or how it’s used.
- Australian Department of Health and Human Services 61% more likely to have a breach: Logical security, password management, user access controls and general staff awareness were cited as contributors to the increased likelihood of success on social engineering techniques. The Victorian Auditor-General’s Office (VAGO) exploited weaknesses in all four audited entities and accessed patient data to demonstrate the significant risks that are currently exposed to patient data and hospital services.
- Healthcare is dependent on IT: Doctors don’t just use reflex hammers and stethoscopes anymore. Quite often, your physician might arrive in your room with a laptop or tablet and a handful of other connected devices. It’s no surprise, then, that about a quarter of survey respondents identified cyber as an emerging risk of most concern in healthcare. This article dives into the concept of cyber evaluation within healthcare and the need for internal, external and co-sourced cyber evaluations.
- All that’s needed is a web browser and a URL: Bank account numbers, mortgage records, social security numbers, drivers’ license numbers and images and tax records have been leaked by the website of First American Financial Corp.—and the impact is still unknown, meaning that it’s not yet clear if malicious actors have capitalized on the vulnerability. As we’ve noted in our recent blog on the threat of legacy Windows in healthcare, the threat extends to other industries, including Financial Services.
- Hope for the scammed: Currently, eight banks have committed to implement a new code to refund customers who lost money on account of fraudulent cyber activity. Previously, banks only tended to reimburse people if there was an obvious fault in the way the payment was handled by the bank. Now anyone who has taken reasonable care, or has any element of vulnerability, is much more likely to receive a refund of the lost money.
- It pays to be good: Increasingly, major companies are offering ‘bug bounties’ as a way to keep their code clean and vulnerability-free. This story highlights how anyone can benefit from bug-hunting, and coding skills aren’t necessarily required—it’s more of a mindset that’s really needed. In this particular case, the ethical hacker has netted approximately $1.5 million, and has benefited the cyber community as a result.
- Critical infrastructure cyber defense progress: This story walks through a timeline of recent events and attacks on critical infrastructure and highlights new innovations and solutions designed specifically for the energy sector to help companies safeguard data and information and keep operations online.
- Are incentives needed to encourage security investments? Recent cyber incentive suggestions from the Federal Energy Regulatory Commission (FERC) Chairman, Neil Chatterjee, have received little support. Opposing comments cited unnecessary spending as an inhibitor and others have noted that the cost of compliance with new regulations is an investment risk that should be internalized, not socialized.
- Taxpayers paid to be held ransom: Baltimore city has been the target of a ransomware attack not once, but twice. And, as this article explains, a key component of the malware used by cybercriminals was developed at taxpayer expense by the National Security Agency (NSA). Recent findings and traces back to the NSA have created a blame game and raises questions around the Vulnerabilities Equities Process.
- Call for cyber school funding reform: Recent debates on cyber education have centered on tuition rates and the actual costs of educating students. With charter school rates considerably higher than rates for regular education students, a new resolution is calling on state legislature to reform the law.
- Because malware is beautiful too: All living creatures deserve protection, even if that does not extend to import/export controls on dangerous specimens. Such theoretical controls might include port and internet service restrictions required to ship this recently auctioned $1.3M Samsung laptop infected with classic hits like the ILOVEYOU virus and WannaCry. The art, entitled The Persistence of Chaos, is also infected with MyDoom, SoBig, DarkTequila, and the BlackEnergy malware that caused the 2015 blackout in Ukraine. https://www.bbc.co.uk/news/technology-48444694
Operational Technology / Industrial Control Systems
State, Local & Education