Blog

Forescout Cyber Weekly Roundup
October 21, 2019

David Wolf | October 21, 2019

Back to the basics: Cybersecurity experts are ringing the alarm on critical infrastructure facilities being more vulnerable to attacks then ever. The main challenge is that critical, high-availability systems cannot be shut down for thorough testing and risk analysis, as they need to be available 24/7. This creates an endless loop of uncertainty over how stable critical systems actually are and what would it take to bring them crashing down. “Above all, companies should isolate the most critical systems to ensure they can keep them operating no matter what”, said Pedro Abreu, Forescout’s chief product and strategy officer.

https://www.ft.com/content/797e1e5e-ca53-11e9-af46-b09e8bfe60c0

Not exactly a love letter: Pitney Bowes, the US shipping and mailing giant, had its operations left unable to deal with customers requests after a nasty ransomware attack. Even though there’s no proof of customer data being accessed by the hackers, the event has still proved a major blow to operations and shipping service availability.

http://www.theregister.co.uk/2019/10/14/pitney_bowes_ransomware/

Financial Services

The price of information: The deep web holds vast troves of stolen customer data, listing personal information for sale – and for a price. Analysts have uncovered some pricing samples, so if you ever wondered how much your credit card fullz, RDP access, and bank logs are worth, then look no further than this updated 2019 Flashpoint report.

https://www.flashpoint-intel.com/blog/a-look-at-the-pricing-of-cybercrime-goods-services/

Back at it again: The FIN7 cybercriminal group, allegedly responsible for numerous intrusions targeting hundreds of companies since 2015, are said to be back with new tools created specifically to hide their cyber-heists in plain sight. “By exploiting the trust inherently provided by code certificates, FIN7 increases their chances of bypassing various security controls and successfully compromising victims”, say the industry researchers – so there’s no time to lose.

https://www.scmagazineuk.com/fin7-group-retooling-new-malware-evasion-techniques/article/1662213

Healthcare

Genetically speaking: The DNA-testing industry is growing, but consumers are still wary – how can genetic data be misused by companies, or how can it invade our privacy? 23andMe co-founder, Anne Wojcicki, took an opportunity at the TIME 100 Health Summit to explain the rumors and bring in some facts: “The reality is with a new technology, it just takes time for people to be comfortable with it.”

https://time.com/5703915/anne-wojcicki-eric-lander-time-100-health-summit/

The end for Windows is nigh? Many healthcare facilities still depend on dated equipment with legacy operating systems, increasing chances of old vulnerabilities being ruthlessly exploited. Microsoft is on a mission to remind its customers than Windows 7 is not a safe OS anymore, especially in high-risk operations – and the deadline for the end of Windows 7 support is getting closer.

https://www.pcworld.com/article/3446218/theyre-back-windows-7-popup-warnings-to-update-to-windows-10-will-soon-reappear.html

Retail

Hope you’ll do business with us again: Following a huge data breach in 2012 and a hefty fine from the lawmakers, Zappos is trying to settle the situation with its customers by offering them a 10 percent discount on future online purchases. Whether that is appropriate is one thing, but this might change how companies quantify lifetime customer value when responding to future breaches.

https://www.ciodive.com/news/zappos-bucks-cash-payouts-proposes-10-discount-as-breach-settlement/565340/

Magecart strikes retailers again: Volusion, an e-commerce infrastructure provider, has become a target for Magecart attacks, which added malicious code that skims credit card data from purchases made through thousands of Volusion-based retailers. Third-party retail platforms used by PCI-bound businesses technically require the same level of governance and control as the rest of the card-processing network, but the reality of cloud supply chain sprawl leaves a gap.

https://www.cpomagazine.com/cyber-security/more-magecart-attacks-volusion-ecommerce-platform-breached-thousands-of-online-stores-compromised/

Public Sector

Keep your hand on the Pulse: The CERT Coordination Center has released a warning on vulnerabilities affecting Pulse Secure VPN, which could lead an attacker to take control of an affected system. Read the article to find out what steps should be done to stay protected.

https://www.us-cert.gov/ncas/current-activity/2019/10/16/multiple-vulnerabilities-pulse-secure-vpn

Attribution and The Masked Hacker: Many hacker groups have been discovered to impersonate each other to evade detection and correct attribution. This trend appears to be growing, which naturally poses a threat to effective detection of attacks, and in the long run, making sure that the targets—particularly Public Sector and Financial Services—know who they’re facing.

https://securityboulevard.com/2019/10/hackers-impersonating-other-hacker-types/

State, Local & Education

Texas post-ransomware statement: “We’ve got a long way to go.” 23 Texas municipalities were affected by a ransomware attack last summer, and the state’s Chief Information Officer points his finger at improper cyber hygiene of the systems attacked: “Preparation is the key. Basic cyber hygiene is the key.”

https://www.nextgov.com/cybersecurity/2019/10/texas-chief-information-officer-shares-lessons-learned-ransomware-attack/160598/

Picking up the pieces: At the beginning of this school year, Rockford Public Schools became victims of ransomware cyberattacks which targeted the district digital equipment. Officials claim this was a great inconvenience—and the story isn’t over even more than a month later.

https://www.northernpublicradio.org/post/rockford-public-schools-still-recovering-ransomware-attack-one-month-later

Editor’s Choice

Oracle, Juniper, Cisco, SAP – Let’s Just Quilt the Whole Enterprise: The weeks around Patch Tuesday are typically focused on Microsoft, Adobe, Mozilla and assorted vendor updates pinned to the second Tuesday of the month. But October brought us more than usual: Juniper squashed 84 bugs while Oracle dropped a monster 219 security patches in their quarterly updates. To add to the din, Cisco has published 41 security advisories since Patch Tuesday—and that despite last month including Cisco’s semiannual security patch rollup. To further complicate the enterprise, SAP delivered 7 security notes in its monthly SAP Security Patch Day, including fixes for a pair of “Hot News” vulnerabilities of CVSS 9+ scores. All together, that’s a lot of patchwork.