Forescout Cyber Weekly Roundup
October 28, 2019
Automated Threats: Manufacturing and Financial Services
BitPaymer ransomware strikes German manufacturer Pilz: German efficiency is on hold for Pilz, one of the world’s largest manufacturers of automation tools. For more than a week, Pilz has learned the hard way about the impact ransomware can have to operations. All Pilz locations worldwide are affected and disconnected from the main network – they can still keep up with the production, but the ordering system remains down. Unfortunately, that’s not all we heard about cybercriminals delivering BitPaymer payloads this week.
BitPaymer ransomware implied in attack on financial services provider Billtrust: With its services only partially restored, financial services provider Billtrust is scrambling to put their operations back together post-cyberattack – but even with the support of federal law enforcement, there’s no easy way out. While not officially confirmed, it’s rumored that the company was also a victim of the BitPaymer ransomware that impacted German manufacturer Pilz this week.
Sberbank denies 60M-record financial data leak: Sberbank, a state-owned Russian banking and financial services company, allegedly had its servers compromised with 60 million credit card data entries appearing for sale on the black market. However, the bank denied any attack taking place while admitting to a small security breach by one of its employees in which no data was accessed.
7-Eleven retail app fuels social fire in Australia: Only three months after 7-Eleven Japan shut down its mobile payment app when hackers stole $500,000 from users, the 7-Eleven brand took another hit in the Asia-Pacific market with an explosive Australian retail app data breach. Customers could see sensitive data of other customers—an issue discovered and reported by the customers themselves. While the app is now taken down for “maintenance”, this incident will inevitably damage 7-Eleven’s credibility as a secure retail or banking platform.
Phishing nets 129,000 medical records from Montana hospital: A local healthcare delivery organization in Montana is warning its patients that they might have been a subject to a massive, ongoing data leak since May after employees fell for a phishing scam. The phishing beachhead ultimately provided hackers with ongoing access to the most confidential data stored, which could lead to cases of identity theft and fraud.
Operational Technology / Industrial Control Systems
When the building (temperature) goes down: Schneider Electric’s ProClima software, used to control the temperature and overall conditions in smart buildings, proved vulnerable to code injection that could allow an unauthenticated, remote attacker to execute arbitrary code on targeted systems. It’s time to check the thermostat—and to discuss further BAS device segmentation and OT networks.
A Very Penetrated Network: VPNs are used by public sector officials and enterprise employees every day, but one of the industry leaders, NordVPN, may have failed to meet security standards which gave way to server breach. Even though the company denied any leaks when the news broke, they’re now actually taking responsibility for the incident.
State, Local & Education
The pains of high attrition: A leaked White House memo from Dimitrios Vastakis, one of its outgoing administration officials, warns that recent personnel changes in the Office of the Chief Information Security Officer (OCISO) staff are putting the office in high risk of being hacked. “Allowing for a large portion of institutional knowledge to concurrently walk right out the front door seems contrary to the best interests of the mission and the organization as a whole”, says Vastakis.
Johannesburg City Crippled as Hacker Demands Bitcoin Ransom: Three months after reports of post-blackout ransomware impacting utility e-commerce operations, the city of Jo’burg is back in the spotlight as hackers and a 4-bitcoin ransom hold up the municipality’s operations.