Blog

Forescout Cyber Weekly Roundup
September 5, 2019

Bartosz Urban | September 5, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Public Sector

IoT attacks and ransomware ain’t goin’ nowhere: A new McAfee report revealed that ransomware attacks grew by 118% in Q1 this year and were primarily focused on large organizations in the Public Sector, followed by Finance, Chemical, Defense, and Education. The report also notes that “even with all the sophisticated attack techniques being developed, attackers are still highly dependent on human interaction and social engineering”, while PHP- and IoT-based attacks remain common — it’s 2019, and admin/admin remain the top usernames and passwords used to attack IoT devices today.

https://www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/

And the beat goes on: Chinese Huawei accuses US government of cyberattacks and employee threats designed to disrupt its business. The accusation, made in a statement on Wednesday, follows US attempts to lobby European governments to ban the use of Huawei networking gear due to fears it might aid Chinese spying. Touché, Huawei.

https://www.washingtontimes.com/news/2019/sep/4/huawei-accuses-us-of-cyberattacks-coercing-employe/

Defense

Intelligent guardians: The Pentagon has announced that a framework for AI-powered cyberdefense systems is being created jointly with the NSA. By creating a consistent process for curating, describing, sharing and storing information, the JAIC intends to create a collection of data that could be used to train AI to monitor military networks for potential threats.

https://www.nextgov.com/cybersecurity/2019/09/pentagon-nsa-laying-groundwork-ai-powered-cyber-defenses/159649/

Going Dutch: The Stuxnet virus attack that has targeted Iran’s nuclear program for half of the previous decade has always been a mystery. How did the U.S. and Israel manage to infect a high-security uranium-enrichment plant? As it turns out, they had outside help from The Netherlands.

https://news.yahoo.com/revealed-how-a-secret-dutch-mole-aided-the-us-israeli-stuxnet-cyber-attack-on-iran-160026018.html

Retail

Pretty hurts: Yves Rocher, an international cosmetics company, stored its customer details in a vulnerable database with an exploitable API, with potentially 2.5 million records exposed. The database API (Application Program Interface) was accessible, with a possibility for malicious actors to not only read, but also add and modify data entries. Exposed entries included personal information like names, dates of birth, and contact data – accessing this equals jackpot for hackers, yet there’s no evidence anyone broke in.

https://www.insurancebusinessmag.com/ca/news/cyber/cosmetics-giant-yves-rocher-compromised-2-5-million-canadians-data-potentially-leaked-177115.aspx

Real stores with cyber money: With cryptocurrencies on the rise, online businesses are starting to use them more frequently, despite some alleged risks. And now that Facebook is entering the currency business, the landscape is changing more rapidly than ever.

https://www.computerworld.com/article/3435770/why-hybrid-blockchains-will-dominate-ecommerce.html

Healthcare

Healthcare is the bad guys’ favorite: Security experts once again confirm that the healthcare organizations are becoming the most popular target of cyberattacks. Besides causing huge financial losses, cybersecurity threats could impact lives of patients in hospitals.

https://www.thehindubusinessline.com/info-tech/cyber-criminals-have-set-their-eyes-on-lucrative-vulnerable-healthcare-industry-kaspersky/article29340882.ece

No week would be complete without a data leak: Over 120,000 customers of Providence Health Plan’s dental program in Oregon had their data leaked in an apparent attack. The incident may have happened years ago, with the first signs pointing all the way back to 2010.

https://www.databreaches.net/122000-providence-health-plan-customers-may-be-affected-by-data-breach-at-dominion-national/

Financial Services

Breaches – $3 trillion per year today, $5 trillion per year by 2024: Juniper Research shared aggressive estimates not far from the IBM/Ponemon Institute’s Cost of a Data Breach report, illustrating the steadily increasing costs, recovery fees, and damages of data breach. Recall that in the Ponemon report, breach causes financial services institutions “abnormal customer turnover of 5.9 percent… accounting for 36 percent of the average total cost” of breach.

https://www.darkreading.com/attacks-breaches/rising-fines-will-push-breach-costs-much-higher/d/d-id/1335726

The new business exploit leader causes headache to insurance companies: As business email compromise became the number one reason for companies to cyber-insurance claims, security specialists advise how to protect yourself from the threat.

https://www.scmagazineuk.com/cyber-insurance-claims-double-two-years-bec-overtakes-ransomware/article/1595420

Operational Technology / Industrial Control Systems

The lyceum you don’t want to attend: An espionage group specialized in malware attacks, working out of South Africa and called “Lyceum” by cybersecurity experts, poses a huge threat to many oil and gas operations, mainly in the Middle East.

https://www.bankinfosecurity.com/lyceum-apt-group-fresh-threat-to-oil-gas-companies-a-13003

Smart cities not smart enough: As more and more control systems are connected to the Cloud, new threats are looming over the horizon. Hackers are finding ways to disrupt and extort businesses, so it’s imperative to find a sensible solution when running an IoT-based operation.

https://www.nextgov.com/ideas/2019/09/dangers-smart-cities/159617/

State, Local & Education

Summer Snow Day for NY school district: New York state’s Orange County school district sent parents a text message on Tuesday, informing them of a cybersecurity incident that impacted district-wide operations. As a result, the first day of school would be cancelled, while more than 65,000 students learned that cyberattacks can deliver benefits too.

https://www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/

Standards and Practices will look into it: The U.S. Department of Health and Human Services shared a document outlining best practices concerning detection and management of cyberthreats that might put patient’s personal details and data in danger.

https://healthitsecurity.com/news/ocr-shares-best-practices-for-managing-malicious-insider-threats

Editor’s Choice

Android zero-click hacks now cost more than iOS zero-days: In a surprise announcement on Tuesday, exploit broker Zerodium updated its price list, offering $2.5 million for anyone who can passively pwn an Android phone, but only $2 million for the iPhone. Security vulnerability researchers state that the reasons behind the rising price — $2.5 million is the most Zerodium has ever offered for a zero-day exploit — are both Android security improving (mostly due to its open-source strategy), and that the market has been recently flooded by a slew of iPhone hacks. Adam Smith would appreciate the invisible, Android-holding hand of market scarcity affecting free market exploit pricing.

https://www.wired.com/story/android-zero-day-more-than-ios-zerodium

The Center for Internet Security issues advisory of major LangSec PHP issues – another native buffer overflow could be exploited by attackers to execute arbitrary code: The CIS announcement revealed that multiple vulnerabilities were discovered in recent versions of the PHP programming language, which supports a wide variety of enterprise content management platforms and bespoke web applications. Although there are no reports of exploit in the wild, CIS advises users to patch their PHP ecosystems — no small feat for enterprises managing what can be hundreds or thousands of internal apps on a variety of platforms and environment configurations.

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2019-087/