The Forescout Cyber Roundup is a weekly blog series highlighting some of the previous week’s cyber headlines and explaining why they matter. Each article includes a closer look at the potential implications of the news or event, predictions about what might happen next and suggestions for all readers, from the C-suite to end users. Articles are ordered by date, not necessarily priority.
- Mitigating Cybersecurity Threats this Cyber Monday (November 25, 2018)
Summary: Black Friday and Cyber Monday deals drive major sales this holiday season, but it’s important to consider the risks of online shopping and know how to shop securely.
Why it matters: Black Friday and Cyber Monday have historically been busy days for both consumers and malicious cyber actors. Target was hit on Black Friday in 2013 and this year, Amazon suffered a data breach just hours before Black Friday. This article highlights education and privileged access management as a couple of ways that retailers can improve security, but it’s important to remember that cybersecurity is also the responsibility of the consumer. Consumers want the best deal—to the point that they will ignore safety advice if it stops them from saving money—and retailers want to gain consumer business by offering the best deals, value and security. However, when 62% of your customer base is still willing to shop your brand that’s been breached in the past, it can be tempting for retailers to focus more on convenience and less on security—after all, security is an additional expense. Read more about how device visibility can help balance between convenience and security and check out the guidance for consumers provided by the recently created Cybersecurity and Infrastructure Security Agency (CISA). Formerly known as the National Protection and Programs Directorate (NPPD), the CISA was recently signed into law as the official U.S. federal cyber agency. Consumers planning to purchase IoT devices over the holidays should also check out the IoT buying guide from the Mozilla Foundation.
- Washington Asks Allies to Drop Huawei (November 23, 2018)
Summary: Huawei, China’s largest smartphone manufacturer, is already banned in the U.S. and may soon be banned in other countries as well.
Why it matters: Huawei has been banned at various levels within the U.S. over the past five years—the company was forbidden from bidding on U.S. government contracts in 2014 and just earlier this year the Pentagon banned both Huawei and ZTE phones from retail stores on military bases. While the U.S. has taken significant measures to manage the threat to national security internally, the government is now taking steps to reduce the risk internationally. Because it’s so challenging to define cyber borders, the U.S. must protect its own assets but also consider the potential entry points outside of U.S. control (for example, networks and devices of U.S. allies) that may be leveraged by malicious actors. Australia banned Huawei earlier this year, and just this week, New Zealand also barred the Chinese firm. Huawei has shifted its focus to Europe and has described the U.S. ban as ‘anticompetitive’; however, given China’s history of espionage and IP theft, it’s unlikely that the U.S. ban will be lifted. Instead, it’s probable that Huawei will face bans in additional countries in the near future. In the meantime, the telecommunications giant is set to complete construction of a 3,400 mile network of submarine cables in Papua New Guinea, furthering security concerns in the U.S., Australia and other countries in the western Pacific.
- Uber Fined $1.17 Million in Europe over Its Massive 2016 Data Hack and Cover-up (November 27, 2018)
Summary: Uber suffered a major data breach in 2016; nearly two years later the company is ready to move beyond the settlements.
Why it matters: Uber’s actions after the 2016 data breach are a great example of what a company shouldn’t do if it’s compromised: pay the criminal then try to disguise it as a bug bounty. New data protection and privacy laws such as the GDPR, however, should make it harder to make those mistakes—or at least make them more costly. Over the last couple of decades, businesses have been forced to accept the cost of cybersecurity as the cost of doing business—you either make a big investment up front or you pay for it in losses and reputation damage afterwards. Now, with data protections in place, business will have yet another cost to worry about. FBI Director Robert Mueller said it best at RSA in 2012, “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” Hacking isn’t going to stop; there are persistent threats that require vigilance to combat. Regulations won’t stop the attacks, but they will force companies to maintain a constant interest in protecting user data.
- Ransomware Suspects Indicted (November 28, 2018)
Summary: Two Iranian men have been charged with deploying the SamSam ransomware that crippled Atlanta and infiltrated networks in Newark and San Diego.
Why it matters: Although two men have been indicted, SamSam victims such as the City of Atlanta and the Colorado Department of Transportation might not feel vindicated. Because both actors are in Iran, justice—or punishment—cannot truly be served unless the two men leave their country. However, what’s most interesting about this announcement from the FBI is that ‘the U.S. is exploring other avenues of recourse.’ What that means is yet to be seen, as is the case for the 12 Russians who were indicted earlier this year for meddling in the 2016 election. What’s clear is that the U.S. is taking an aggressive stance on attribution and consequences, and is sending a strong message to other bad actors that they are not as invisible in cyberspace as they might think. As the concepts of Smart Cities and Smart Transportation evolve into reality, we can expect that cybercriminals will find it harder to evade detection. Earlier this year, Nvidia partnered with AI developer Any Vision to develop a new type of Smart City surveillance technology. The capability would bring automatic facial recognition into closed-circuit television surveillance cameras and compare the identified faces with criminal databases. Smart Cities, however, present an enormous attack surface that city planners must consider in order to protect sensitive systems and citizen data, securely embrace IoT and cyber physical systems (CPSs), and preserve investments in legacy infrastructure. Learn more about Smart Cities and Smarter Cybersecurity.
- Researchers Uncover New Malware Activity by Russian Hackers (November 20, 2018)
Summary: Russian Sofacy APT, also known as Fancy Bear, has released new malware in its latest phishing campaign.
Why it matters: The way malware works is pretty interesting, but not as interesting as the strategic social campaigns bad actors develop and employ to harvest user data. In this case, Russian hackers delivered an email that appears to be about current events—a recent plane crash off the coast of Indonesia. Once the user opens the attached Word document, a popup appears, claiming that macros need to be enabled—a prompt not unfamiliar to most users. What’s interesting about this approach is that it requires an additional step on the part of the user—in many cases, users simply have to open an email and click on a link for the malware to be installed. In this case, however, users have to open the email, open the document, click on the prompt to enable macros, and close the document. These additional steps indicate that hackers are confident the fake content they are providing is convincing enough to allure users into making additional clicks. Here’s a closer look at how the new malware works.
- Mitigating Cybersecurity Threats this Cyber Monday (November 25, 2018)