Forescout Cyber Weekly Roundup
April 5, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

Public Sector
1. Share your toys: Although a bit heavy on fear, uncertainty and doubt (FUD), this article does highlight some of the actions taken in recent years to overcome hurdles to public-private partnership and collaboration—an absolute necessity for national cyber defense.
   https://thehill.com/opinion/cybersecurity/436902-we-need-public-private-collaboration-to-prevent-a-cyber-pearl-harbor
2. Call for management consultants: The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is seeking private sector expertise to help craft cyber policies and new programs, marking yet another step forward for public-private collaboration.
   https://federalnewsnetwork.com/federal-newscast/2019/04/house-bill-would-create-panel-of-cyber-experts-to-help-dhs/

Defense

3. Could you lurk a little faster please? This article highlights the labor and time-intensive efforts required for military cyber operations to be effective—killing adversary power or communications can take weeks of planning, with only a few exciting moments of measurable reward. The military needs to adopt the same mindset and tactics as bad actors—not always acting, but always watching, waiting, observing and learning.
   https://www.fifthdomain.com/international/2019/04/02/how-military-hacking-can-improve/
4. Cyber boarding team worked to secure vessel: This thoughtful article explores the fundamental differences in U.S. Cyber Command and the National Security Agency (NSA) with respect to cyber objectives and limitations.
   https://www.marinemec.com/news/view,congressman-us-not-adequately-addressing-the-problem-of-maritime-cyber-threats_57371.htm

Retail

5. Because loss from shoplifting wasn’t enough: This article highlights the massive amount of financial data that retailers manage every day—specifically, payment card data—and provides interesting perspective on the motivation behind a significant portion of attacks.
   https://www.mytotalretail.com/article/calling-all-retailers-understanding-cyber-threats-and-how-to-combat-them/
6. Call for Speakers for 2019 Retail Cyber Intelligence Summit: A number of industry specific cyber events have popped up in recent years and it’s encouraging to see a cyber summit dedicated to the retail industry. In its fourth year since its first summit in 2016, this year’s event will focus on a wide variety of retailers, from grocers and restaurants, to online retailers, consumer product manufacturers and cybersecurity industry partners.
   https://www.apnews.com/Business%20Wire/6812796d065245b9bc376f5e5c044198

Healthcare

7. The award you don’t want: The healthcare industry took first prize again last year as the leading industry for cyberattacks and data breaches. This latest report highlights a handful of interesting findings, including Healthcare being the leading target of ransomware attacks in 2018.
   https://hitinfrastructure.com/news/healthcare-hardest-hit-by-cyberattacks-data-breaches-in-2018
8. Unfortunately, hospitals continue to rely on end-of-life technology: Although there are regulations in place, many healthcare providers are simply ignoring them out of necessity. This article highlights that often, the need for the connected medical devices outweighs the due caution required for the security of those same devices.
   https://portswigger.net/daily-swig/us-healthcare-iot-security-rules-are-not-being-heeded

Financial Services

9. Systemic security issues: 97% of banking apps tested lacked basic binary code protections and 90% of the apps tested experienced unintended data leakage.
   https://www.zdnet.com/article/security-flaws-in-banking-apps-expose-data-and-source-code/
10. Don’t ignore Dmarc: Newly released research found that one-third of leading UK challenger banks failed to implement domain-based message authentication, reporting and conformance (Dmarc), a best practice feature designed to prevent email spoofing. Enterprise use of Dmarc is also an indicator in ‘cyber risk score’ services and increasingly applied in IT supply chain audit.
    https://www.computerweekly.com/news/252460835/Four-in-10-leading-banks-failing-on-email-fraud-protection

Operational Technology / Industrial Control Systems

11. LockerGoga lock out: Norsk Hydro stole the headlines last week, but two other chemical companies—Momentive and Hexion—were also affected by cyberattacks that leveraged the latest encryption program, LockerGoga.
    https://www.chemistryworld.com/news/hexion-momentive-and-norsk-hydro-all-hit-by-ransomware-cyber-attacks/3010328.article
12. Island hopping? Try long jumping. Adversaries are increasingly leveraging the supply chain as a jumping off point for additional attacks. Commonly referred to as island hopping, attackers are routinely gaining access to one network, only to gain access into additional networks with little effort.
    https://www.computerweekly.com/news/252460820/Cyber-attacks-increasingly-exploiting-supply-chain-weaknesses

State, Local & Education

13. What does the FBI have in common with K-12? AIt’s encouraging to see FBI investment and efforts to improve K-12 efforts to better safeguard critical data, applications and networks.
    https://www.eschoolnews.com/webinars/the-fbis-perspective-on-cyber-security-in-k-12/
14. What a university hacker can accomplish in two hours: While these latest hacks were conducted by white-hat hackers, and no data was compromised, this latest exercise highlights how critical it is for universities to prioritize the security of their research projects and networks.
    https://www.bbc.com/news/education-47805451

Editor’s Choice

15. Solid research shared in the 2019 IoT Threat Landscape Report from F-Secure: ‘IoT or connected devices—does the difference even matter?’ 59% of attacks on F-Secure honeypots targeted Telnet, a trend the researchers attribute to the spread of Mirai.
    https://blog.f-secure.com/iot-threats/
16. HHS OCR highlights cybersecurity Advanced Persistent Threats and Zero Day Exploits: The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued their Spring 2019 Cybersecurity Newsletter. In focus are the ‘dangerous combination’ of advanced persistent threats and zero day exploits in the context of the HIPAA Security Rule.
    https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-Spring-2019/index.html
17. Follow-on research leads to discovery of new vulnerabilities in ICS SCADA systems: Tenable researchers continued exploration of Advantech WebAccess industrial PC products. Advantech is the leading IPC vendor in environments with industrial control systems (e.g. smart factories), so its product security is critical to sectors like Manufacturing.
    https://www.tenable.com/security/research/tra-2019-15

Share This: Share on Linkedin Share on Twitter Share on Facebook