Forescout Cyber Weekly Roundup
July 26, 2019

The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.

Twitter: @proffitt_colby

Public Sector

1. An entire nation just got hacked: Personal information of more than 5 million Bulgarian citizens (over 70% of the country’s population) was stolen by hackers in an attack on the tax revenue office. One suspect was arrested, but the government agency won’t disclose what exactly happened and how tight the security was.
   https://edition.cnn.com/2019/07/21/europe/bulgaria-hack-tax-intl/
2. The lights might go out sooner than expected: Australia’s electrical grid might be vulnerable to cyberattacks sooner than expected, and the country is looking for solutions to strengthen its defense lines. Cyberattacks on electrical grids are not new, but the risk they pose requires constantly evolving solutions.
   https://theconversation.com/is-australias-electricity-grid-vulnerable-to-the-kind-of-cyber-attacks-taking-place-between-russia-and-the-us-119157

Defense

3. No camera left behind: The Marine Corps has awarded a $13.5M cybersecurity contract to a 2-year-old defense technology startup. The company, Anduril Industries, now has to create an all-seeing “digital fortress” to protect surveillance cameras from being attacked by the enemy.
   https://taskandpurpose.com/marine-corps-anduril-industries-palmer-luckey-contract
4. Dreams come true in the fifth domain: France’s Defense Innovation Agency hires sci-fi writers to help them imagine possible future threats in the era of cyberterrorism. The French Army has been showing off its efforts to position itself as the world’s most modern armed force, and this new creative team is said to help them train for scenarios straight out of political fiction novels.
   https://www.telegraph.co.uk/news/2019/07/19/french-army-sets-red-team-sci-fi-writers-imagine-future-threats/

Retail

5. The kinetic effects of cyber in retail: We noted in our 2019 predictions that cyber attacks would have a more physical impact this year and in the future. We’ve seen evidence of that in multiple cases—mostly with respect to critical infrastructure attacks. However, what’s not always obvious are the indirect effects related to cyber—ripple effects that can also be very physical. This article explains that while some retailers have turned to self-checkout options as a means to redirect funds to improve their cybersecurity posture, as a result, physical, in-store theft has spiked. The cyber-physical battleline is not a straight line; it is an all-encompassing circle.
   https://www.smartcompany.com.au/industries/retail/shoplifting-theft-australia/

Healthcare

6. This is not the adblock you’re looking for: This is not the adblock you’re looking for: At least eight different browser extensions targeting healthcare organizations and Health IT companies were quietly collecting sensitive data, including patient names and their health information. The creators of those extensions had over seven months to gather data unnoticed.
   https://www.fiercehealthcare.com/tech/several-health-it-companies-impacted-by-browser-extension-privacy-issue-report
7. There is no perfect lock: The healthcare industry remains a top target for malicious actors. While the retail and financial industries have, at least in some regards, stepped up security investments, healthcare hasn’t kept pace—and hackers are capitalizing on this. As this article states, “If you’re a billion-dollar hospital operation and someone wants to spend two billion to hack your system, there’s a differential in size.”
   https://searchhealthit.techtarget.com/feature/Healthcare-data-breaches-persist-as-security-investments-flounder

Financial Services

8. leaning up the mess: C After overcoming the clean-up obstacles surrounding its data breach, Equifax has reached a settlement with regulators to the tune of $700M, but many experts say the damage is beyond repair, and consequences should be harsher.
   https://thehill.com/policy/cybersecurity/454207-equifax-breach-settlement-sparks-criticism
9. Seeing right through it: QuickBit cryptocurrency has confirmed that personal data of over 300,000 of its users was publicly visible to anyone willing to look hard enough. A third-party researcher is working to uncover how the breach happened, and the company was quick to say that the customers can rest assured their funds are safe, but the exposed data can still be successfully used for malicious purposes.
   https://www.cryptoglobe.com/latest/2019/07/quickbit-confirms-security-breach-exposed-customer-details/

Operational Technology / Industrial Control Systems

10. Your operation deserves better: When thinking of a cybersecurity tool for your Industrial Control Systems, there are a number of factors to consider, especially in the constantly changing landscape of threats and risks. You might need something new to add to the line-up, even if it works perfectly now – who knows what the future holds.
    https://www.tripwire.com/state-of-security/ics-security/questions-industrial-cisos-evaluating-cybersecurity/
11. Dating mining the mining industry: More and more industries are feeling the effects of the convergence of operational technology (OT) and information technology (IT). This article explores some of the new threats that the mining industry has unintentionally exposed itself to.
    https://www.miningreview.com/health-and-safety/security-mining-cyber-threats-cannot-ignored/

State, Local & Education

12. How doomed are the elections? Before the 2020 Presidential Elections, Senate Democrats are pointing out that without strengthening the systems used for voting, the US is facing a grim future of election results controlled by hackers good enough to breach the already failing cybersecurity measures.
    https://www.wired.com/story/mueller-testimony-election-security/
13. Scam no more: The U.S. Federal Trade Commission is suing Cambridge Analytica amidst the ongoing Facebook data scandal while settling with its two former executives regarding the user information they gained from the leak.
    https://www.ftc.gov/system/files/documents/cases/182_3107_cambridge_analytica_administrative_complaint_7-24-19.pdf
14. Hey Alexa, don’t write that down:A Massachusetts state representative is planning to introduce a bill limiting the amount of data that voice assistant hardware and software creators can gather. It’s called the Automatic Listening and Exploitation Act, or ALEXA for short.https://www.theverge.com/2019/7/24/20726335/seth-moulton-amazon-alexa-data-collection-bill-smart-devices-conversation-recording

Editor’s Choice

15. State of Louisiana Issues a State of Emergency – Cybersecurity Incident: Governor Edwards took action in response to cyber breaches in state school systems this week. In terms of being forward-thinking, the State suggests there is significant risk in this ongoing emergency, and “anticipates various state agencies will need to work cooperatively”.
    https://www.arklatexhomepage.com/news/louisiana-news/gov-edwards-issues-statewide-emergency-declaration-in-response-to-malware-attack/
16. Botnet operators expand RDP scanning scope to enable BlueKeep attack: Barriers to exploit commoditization are falling and attacker scans for BlueKeep-vulnerable exposed devices continue unabated. In this case, a Linux botnet has added a vulnerability scanner to collect targets for future exploit. Overall, more and more cybercriminal operations are joining the fray as incentives line up and technical barriers fall.
    https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
17. BlueKeep blows past the ‘Race to Scanner’ milestone in the exploit lifecycle: As Catalin Cimpanu neatly reports: “The cyber-security community is treating BlueKeep akin to a nuclear doomsday clock, and for a good reason. This is a very dangerous security flaw and companies should patch systems to avoid getting hacked when the clock strikes midnight.” Real risk to the enterprise increases as these milestones in cyberweapon creation and commoditization disappear into our collective rear view mirror.
    https://www.zdnet.com/article/us-company-selling-weaponized-bluekeep-exploit/