The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.
- Public Sector
- Not a single federal agency got an ‘A’: A recent Senate report has found that a number of federal agencies have failed to act on internal cybersecurity audits. And, seven of the eight agencies mentioned in the Senate report received a grade of ‘C’ or lower for FISMA compliance. The highest ranking went to DHS, which received a ‘B’.
- Enhanced Security Requirements for Critical Programs and High Value Assets: The National Institute of Standards and Technology (NIST) has released new draft guidance to help contractors working with high-value assets protect the unclassified (but still sensitive) government data that resides on their networks against advanced persistent threats and other attacks. The draft version of NIST Special Publication 800-171B includes 31 specific recommendations for contractors.
- Moving beyond sanctions to modern defense: After Iran reportedly downed a U.S. drone, President Trump authorized an offensive cyberstrike that disabled Iranian computer systems used to control rocket and missile launch. The U.S. is beginning to put actions behind its recent statements about taking a more aggressive, offensive stance against foreign cyber actors. Time will tell if this altered approach will have the desired effect, or if we’ll see more escalatory measures.
- Cyber battle is everywhere and eternal: The U.S. has found itself in a bit of a cyber gray zone—not actively engaged in open warfare, but not in a state of peace either. Historically, the U.S. has reacted to major threats or acts of war—things like the attack on Pearl Harbor, or the 9/11 terrorist attacks. However, our adversaries realize our historical tendencies and as a result, have taken actions against us that are beneath the threshold of war. Consequently, many view the U.S. as passive or unprepared for cyber conflict.
- Digital modernization requires a digital risk strategy: More and more companies are shifting to an ‘as a service’ or subscription model, leveraging data on customer behaviors, preferences, wants and needs to capitalize on product development and innovation—and ultimately product sales. However, as this article points out, it’s critical that such innovative companies also focus on their digital security and risk strategy to safeguard valuable and sensitive consumer data.
- The cost of our personal social identities—for business leaders: We regularly trade our personal data for a service or experience, but as this article explains, that data can be abused, resulting in endless SPAM and personal annoyance, and it can also be lost or stolen, resulting in identity theft and personal headache. This article offers three areas business leaders should focus on to ensure best practice security initiatives.
- The monetization of patient data as recently breached AMCA files for bankruptcy: The numbers have only grown since the AMCA breach was first reported, with estimates now exceeding 20 million affected patients. What’s unsettling outside of the volume is that the mix of test result data, payment data and other PII will most likely be sold and further resold. AMCA is now filing for bankruptcy after a slew of legal proceedings and class action lawsuits. This is an example of the very real, physical impact of a cyberattack or data breach.
- Time and inconvenience are the primary reasons security is overlooked: A new study has found that the healthcare industry as a whole lacks an awareness of cybersecurity threats and best practices. The study also found that 75% of the entire healthcare industry has been infected with malware in the last year.
- The biggest cyber threats facing banks: This article points to credential stuffing, extortion emails, IoT exploitation, phishing and ransomware as the top five ways today’s fraudsters mount some of their most dangerous, persistent attacks.
- Everything has a lifecycle: Much like a good book, even cyber incidents have a beginning, middle and end. This article highlights the importance of understanding the motivation behind an attack, whenever possible, to more effectively defend against similar attacks in the future.
- From connected buildings to autonomous ships: As innovations in technology and automation continue, drones will not be the only unmanned vehicles—ships at sea may soon be unmanned as well. This article highlights some of the points from the recent Autonomous Ship Technology conference in Amsterdam, which suggest that ships should be viewed through the same lens as connected buildings—a network of connected systems with sensitive data. But what does this mean for tomorrow’s pirates?
- Giving smart factories an ‘immune system’: This article explains some of the cyber defense shortcomings common in operational technology (OT) and building automation systems (BAS). Physical world attacks involving IoT devices, sensors, transducers, and actuators, etc. can be difficult to defend against, and similarly, firewalls and access management systems are not bullet proof against insider threats. This article suggests following an anomaly detection model, similar to the immune response that’s leveraged by the human body.
- Helping without overstepping: Election security remains a topic of debate and discussion at both the federal as well as the state and local levels. Experts have told lawmakers that aging technology and a lack of technical expertise on the part of election workers leaves voting technology vulnerable to exploitation by foreign actors. Currently, federal lawmakers are trying to help improve election security at the state and local level, but some are concerned the federal government is overstepping boundaries.
- Taking matters into their own hands: Recently, in the absence of federal laws, states have opted to modify or create their own data breach notifications laws and requirements. This article offers a roundup of recent state actions that could impact our collective cyber legal future.
- Change your default credentials or be Silexed: A 14 year old boy is behind the latest strain of malware targeting and bricking (“Permanent DoS”-ing) of publicly exposed IoT devices with open defaults like known logins. Right now, his motives are unclear, but thousands of devices have already been affected and the teenager claims that he has even bigger plans for his latest project, stating “It is going to target every single publicly known exploit that Mirai or Qbot load.”
- What do a raspberry pi at NASA, a fish tank at a casino, and your corporate hotel room’s remote control curtains have in common? “This will be the way in,” the leader said.
Operational Technology / Industrial Control Systems
State, Local & Education