Forescout Cyber Weekly Roundup
November 18, 2019
Editor’s Choice
33 Key Stats on Cybercrime: If cybercrime were a country, “it would rank 13th in terms of its GDP when considering the most recent (2018) GDP data from the World Bank.” That’s just one of 33 recent cybercrime stats compiled by Casey Crane.
https://securityboulevard.com/2019/11/33-alarming-cybercrime-statistics-you-should-know-in-2019/
Operational Technology (OT), Energy and Industrial Control
Energy industry practices for a ‘black swan’ cyberattack that could take down the grid. “Some of the biggest stakeholders in the energy sector came together this week to conduct a simulated cyberattack on the electrical grid. The event is called GridEx, and takes place every two years. It imagines the U.S. under attack from a foreign country, through the power grid. Countries like Russia, China and Iran have either attacked foreign grids or conducted reconnaissance on the U.S. grid, according to U.S. intelligence agencies.”
https://www.cnbc.com/2019/11/16/energy-sector-practices-for-a-black-swan-cyberattack.html
US Department of Energy, Pacific Northwest National Laboratory host third annual CyberForce Competition: “Members on each team spent eight hours fighting off cyber hackers trying to break into their simulated nuclear power grids… This is the fifth year the DOE has hosted the CyberForce competition, and PNNL’s third.”
Financial Services
Seeing Double FinServ Double-RAT: Fortinet threat researchers discover a double-RAT trojan that pairs RevengeRAT (discovered by Cisco Talos researchers) with WSH RAT aka H-W0rm (discovered by FireEye in 2013). In August, the Cisco Talos researchers also found RevengeRAT paired in a double-RAT with Orcus RAT. These RATs are often used against targets in the Financial Services. Updated Threat Profiles for all these dirty RATs are well-maintained by the New Jersey Cybersecurity and Communications Integration Cell NJCCIC.
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html
Oil & Gas
New systems, new cyber threats. “The growing prevalence of remote monitoring, analytics and automation systems to control drilling, production, storage, transport, processing and refining systems makes it essential to understand the risks associated with ‘smart’ devices being integrated into operational processes. Many OT systems continue to run on legacy operating systems and remain unsegregated from corporate networks, which allows attackers to pivot from IT to OT systems.”
$4.9M Ransomware attack hits Mexican state oil firm Pemex. “Pemex, which has been creaking under a massive debt load, said operations were normal and that oil production and storage were unaffected”.
https://www.ibtimes.sg/ransomware-attack-hits-mexican-state-oil-firm-pemex-34220
Supply Chain and IoT Device Security
146 New Vulnerabilities All Come Preinstalled on Android Phones: “The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new.” Imagine how bad it is for the long-tail of IoT devices and maintenance of each IoT product’s open source dependencies.
https://www.wired.com/story/146-bugs-preinstalled-android-phones/
Supply Chain and Remote Access
Let’s talk about remote access software in the enterprise: Was it a TeamViewer bug or a Microsoft component—or both? TeamViewer offers patch for code execution bug thanks to arbitrary DLL loading via Windows Sockets 2 API.
https://latesthackingnews.com/2019/11/18/code-execution-vulnerability-found-in-teamviewer-patch-now/
Healthcare
Medical Device Security – Medtronic and Philips: “More Alerts About Medical Device Security Flaws… Latest Advisories a Reminder of Legacy Product Risks”.
About Google’s employee access to hospital records for 50M Americans: “A whistleblower who works in Project Nightingale, the secret transfer of the personal medical data of up to 50 million Americans from one of the largest healthcare providers in the US to Google, has expressed anger to the Guardian that patients are being kept in the dark about the massive deal.”
Retail
Visa Security Alert – New JavaScript Skimmer ‘Pipka’ Targeting eCommerce Merchants Identified. “The web skimmer has been spotted on at least 17 popular eCommerce websites, a new Visa alert warns. Visa researchers recommended that websites institute recurring checks in eCommerce environments for C2 communications; ensure familiarity with code integrated into eCommerce environments and closely vet Content Delivery Networks.” Thanks to ThreatPost and Lindsey O’Donnell for surfacing the Visa Security Alert, which stated: “In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. PFD is naming the skimmer Pipka.”
https://threatpost.com/pipka-card-skimmer-removes-itself-after-infecting-ecommerce-sites/150341/
Smart Transportation
Beware of the ‘Juice Jacking’ Scam at Phone Charging Stations. The Los Angeles County District Attorney’s Office weighed in on airport mobile device chargers found in transit centers and hospitality venues. In short: “Use an AC power outlet, not a USB public charging station”.
https://www.nbclosangeles.com/news/local/Juice-Jacking-Scam-565040822.html
Future Protocols / 5G
As 5G Rolls Out, Troubling New Security Flaws Emerge: “Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them. The researchers from Purdue University and the University of Iowa are detailing 11 new design issues in 5G protocols that could expose your location, downgrade your service to old mobile data networks, run up your wireless bills, or even track when you make calls, text, or browse the web. They also found five additional 5G vulnerabilities that carried over from 3G and 4G. They identified all of those flaws with a new custom tool called 5GReasoner.”
https://www.wired.com/story/5g-vulnerabilities-downgrade-attacks/