Forescout Cyber Weekly Roundup
November 4, 2019
Editor’s Choice
An Indian nuclear power plant suffered a cyberattack. Device control has never been more important, as “an investigation by India’s Department of Atomic Energy revealed that a user had connected a malware-infected personal computer to the plant’s administrative network.” As Washington Post journalist Debak Das astutely notes: “Air-gapped nuclear facilities can be attacked… India may wish to treat the Kudankulam attack as a wake-up call about its vulnerable cyber defenses at nuclear facilities and other critical infrastructure.”
Automated Threats
Bluekeep exploit weaponized in malcode: A long-awaited and widespread cyberattack against publicly exposed Windows devices using BlueKeep has begun. Scanner availability of the exploit in the Metasploit framework was an early-September precursor to weaponization that reduced barriers to attack two months later. While the final payload in this attack was only a cryptominer, the ultimate payloads delivered by BlueKeep-based exploit chains will become much more significant, especially in sensitive operational technology (OT) and industrial environments where ransomware or persistent access is more valuable than mining.
Operational Technology / Industrial Control Systems
MITRE to release ICS cybersecurity framework: MITRE, a non-profit security research organization, will soon release an updated version of ATT&CK, a framework designed for companies and governments to deal with ICS cyber threats and attacks. This new version will include specific attack techniques used against industrial control systems, since targeting critical industrial infrastructure is becoming more frequent and more severe. The updated framework could be available to industry specialists as soon as December and will cover attacks against ICS protocols and ways in which hackers might hinder incident response.
https://www.cyberscoop.com/mitre-attack-framework-industrial-control-systems/
Financial Services
3 million Italian UniCredit customers affected by data breach: Italian banking and financial services company UniCredit has informed the public that in 2015 they were subject to a huge data breach. Over 3 million customers might be affected. The company’s press release states that no financial data was included in the breach, with only customer names, phone numbers, mail addresses, and cities of residence appearing in the leak – but this is enough for malicious actors to work with.
Retail
Protecting the POS when ‘Critical’ POS issues are common: Unfortunately for cyber-sensitive retailers, over 18 percent of all POS systems-related vulnerabilities reported in bug bounty programs are described as “critical in severity”. While more attacks are targeted at web and mobile retail systems, some researchers say they’re not as threatening as the ones prepared for store hardware. This underlines an important subject, especially in the holiday seasons: Retailers need to take their cybersecurity more seriously.
https://threatpost.com/threatlist-most-retail-hardware-pos-flaws-are-critical/149609/
Healthcare
Securing the Internet of Medical Things (IoMT) requires collaboration: Booz Allen Hamilton and the eHealth Initiative Foundation claim that in order to efficiently protect the Internet of Medical Things and medical devices connected to the cloud, the industry needs to collaborate on all levels and come up with solutions together. As shared by Jennifer Covich Bordenick, CEO of eHI: “All healthcare stakeholders need to be vigilant about making cybersecurity a core component of patient safety discussions and dedicated to working together to ensure safety”.
Public Sector
Identity fraud vulnerability in EU systems: An electronic identification system used by European Union countries can be exploited for identity fraud, as reported by researchers who successfully impersonated Johann Wolfgang von Goethe, a 16th-century German writer, while using the system. The complex network of nodes and protocols that formed the basis of this systems had a vulnerability that could be exploited. The EU has updated the underlying software, and businesses using if for customer identification should update to get the latest fixes.
https://nakedsecurity.sophos.com/2019/10/31/researchers-find-hole-in-eu-identity-system/