Forescout Cyber Weekly Roundup
October 14, 2019
Public Sector
Why should we pay more attention to cybercriminals: One of the major forensic services providers in the UK is issuing a warning that we as a society might not be as ready to deal with cyberattacks as we would like to believe. The company itself was a subject of a massive attack by hackers in June, so it’s anyone’s guess that they know what they’re saying. The big question is: what is at risk here?
https://www.bbc.com/news/uk-49972290
Get fooled once, shame on you: Switzerland has decided to stop the automatic information exchange with Bulgaria after data of four million taxpayers of the latter has been leaked this summer. This might prove restricting to not only financial and security institutions, but also individual travelers and businessmen.
https://international-adviser.com/switzerland-stops-information-exchange-with-bulgaria/
Healthcare
The “ransom” part of “ransomware” gets real: Three Alabama hospitals were attacked by hackers who injected ransomware into their system, shutting down their operations and forcing the doctors to turn away patients. Now that the ransom has been paid, the hospitals are trying to go back to business as usual – but what is the non-monetary cost of cleaning up your networks after such a devastating attack?
Healthy skepticism: As market for mobile health apps grows, so does the amount of data collected from individual users – and hackers are catching wind of that, preparing future attacks that could endanger patients around the world. A few apps that could steal data have already been discovered, and it seems this is just the beginning – so it’s important to be careful when choosing a download from your app store.
Financial Services
The fourth wall will not protect you: The FBI warns that secondary tokens, a popular way of two-factor authentication in online banking, can be easily manipulated by hackers and exploited to give them unrestricted access to bank accounts. As the methods get more and more sophisticated, it’s crucial to stay vigilant and know what might happen.
https://www.bankinfosecurity.com/fbi-cybercriminals-are-bypassing-multifactor-authentication-a-13226
Data Breach Weekly: This time, it’s credit information of almost 40,000 Canadians, thanks to a data leak from one of the country’s credit report agency. An access code was stolen and used by malicious actors to extract personal data, including names, addresses, date of birth, and credit-related information.
Retail
Eastern expansion opportunities: With security as a number one priority, general merchandise retailer Poundland is developing an IT network from the ground up to accommodate its expansion into Poland. With many entry points and levels to the infrastructure, it’s important to do it carefully and thoughtfully, and the company is laying the groundwork while keeping that in mind.
https://www.essentialretail.com/news/poundland-adopts-new-it-network/
What can we learn: Hy-Vee, an employee-owned retail store chain, is now releasing findings from an investigation into a customer payment data incident from last June. It turns out that leaked data might even include cardholder names and card numbers, potentially putting many of its customers in danger of identity and credit card fraud.
https://www.grocerydive.com/news/hy-vee-releases-findings-from-data-breach-investigation/564462/
State, Local & Education
Big Brother is not going anywhere: A ruling by the Foreign Intelligence Surveillance Court states that the FBI made unauthorized warrantless electronic searches on American citizens, violating both the law that authorized the surveillance program they used and the Fourth Amendment of the US Constitution. Now the Agency must create a new system that will keep the country safe from harm, but that includes the privacy of its citizens.
Your trip? Grounded: Researchers are investigating ways that hackers could use to attack local airports, following a very real string on attacks in real life, including blacking out information screens in Bristol last year. There are many ways to get in – and the researchers are determined to explore each and every one of them, which the article dutifully lists.
https://www.zdnet.com/article/planes-gates-and-bags-how-hackers-can-hijack-your-local-airport/
Editor’s Choice
Red Light District goes black: 250,000 users of a Dutch sex-work online forum had their personal data stolen in a massive breach. Every leak is dangerous for customers, but this might prove to be another item on a list of things threatening sex workers around the world.
They watch you watching: Smart TVs and TV boxes host a staggering number of trackers, as we find in a slightly disappointing, and yet completely unsurprising report from Princeton University. “There’s very little oversight or awareness of practices, including where that data is being sold” – and, as one could expect – all the data is given out willingly by the customers themselves, hidden in walls and walls of user agreement texts.