Blog
Forescout Cyber Weekly Roundup March 1, 2019
The Forescout Cyber Roundup is a weekly blog series that highlights some of the major cyber headlines, as well as some of the more obscure stories from the week. The purpose of this curation is to raise cyber awareness, provoke thought and encourage discussion among cyber professionals at all levels. Articles are categorized by industry, not necessarily priority.
Twitter: @proffitt_colby
- Public Sector
- You said you wanted to unplug: U.S. Cyber Command put the kibosh on Russian trolls during the midterms, effectively taking the notorious Internet Research Agency offline.
https://www.engadget.com/2019/02/26/cyber-command-russia-internet-research-agency-military-attack/ - This is what Public Sector and Private Sector collaboration should look like: “The Information and Communications Technology (ICT) Supply Chain Risk Management Task Force holds the potential to serve as one of the primary drivers of federal supply chain efforts moving forward.” Hopefully, we’ll see more actionable cyber collaboration in the near future.
https://www.itic.org/news-events/news-releases/iti-co-led-ict-supply-chain-risk-management-task-force-announces-strategic-workstreams - To trust or not to trust, that is the question: The pressure is on for avionics systems integrators to educate themselves to ensure systems are up to new security standards. https://www.militaryaerospace.com/articles/2019/02/trusted-computing-cyber-security-aircraft.html
- The sky is no longer the limit: The recently released U.S. National Strategy for Aviation Security calls on agencies to step up efforts to defend the aviation industry against a growing array of emerging threats like cyberattacks and drones.
https://www.defenseone.com/threats/2019/02/white-house-orders-agencies-defend-skies-cyberattacks/155046/ - Knowledge is power—and security: National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams and identity theft.
https://www.us-cert.gov/ncas/current-activity/2019/02/27/National-Consumer-Protection-Week - Retail SWOT Analysis: The retail industry has been a longstanding target for cyber criminals, but research suggests the industry as a whole has been slow to learn from its mistakes. However, retail isn’t completely devoid of cyber strengths.
https://www.mytotalretail.com/article/where-are-the-retail-industrys-software-security-strengths-and-weaknesses/ - You’re not a special target, your security controls are just the oldest: Numerous reports in recent years highlight which industries are the hardest hit by cyberattacks. Healthcare continues to rank poorly—and in this case, it’s largely due to poor email security defenses.
https://healthitsecurity.com/news/healthcare-email-security-defenses-lag-behind-other-industries - Does the squeaky wheel get more grease, or more scrutiny? Sen. Mark Warner, D-Va., this week wrote to the Food and Drug Administration, the Department of Health and Human Services, the Centers for Medicare and Medicaid Services and the National Institute of Standards and Technology asking for recommendations to improve the security posture of the healthcare industry.
https://www.cyberscoop.com/health-care-cybersecurity-mark-warner/ - Amazon AWS, Accenture and Mastercard establish ‘circular supply chain’: The effort may result in “allowing consumers to make more sustainable choices about what they buy. Consumers are also able to tip producers, directly rewarding them for their choices in production.”
https://www.forbes.com/sites/leslieankney/2019/02/25/accenture-mastercard-and-amazon-partner-to-establish-transparent-blockchain-supply-chain/ - For some reason they keep sending us electronic mail: The Financial Times reported that “financial services companies in the UK saw a fivefold rise in data breaches in 2018 compared with the year before, according to the Financial Conduct Authority. Last April, it emerged that seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank, had to limit or shut down their systems after sustained attacks that cost them hundreds of thousands of pounds to remedy.”
https://www.ft.com/content/6a2d9d76-3692-11e9-bd3a-8b2a211d90d5 - Welcome to the Internet of Everything (IoE): The attack surface—the number of connected systems and devices—has been increasing exponentially since the Internet of Things (IoT) started becoming more like the Internet of Everything (IoE).
https://www.forbes.com/sites/taylorarmerding/2019/02/27/the-cyberphysical-convergence-is-accelerating-so-are-the-risks/#763add0279a0 - A solid effort: The Industrial Internet Consortium published the first version of their IoT Security Maturity Model Practitioner Guide this week, which focuses on 1) Governance, 2) Enablement and Identity, and 3) Hardening.
https://www.iiconsortium.org/pdf/IoT_SMM_Practitioner_Guide_2019-02-25.pdf - There’s a fine line between transparency, security monitoring, and total privacy invasion: Although seemingly well-intentioned, many believe the recent wave of monitoring software bills wouldn’t just be a personal invasion of privacy, but they could also put the data collected at risk.
https://statescoop.com/nationwide-lobbying-push-for-contractor-monitoring-software-alarms-state-cios/ - CyberPatriot Program offers a new ‘window’ of cyber opportunity: Students across the U.S. have an opportunity to learn about cybersecurity from cyber and Information Technology (IT) experts as part of the Air Force Association’s (AFA) CyberPatriot program.
https://www.dvidshub.net/news/312315/cyberpatriot-program-gives-students-window-opportunity - And this button pops the register! Windows-based VMware Horizon point-of-sale systems are under attack. The POS-scraping FrameworkPOS malware is currently attributed to hacking group Fin6.
https://www.scmagazine.com/home/retail/fin6-using-frameworkpos-scraping-malware-in-pos-attacks/ - It’s like “borrowing” cable TV from your neighbor: But in reality, it’s actually more like hacking firmware in the cloud, where we all live together.
https://www.wired.com/story/dark-metal-cloud-computers-invisible-malware - Because Plug and Play and USB weren’t good enough: Apple and Intel joined forces to give us Thunderbolt hardware technology for Mac, Windows and Linux peripherals. Unfortunately, all versions of Thunderbolt were disclosed as vulnerable this week at the NDSS 2019 security conference.
http://thunderclap.io/ - See that little file icon there? Just right-click and tap “unzip” to use WinRAR: That connects you directly to Mexico, downloads the Cobalt Strike Beacon penetration testing tool, and gives hackers remote access to your device.
https://techbizweb.com/hackers-exploit-winrar-vulnerability-to-deliver-malware/ - Sure, US-CERT issued just another moderate severity OpenSSL advisory: But in the fine print, the OpenSSL website suggests “OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support for 1.0.2 will end on December 31, 2019. Support for 1.1.0 will end on September 11, 2019.”
https://www.openssl.org/news/secadv/20190226.txt
Defense
Retail
Healthcare
Financial Services
Operational Technology / Industrial Control Systems
State, Local & Education
Editor’s Choice