NTSC Technology Security Roundup

Weekly News Roundup: April 9, 2018

Lobbying Groups Actively Discussing Encryption Legislation with Lawmakers

According to CyberScoop, many conversations are currently occurring between legislators and specific private sector lobbying groups about law enforcement-friendly encryption legislation. Law enforcement has long wanted backdoor access to smartphone devices in criminal cases—and it appears that legislators are privately exploring ways that they can accommodate that demand while still placating the private sector. The CyberScoop article says, “The congressional effort is being pioneered by a combination of the Justice Department and leaders of the Senate Judiciary Committee; specifically, Senate Judiciary Chairman Chuck Grassley, R-Iowa, and ranking member Dianne Feinstein, D-Calif. At the Justice Department, Deputy Attorney General Rod Rosenstein has become one of the leading voices regarding a legislative solution.”

Cisco Switch Vulnerabilities Exploited by Nation State and Other Advanced Threat Actors to Attack Critical Infrastructure

Bleeping Computer recently pointed to a blog post by Cisco Talos that reveals nation state and other advanced actors attacking critical infrastructure through Cisco switch vulnerabilities. According to Cisco Talos, “Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERT's recent alert.”

Software Company (24)7.ai at Root of Several Recent Major Data Breaches

Last week, a few major companies admitted data breaches related to (24)7.ai—a software company that provides customer experience software such as website chat tools for businesses. Among the companies hit include Best Buy, Delta Air Lines, and Sears. According to Gizmodo, “the breach was the result of a malware attack, and that the unauthorized access involved payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses. In a statement, [24]7 said the breach occurred on September 27th of last year and was contained roughly two weeks later.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Unpatched Vulnerabilities the Source of Most Data Breaches: Reported in Dark Reading, “Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched. Half of organizations in a new Ponemon Institute study conducted on behalf of ServiceNow say they were hit with one or more data breaches in the past two years, and 34% say they knew their systems were vulnerable prior to the attack.”
  • Nearly Half of Organizations Targeted Again Within a Year of Suffering a ‘Significant’ Cyberattack, Report Reveals: Security Intelligence reports that, “According to Mandiant’s “M-Trends 2018” report, 49 percent of managed detection and response customers that remediated a large-scale attack suffered an incident from the same or a similarly motivated threat group within one year.”
  • Researchers Report Nearly 20,000 Vulnerabilities in 2017, Reinforcing the Need for a Proactive Cybersecurity Strategy: Security Intelligence reports that “In its ‘Vulnerability Review 2018,’ software vendor Flexera noted that the number of vulnerabilities shot up 14 percent between 2016 and 2017, though the percentage of highly critical flaws stayed relatively flat at 16 percent. The report characterized the majority (55 percent) of these vulnerabilities as remote network flaws, followed by local network vulnerabilities at 32 percent.”
  • 1.5 billion sensitive files exposed by misconfigured servers, storage and cloud services: Reported in ZD Net, “In just the first three months of 2018, a total of 1,550,447,111 exposed files have been detected by researchers at Digital Shadows, who outlined the findings in a new report.”
  • Majority of Critical Infrastructure Orgs Unprepared for Attacks: Reported in Infosecurity Magazine, “57 out of 100 executives from various critical infrastructure organizations surveyed by Indegy said they are not confident that their enterprise nor other infrastructure companies are in control of [operational technology] security.”

Three Major Cybersecurity Acquisitions Last Week

Last Tuesday, aerospace and defense company General Dynamics completed its acquisition of CSRA, a provider of IT solutions for government. According to WTOP, “General Dynamics inherits the company’s cybersecurity and data-analytics business, and its information technology contracts. The deal makes General Dynamics one of the largest federal IT providers.” On Thursday, RSA announced its intent to acquire Fortscale, a pioneer in embedded behavioral analytics. And reported in ZD Net, “VMware said on Wednesday that it's acquiring E8 Security, a user and entity behavior analytics company. E8 Security's platform uses machine learning and AI to help businesses detect cyber threats faster.”