As another week passes by, the world of cybersecurity witnesses another round of developments and for the cybersecurity analysts, engineers and professionals, there are various updates that they need to catch up on. Realizing and acknowledging the importance of these critical updates for the cybersecurity enthusiasts, we bring forth the top headlines of the week:
Hackers Steal NASA’s Information, Discovered After A Year
The Inspector General of U.S. National Aeronautics and Space Administration (NASA) published an audit report this week confirming an infiltration into its system and resulting illegal access of data related to Mars Missions that have been going on since April 2018. This cyber attack on the world’s largest and most accomplished research department has remained undetected for over a year and has led to a loss of approximately 500 megabytes of data from 23 files, two files among which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission.
What led to the attack?
Naturally, a loophole in the security measures results in a loss as significant as this and in this case, it has happened because of an unauthorized and poorly secured device connected to the I.T. network of the NASA Jet Propulsion Laboratory (JPL) – a Raspberry Pi device. It is via this point that hackers moved ahead into the NASA network, going as deep as the Deep Space Network (DSN) array of radio telescopes and several other JPL systems.
What is the present status?
The attack was a hard nut to crack and is known as an “advanced persistent threat,” which made it difficult to trace the infiltration until a year had passed. As we speak, investigations continue in this regard. Investigators found JPL incompetent in its functioning and lacked incident reporting capacity round-the-clock, unlike NASA’s security operations center. NASA has concurred with 9 out of the ten recommendations mentioned in the audit document.
Europe Organizes Cyber Expo
Europe organized a Cyber Security & Cloud Expo at the RAI in Amsterdam on 20th and 21st of June 2019, which welcomed all cyber security enthusiasts across Europe to explore the most innovative advancements in technologies which are affecting industries, including government, energy, financial services, healthcare, and several others. The enriching expo was extremely informative for the attendees and provided the much-needed insight into significant issues.
The two-day event was well planned and covered a plethora of essential topics which require voice and discussion, some of which are:
- Enterprise Security – IOT & Digital Transformation
- Emerging Technology & Regulations
- Enterprise Technology Solutions
- Cyber Security Innovations
- Developing Email Security Solutions
The event was graced by eminent personalities representing renowned companies such as Nokia, Intel, Dell, Cisco, Lenovo, Hitachi, Microsoft, etc. These personalities were the prime speakers for the event and made the entire event worthwhile and enlightening.
Eurofins Scientific Undergoes Cyber Attack, Serious Impact On Court Cases
Eurofins Scientific, a Luxembourg-based scientific testing firm which handles over 50% of U.K.’s forensic science market and processes over 70,000 cases for the police annually, underwent a significant and complex cyber attack on the weekend of June 1 to 2, 2019.
Consequently, thousands of court trials in England and Wales are at risk and stand delayed with a possibility of only the major ones getting immediate attention.
What led to the attack?
The attack striking Eurofins Scientific was a ‘highly sophisticated and well-resourced’ ransomware attack which has disturbed all its I.T. systems and halted progress at work. All law enforcement submissions to their forensic science subsidiary have been suspended temporarily as a preventive, as well as resultant measure.
What steps have been taken?
- Further submissions to the firm are presently debarred until the criminals are located or a resolution is found.
- National Crime Agency (NCA) has taken charge of investigating into the attack and is collaborating with the NPCC, and the National Cyber Security Centre, to handle things.
- Infected computers are being analyzed, and the needful is being done. However, due to the voluminous amount of data and sophistication involved, the entire process shall take a considerable amount of time.
- Also, to reduce the disruption caused to the efficiency of the judicial system, priority work shall be forwarded to other forensic firms.
The U.S. Counterstrikes Iran With A Cyber Attack
Responding to the constant attacks from Iran in recent times, U.S. Cyber Command finally on 20th June 2019 (Thursday), conducted a cyber-attack on an Iranian intelligence group that presumably helped plan the recent oil tankers attacks.
The U.S. cyber-attack coincided with President Trump’s statement calling off the strike on Iranian targets such as radar and missile batteries. This attack was expected and has been meticulously planned for weeks, as a counter attack for the recent tanker attacks and the downing of an unmanned U.S. drone by Iran.
How was Iran affected?
Cyber attacks from Iran have reportedly been on the rise in recent times because of which, the U.S. launched the mentioned counterattack that took the Iranian intelligence groups offline for some time. This was also in line with the shadow tactics which Iran has been using against American industries and government agencies.
- According to the people involved, the U.S. cyberattack targeted several computer systems in Iran.
- Apart from this, an additional breach was carried out which targeted other computer systems that control Iranian missile launches.
Destructive New Malware “Silex” On IOT Devices
The new software called “Silex” is on the mission of bricking IOT devices with a specially designed malware that permanently disables the hardware it infects. This is done by overwriting all of the system’s storage with random data, dropping its firewall rules, removing its network configuration and restarting the system, thereby making the target system a useless product. Silex has affected and destroyed over 2,000 Linux-based IoT devices so far, and the numbers only escalate. The software is unique because it captures no data; neither does it demand any ransom.
Who created Silex?
Surprisingly, the operator of Silex is a young boy, fourteen years old, who has taken up the pseudonym of ‘Light Leafon.’ The malware was traced back to its origins by a NewSky Security researcher, Ankit Anubhav, who found Light Leafon to be its creator. It was disclosed by Light in an interview that the project began as a joke but has now developed into a full-time project and that he plans to infuse more destructive capabilities in future variants of Silex.
What next for Silex’s founder?
Young Light Leafon is probably one of the most prominent and talented IoT threat actors presently and plans to rework Silex to incorporate all of the original BrickerBot functionalities. He shall also add the provision of logging into devices via SSH, in addition to the existing Telnet hijacking capability. He says that shortly, Silex shall be mighty enough to target every single publicly known exploit that Mirai or Qbot load. It’s saddening that a young boy with such exceptional gifts and skills chose to tread on a shameful path. However, the sad part is that in spite of being an excellent hacker for his age, he probably made multiple OpSec mistakes that can cost him a lot in the future.
Hackers Target Phone Networks Worldwide
A new means of keeping a track on the activities of people has been figured out by adversaries and this time, and it’s via hacking into people’s mobile phone networks. They can successfully access the network and can even shut them down if they want to.
Post analyzing carefully, US-Israeli security firm ‘Cybereason’ affirmed that the hackers were from China, and were perhaps sponsored by the Chinese government. The hackers collected the call records and geo-location of various individuals from selected countries across Europe, the Middle East, and Asia.
Cybereason noticed a dynamic nature in the pattern of the attack, and there was a new activity after every few months, which speak volumes about the proficiency of the hackers.
How are the victims attacked?
Gaining access to the network through a flaw in a web server product, the attackers are fearless enough to challenge mighty powers of the world. Cybereason saw a resemblance to Chinese hacking group APT10 in the pieces of equipment and techniques used by the adversaries. However, in no way does this suggest that Chinese firms are associated with the attack.
Attackers always launch ransomware attacks with the motive of ceasing the data on a system and releasing it only after the payment of the amount of money demanded. With this same goal, hackers got into the computer system of Norsk Hydro, a global aluminum producer.
After having found ample weaknesses in their system, the attackers launched the ransomware attack, which affected 22,000 computers across 170 different sites in 40 different countries. However, these bad actors invested their time and effort at the wrong place as they were up for disappointment with Norsk Hydro.
What were the steps taken by the company?
The company never contacted the attackers or agreed to pay any ransom. Their entire system crashed, and their entire workforce comprising about 35,000 people took to pen and paper and began working manually, but they did not give in to the demands of the adversaries. Three months have passed since Norsk Hydro was attacked and they haven’t yet made a full recovery, but they are firm in their stand and have already spent over £45m in the process.
No wonder, the financial and professional losses incurred by Norsk Hydro are immense, but they did earn themselves recognition as trendsetters who bring a change and don’t pay heed to the fear tactics used by hackers.
Rating agency Moody’s Corp. and creator of cyber defense startups, Team8 collaborated recently to launch a joint venture that can assess the vulnerability of companies during cyber-attacks.
Since economies worldwide are slowing down because of over-spending in the acquisition of knowledge related to the risk which is associated with doing business with third and fourth parties, the mentioned organizations have come up with this parameter of evaluating the vulnerability of each firm. Via this model Moody’s and Team8 plan to create a framework that can measure defenses and preparedness of various companies for a cyber-attack.
This framework will be particularly beneficial to the companies which purchase cyber-insurance policies and are engaged in acquisitions and mergers.
What are the plans?
They hope to set a benchmark for the rest of the businesses, through this unique index company that shall initially be based in New York and Israel and shall eventually expand and be able to have a workforce of hundreds of people in the span of a few years as compared to the initial dozen employees. They are presently working on building their model and hope to have beta customers in a year.
The Germany based Federal Office for Information Security (BSI), recently certified U.S. chipmaker Qualcomm for a next-generation chip which boosts the smartphone’s security.
Qualcomm’s Snapdragon 855 mobile system on a chip (SoC) received the approval of one of the most rigorous and globally recognized institutions, and this enhances their resolve of securing multiple applications via a single security chip. Qualcomm already has a wide user-base with almost half the world’s smartphones running on their chipsets.
Many sensitive details of users such as passwords, keys, health data, two-factor authentication, etc. are stored in smartphones and tablets these days, which naturally heightens their security demands. With Qualcomm’s new chipset, these demands are fulfilled, and it also enables manufacturers to save on the cost of materials and reduce power usage in devices, much to their benefit.
A critical vulnerability has been discovered in Oracle’s WebLogic servers, which have been extensively exploited by adversaries so far. Oracle was quick enough to issue a patch for the same, but the vulnerability may persist. The best option for users is to update their systems at the earliest possible.
Since this vulnerability affects the online security of users, it is not surprising that an attacker can gain complete control of a victim’s device. The vulnerability allows attackers to exploit a network without using a username or password. In spite of the patch being made available, people aren’t entirely safe as the bug is under active exploitation.
What is the motive of attackers?
Security experts located around 42,000 Internet-accessible WebLogic servers and the attackers are more likely to attack corporate networks among these. It is speculated that they plan to drop some crypto-mining malware into the victim’s system.