Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana]

www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä rikotaan taas ennätyksiä, israelilainen merialan tietoturvaan erikoistunut Naval Dome varoittaa. Naval Domen tilastojen mukaan iskut merenkulun operatiivisen teknologian järjestelmiin ovat kohonneet trendinomaisella tavalla: kolme vuotta sitten tehtiin 50 merkittävää ot-hakkerointia, seuraavana vuonna 120 ja viime vuonna näiden tapausten määrä kipusi 310 vakavaan iskuun. Israelilaisyhtiön Pohjois-Amerikan johtaja Robert Rizika arvioi viime viikolla pidetyssä kyberturvan online-seminaarissa, että tänä vuonna ot-tapausten määrä nousee 500 kyberiskuun, ja vieläpä niin, että merkittävä osa tapauksista jää raportoimatta. “Siitä lähtien kun NotPetya -haittaohjelma aiheutti tanskalaisjätti Maerskille 300 miljoonan dollarin tappiot kesällä 2017, on vakavien kyberiskujen määrä kivunnut hälyttävällä tavalla”, Rizika kertoi merialan it-johtajille ja tietoturvasta vastaaville. Tänä vuonna hakkereiden iskujen kohteina ovat olleet eräs amerikkalainen öljyputkioperaattori sekä maailman suurimpiin konttivarustamoihin kuuluva sveitsiläinen MSC. Viime mainitun Geneven pääkonttorin nettiyhteydet kaatuivat viiden päivän ajaksi haittaohjelmaan keväällä. Tänä vuonna Ryuk-haittaohjelma sulki erään amerikkalaisen logistiikkayhtiön palvelut ja kesäkuussa uhrina oli iranilainen Shahid Rajeen satama, jonka öljynkuljetukset katkesivat pitkäksi aikaa. Kuten yleisesti tiedetään, merenkulkualakin digitalisoituu ja automatisoituu vauhdikkaasti. Samalla kun yhdistettyjen laitteiden ja järjestelmien määrä lisääntyy, myös riskit ja haavoittuvuudet kasvavat. “Merenkulun piirissä syntyy jatkuvasti uudenlaisia kyberturvan uhkia ja porsaanreikiä. Näiden kautta järjestelmiin voidaan tunkeutua, jos järjestelmiä ei ole alusta pitäen suojattu kunnolla”, Rizika painottaa. Lue myös:

www.offshore-energy.biz/ports-increasingly-targeted-by-cyberattacks-as-maritime-incidents-surge/

Koronasovelluksesta löytyi haavoittuvuuksia Käyttäjätiedot olivat hakkereiden armoilla

www.tivi.fi/uutiset/tv/20171709-ace3-4a79-9f2b-b4cc3d06e56e Koronasovelluksessa oli haavoittuvuuksia, joiden avulla käyttäjien tiedot olisi voinut varastaa. Etelä-Koreaa on kehuttu digitaalisten työkalujen käyttämisestä koronavirustaistossa. Kaikki ei kuitenkaan ole mennyt täydellisesti, sillä karanteeneja valvovasta mobiilisovelluksesta löytyi vakavia turvallisuusongelmia. Vikojen takia hakkerit pystyivät pääsemään käsiksi yksityisiin tietoihin, kertoo The New York Times.

Facebook is creating a network filled with bad bots to help it understand real scammers

www.zdnet.com/article/facebook-is-creating-a-network-filled-with-bad-bots-to-help-it-understand-real-scammers/ Facebook’s engineers are tired of always running after scammers. So they are re-creating bad behavior to try and anticipate it.

OilRig APT Drills into Malware Innovation with Unique Backdoor

threatpost.com/oilrig-apt-unique-backdoor/157646/ The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images. A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the version of RDAT in question was uncovered during the course of its investigation, standing out by using a unique command-and-control (C2) channel. To wit, it uses steganography to hide commands and data within bitmap images attached to emails. The backdoor first debuted as a proprietary OilRig weapon in 2017 and has gone through several updates since then, the firm noted, adding that timestamps indicate that OilRig added the steganography trick to RDAT’s profile as far back as 2018.

Bluetooth Reconnection Flaw Could Lead to Spoofing Attacks

securityboulevard.com/2020/07/bluetooth-reconnection-flaw-could-lead-to-spoofing-attacks/ A group of researchers at Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS) recently discovered a vulnerability that affects the many IoT devices running Bluetooth. Bluetooth Low Energy (BLE) is the most widely utilized low-energy communication protocol for mobile and IoT devices. Sales of Bluetooth Low Energy (BLE) devices are forecasted to triple by 2023 to 1.6 billion annual shipments, according to market advisory firm ABI. BLE devices rely on pairing, a critical procedure, to build trust between two devices when they connect for the first time. Once paired, the reconnections between BLE devices are often transparent to the user. The vulnerability lies in the reconnection procedures for previously paired BLE devices. And reconnections happen frequently in typical usage scenarios, said Jianliang Wu, a PhD student from the PurSec Lab at Purdue University and one of the lead researchers on the project. Bluetooth devices often move out of range and then move back into range again later, and re-establish a connection with a previously paired devices. All of this goes on without user notification. The research centers on this reconnection process. “We were intrigued by the fact that the researchers in the prior art had focused on analyzing the security of the one-time pairing procedure, but they had completely overlooked the reconnection procedure between two already paired BLE devices, ” said Wu. “We strived to investigate the reconnection procedure for potential security flaws. In our research, we first theoretically analyzed the reconnection procedure by carrying out the formal verification of the connection procedures proposed in the most recent BLE specification.”. Read also:

friends.cs.purdue.edu/pubs/WOOT20.pdf

CouchSurfing investigates data breach after 17m user records appear on hacking forum

www.zdnet.com/article/couchsurfing-investigates-data-breach-after-17m-user-records-appear-on-hacking-forum/ EXCLUSIVE: CouchSurfing working with law enforcement and security firm to investigate incident.

The cyber threat to sports organisations

www.ncsc.gov.uk/report/the-cyber-threat-to-sports-organisations The NCSC report highlights the cyber threats faced by the sports sector and suggests how to stop or lessen their impact on organisations.

Alert (AA20-205A) – NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

us-cert.cisa.gov/ncas/alerts/aa20-205a The National Security Agency (NSA) along with the Cybersecurity and Infrastructure Security Agency (CISA) recommend that all DoD, NSS, DIB, and U.S. critical infrastructure facilities take immediate actions to secure their OT assets.. Read also:

media.defense.gov/2020/Jul/23/2002462846/-1/-1/1/OT_ADVISORY-DUAL-OFFICIAL-20200722.PDF

How Security Intelligence Improves State and Local Governments Strategies

www.recordedfuture.com/security-intelligence-government-strategies/ State and local security analysts and their teams are drowning in threat data. Agency silos make it harder to exchange vital intelligence insights, resulting in dangerous time delays. On top of that, most analysts dont have the time or resources required to manually investigate potential indicators of a cyberattack. This situation leaves government agencies open to risk and it can even make

You might be interested in …

Daily NCSC-FI news followup 2020-01-21

Infiltrating Networks: Easier Than Ever Due to Evil Markets www.bleepingcomputer.com/news/security/infiltrating-networks-easier-than-ever-due-to-evil-markets/ Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the […]

Read More

Daily NCSC-FI news followup 2020-02-18

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin threatpost.com/active-exploits-hit-vulnerable-wordpress-themegrill-plugin/152947/ Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin. Ole organisaatiosi tietoturvan vahvin lenkki myös matkustaessasi ek.fi/ajankohtaista/uutiset/2020/02/18/ole-organisaatiosi-tietoturvan-vahvin-lenkki-myos-matkustaessasi/ Matkustaessa korostuvat mahdollisuus henkilötiedusteluun, eli ihmisiltä tehtävään tiedonhankintaan, sekä riski […]

Read More

Daily NCSC-FI news followup 2020-07-25

Will Garmin Pay $10m Ransom To End Two-Day Outage? www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ransom-to-end-two-day-outage/ Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days. Lisäksi yle.fi/uutiset/3-11465640 Hackers actively exploit high-severity networking vulnerabilities arstechnica.com/information-technology/2020/07/hackers-actively-exploit-high-severity-networking-vulnerabilities/ Hackers are actively exploiting two unrelated high-severity […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.