disassociated thoughts

The article "UK to fine critical organizations up to $24M if they fail to put in strong cyber security" originally appeared on jark.me.

TechCrunch reports:

In the UK, the government has announced that organizations working in critical services like energy, transport, water and health can be fined up to £17 million ($24 million) as a “last resort” if they fail to demonstrate that their cyber security systems are equipped adequately against attacks.

Major requirements for organizations will include having the right people and organization in place to handle a cyber attack; having the right software in to protect against attacks; having the right capabilities in place to detect if an attack has taken place anyway; and having the right systems in place to minimize the impact of an attack if a system is breached (despite the other three being in place).

More detailed guidance includes how to secure other aspects of your network, such as your supply chain and how your data in the cloud.

UK is well ahead of most of the global cyber powers on oversight of critical infrastructure cyber security implementation. This is a good set of lessons learned for Japan to consider investigating to determine viability in the country.

The article "Dutch hit by DDoS attacks after publishing reports of spying on Russia-linked Cozy Bear" originally appeared on jark.me.

The International Business Times reports:

Several top banks and the national tax authority in the Netherlands were briefly crippled by a series of powerful DDoS attacks targeting their networks. ABN Amro, ING and Rabobank confirmed in separate statements that they were attacked with their online and mobile banking services temporarily knocked offline. The wave of cyber attacks come just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.

Rabobank tweeted on Monday that it was suffering DDoS attacks while ABN AMRO said it experienced three hours-long DDoS attacks on Saturday and Sunday (27 and 28 January). ING said it was targeted on Sunday as well. All three institutions assured customers that their systems were not breached and customer accounts and details were not compromised in the attacks.

The Dutch tax authority also said it was hit by DDoS attacks that temporarily took down its website and online services for about 5-10 minutes on Monday. Later, the Dutch official online signature system DigiD was also reportedly hit.

The slew of cyberattacks come just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.

This should not come as a surprise considering the bombshell intelligence revelations to come out of the Netherlands.

The article "Intel reportedly notified Chinese companies of chip security flaw before the U.S. government" originally appeared on jark.me.

TechCrunch reports:

Intel notified some of its customers of the security flaws in its processors, dubbed Spectre and Meltdown, but left out the U.S. government as part of that. Some of the companies Intel notified included Chinese technology companies, though the report suggests there is no evidence that any information was misused. An Intel spokesperson said that the company wasn’t able to tell everyone it planned because the news was made public earlier than expected.

So the real questions are: did China inform Russia of these vulnerabilities, and has Russia created tools to leverage these exploits? Why would Intel hide this information from the United States government?

This goes back to something I am adamantly against: withholding news of vulnerabilities of this nature so the intelligence communities can stockpile and leverage internally developed exploit kits to their so-called advantage.

The article "Dutch team infiltrated Russian hacker group Cozy Bear, witnessing real-time U.S. election meddling, DNC attack" originally appeared on jark.me.

The NL Times reports on some extraordinarily shocking cyber security news:

Two Dutch intelligence services uncovered substantial evidence detailing how a Russian-backed hacking group infiltrated the Barack Obama White House, the U.S. Department of State, and the Democratic National Committee, according to a ground breaking report from broadcaster NOS and newspaper Volkskrant. The evidence was uncovered by a Dutch cyber defense team gained access to the “Cozy Bear” hacker group’s systems, including a hallway security camera that allowed the Dutch team to maintain visual surveillance of the hackers.

Information collected by the Dutch Joint Sigint Cyber Unit (JSCU) was turned over to the NSA, CIA, and FBI, and helped form the basis for the U.S. special counsel investigation examining claims of Russian meddling during the 2016 presidential election campaign battle between current U.S. President Donald Trump and former Secretary of State Hillary Clinton. The JSCU, comprised of members from the AIVD and MIVD intelligence agencies, kept watch over Cozy Bear from anywhere between 12 to 30 months.

It started in the summer of 2014 “most likely before” the crash of Malaysia Airlines flight MH17, the Volkskrant reported. The flight, which originated in Amsterdam, was shot out of the sky over the Ukraine. The incident was suspected to be the act of Russian-backed separatists or Russian military.

The Dutch owned the owners – they had not only been able to acquire access to Russian backed Cozy Bear networks, but even physical security camera’s in the building where the team performed their operations. This is tremendous news, and a highly interesting revelation that likely nobody has expected.

The article "NonPetya ransomware forced Maersk to reinstall 4000 servers, 45000 PCs" originally appeared on jark.me.

From the ZDNet reports on a huge ransomware attack against shipping giant Maersk:

Maersk has revealed that a devastating ransomware attack which struck businesses across Europe in 2017 required close to a “complete infrastructure” overhaul and the reinstallation of thousands of machines.

In total, Maersk reinstalled 4,000 servers, 45,000 PCs, and 2,500 applications in what the chairman called a “heroic effort” over ten days, one in which the executive said may have usually taken up to six months to implement.

Hagemann said the ransomware attack was a “very significant wake-up call for Maersk, and you could say, a very expensive one.”

“We were basically average when it came to cybersecurity, like many companies,” the executive said. “This was a wake-up call not just to become good, but to have cybersecurity as a competitive advantage.”

What a complete and utter disaster for Maersk. What is most interesting to me, and what I would really like to know, is how this was even able to cause such devastation to mission critical corporate IT assets.

The article "UK to fine critical organizations up to $24M if they fail to put in strong cyber security" originally appeared on jark.me.

UK government has announced critical infrastructure organizations may be fined up to $24 million for failing to implement strong cyber security measures:

Private and public organizations in each sector will be evaluated by new regulators, which will not only vet existing infrastructure and fine those who are deemed to have not had good enough security in place, but help set up systems for reporting breaches and responding to them quickly.

The fines will only be applied after organizations are notified of where they are still required to improve their systems. They will be applied, the Department of Culture, Media and Sport (which is tasked with implementing the directive, as part of its overall responsibility on the digital economy) said, as “a last resort and will not apply to operators [that] have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack.”

The NIS Directive and managing how organizations and the government will comply are being overseen by the National Cyber Security Centre, which is part of the GCHQ. The government has earmarked £1.9 billion, and a host of partnerships with the likes of Microsoft, for developing a more concerted response to cybersecurity threats in the country.

UK is well ahead of most of the global cyber powers on oversight of critical infrastructure cyber security implementation. This is a good set of lessons learned for Japan to consider investigating to determine viability in the country.

The article "NIST Releases New Cybersecurity Framework Draft" originally appeared on jark.me.

NIST has released an updated draft version of their well documented and invaluable Cyber Security Framework:

The changes and refinements reflect feedback and comments from public and private sector stakeholders to an earlier draft update to the Cybersecurity Framework that NIST released in January 2017.

“NIST is hoping Framework version 1.1 will lead to a greater consideration of supply chain risk management [SCRM], cybersecurity within SCRM, and application of [the] Framework for that cybersecurity,” says Matt Barrett, NIST’s lead on the framework.

Firstly, Section 4.0, previously entitled Measuring and Demonstrating Cybersecurity, has been reframed as Self-Assessing Cybersecurity Risk with the Framework to better emphasize how organizations might use the Framework to measure their risk.

NIST clarified the use of the Framework to manage cybersecurity within supply chains by refining Section 3.3 Communicating Cybersecurity Requirements with Stakeholders.

NIST issued draft report NIST Interagency Report 8170 to support agency heads and senior cybersecurity leadership in Framework implementation planning.

This is a much anticipated update to the NIST Cyber Security Framework, and one I suspect will be quite useful for those organizations opting to take the time to learn how to leverage its capabilities.

The article "Hackers Linked to Russians Target Banks From Moscow to Utah" originally appeared on jark.me.

Russian criminals are leveraging cyber to steal money from banks from Moscow to Utah:

A previously unknown ring of Russian-language hackers has stolen as much as $10 million from U.S. and Russian banks in the last 18 months, according to a Moscow-based cyber-security firm that runs the largest computer forensics laboratory in eastern Europe.

The hackers, who also breached a U.K. software and service provider, are now probing institutions in Latin America and may be trying to compromise the Swift international bank messaging service, according to the security firm, whose clients range from Russia’s biggest lender Sberbank PJSC to Raiffeisen Bank International AG. “Criminals have changed tactics and are now focusing on banks rather than their clients, as was standard operating procedure in the past,” Dmitry Volkov, the head of Group-IB’s cyber intelligence department, said by phone.

Since its first successful breach in May 2016, MoneyTaker has stolen from banks in New York, California, Utah and Moscow, primarily targeting smaller institutions with limited cyber defenses, Group-IB found.

The average haul from U.S. banks was about $500,000, and it stole over $3 million from three Russian lenders.

Group-IB said the U.S. banks were targeted by gaining access to their card-processing system and then opening accounts at the compromised institutions.

Russia is all over the internet, using it for everything from stealing money, to geopolitical operations, to stealing intellectual property, and more. Do not expect the Russians to cease anytime soon considering how lucrative, and inexpensive it is to use cyber for these attacks

The article "Satori Botnet Awakens with Zero-Day Powers and Over 280,000 Bots in 12 Hours" originally appeared on jark.me.

The satori botnet is a mirai variant, and within its first twelve hours of life satori has compromised over 280,000 endpoints and is wielding powerful zero-day exploits:

A new massive IoT botnet dubbed Satori has emerged, which security researchers fear, can launch crippling attacks at any time.

The botnet has reportedly already infected over 280,000 IP addresses in just 12 hours, enslaving hundreds of thousands of home routers by exploiting a recently discovered zero-day vulnerability.

Satori, which reportedly means “Awakening” in Japanese, is actually the infamous Mirai botnet’s successor.

According to a new report by security researchers at Qihoo 360 Netlab, the Satori botnet can propagate rapidly by itself, which essentially makes it an IoT worm.

Dale Drew, chief security strategist at CenturyLink, told ArsTechnica that the Satori botnet has already infected two widely-used types of home routers by exploiting the recently-discovered zero-day flaw.

Qihoo 360 Netlab security researcher Li Fengpei told Bleeping Computer that there are some clues that hint at the possibility of Satori being linked to yet another Mirai-based botnet discovered last month.

Drew reportedly warned that Satori botnet’s operators could launch an Internet-crippling DDoS attack at any time.

The article "12 Predictions for ICS Cyber Security in 2018" originally appeared on jark.me.

This article about twelve ICS cyber security predictions for 2018 seems fairly practical:

More details about ransomware damage cost predictions for the 5 year period will be revealed in a report that Cybersecurity Ventures intends to publish in 2018.

Two cybersecurity specialists, Eddie Habibi, CEO of PAS and Edgard Capdevielle, CEO of Nozomi Networks share with us their predictions ICS Security in 2018.What does 2018 hold for ICS cybersecurity?

Expect to see more comprehensive ICS cybersecurity policies offered.

Edgard Capdevielle, CEO of Nozomi Networks outlines his predictions for ICS cybersecurity in 2018.

Organizations grappling with ICS cybersecurity staffing and skills shortages are turning to AI solutions to achieve security and productivity goals.

The shortage of ICS cybersecurity skills will open the door for vendors to provide full security services.

ICS Insecurity Will Manifest Itself – Organizations are nowhere near as ready to combat critical infrastructure threats and will realize many truths: they don’t have a clear understanding of what assets they own; proper ICS cybersecurity hygiene is much harder to achieve than in IT networks; air-gapping is a fallacy; and organizations don’t possess the necessary personnel skills, their teams aren’t talking to one another and they aren’t currently monitoring their networks the way they should.

The article "Homeland Security Team Remotely Hacked a Boeing 757" originally appeared on jark.me.

Well this sure is interesting. a Department of Homeland Security team acknowledged remotely hacking into a Boeing 757 via the airplanes RF communications system:

During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security official admitted that he and his team of experts remotely hacked into a Boeing 757.

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “Radio frequency communications.”

We’ve been hearing about how commercial airliners could be hacked for years.

The same year, security researcher Chris Roberts ended up in hot water with the feds after tweeting about hacking the United Airlines plane he was traveling on.

At a technical meeting in March 2017, several shocked airline pilot captains from American Airlines and Delta were briefed on the 2016 Boeing 757 hack.

As CBS News pointed out, Boeing stopped producing 757s in 2004, but that aircraft is still used by major airlines, such as American, Delta and United.

Boeing told CBS that it firmly believes the test “Did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”

Of course Boeing said that. Just because their official statement denies any identification of vulnerabilities does not mean they do not exist.