Researchers link tools used in NotPetya and Ukraine grid hacks

New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya  malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of that link, citing a pattern of “backdoors” — or tools for remote access — used by the hackers.
See Cyberscoop Article:

Researchers link tools used in NotPetya and Ukraine grid hacks

 

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources – according to a Bloomberg Report.

Excerpts from this report:

“During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”

“How the Hack Worked:”

1.  A Chinese military unit designed and manufactured microchips as small asa a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.

2. The microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards.

3. The compromised motherboards were built into servers assembled by Supermicro.

4.  The sabotaged servers made their way inside data centers operated by dozens of companies.

5. When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.

See also TechCrunch Article:

Chinese chip spying report shows the supply chain remains the ultimate weakness

Securing industrial IoT passwords

If the networked kit needs to work for 10 years, you need to think policy. Operations technology (OT) is the term given to all those environments in industry, transport, automotive, city and utilities that – before industrial IoT – had been largely isolated from the outside world and, thus, protected from intruders.

Brexit or no Brexit,  the UK is implementing an EU policy on the security of such systems via the Networks and Information Systems Directive, so securing OT is a necessity.

Privileged access management provider Osirium has partnered with aviation, rail and car cyber-security specialist Razor Secure to build and deliver a range of systems targeting industrial IoT applications including unattended operations, power and water plants, weather stations, manned and unmanned vehicles and other systems that could themselves be used as a gateway for “bad stuff” to hop onto a network.

The target market for this partnership is systems “designed well before deployment” and “required to operate for 10 years or more.”

The pair said Razor Secure’s machine learning algorithm would be used to hunt for process anomalies in endpoint security together with Osirium’s system administrator Privileged Access Management (PAM) for secure passwords, workflow and robotic process task automation.

See The Register Article

Evolution of factory security for Industry 4.0

Stuart Traynor @sttrayno @CiscoUKI will be talking about the Evolution of factory security for Industry 4.0  at the Secure IoT conference. The digitisation of manufacturing, or Industry 4.0 as it is commonly known, is driving manufacturing organisations to rapidly adopt new technologies including, Robotics, Industrial IoT, Mobility, Collaboration and Analytics to help drive efficiency within their processes. Unfortunately, more devices and connections also open the door to new cyber-security risks, and previous generations of industrial control systems were not conceived with security or the IP connectivity needed in mind.

Traditional guidance to create air gapped and siloed networks is no longer relevant in today’s world which needs to make use of the data generated on the factory floor. This session looks to explore how cyber-security is evolving in order to allow organisations to effectively adopt Industry 4.0 whilst maintaining the required level of security. It will dicuss two case studies (large enterprise and SMB) to explore the different challenges and approaches required to evolve security in the manufacturing environment.

Stuart is a Solutions Architect within Cisco UKI Technology Office with a focus on working with  manufacturing customers as they look move towards Industry 4.0.

California Poised to Enact Internet of Things Information Security Law

Internet of Things Information Security Law. California is once again poised to set the standard for privacy and data security by enacting the first state law directed at securing Internet of Things (IoT) devices. The law has passed the state legislature and is awaiting the signature of Governor Jerry Brown. It requires manufacturers of “connected devices” to equip them with “a reasonable security feature or features” that are:

  • appropriate to the nature and function of the device;
  • appropriate to the information the device may collect, contain or transmit; and
  • designed to protect the device and any information contained in it from unauthorized access, destruction, use, modification, or disclosure.

The law further provides that if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a “reasonable security feature” if the preprogrammed password is either unique to each device or the device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.

See full article from The National Law Review here

Ransomware attack blacks out screens at Bristol Airport

Flight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport’s in-house TV screens displaying arrival and departure flight information.

Airport officials decline to pay ransom demand and manually restore all affected systems. Functionality has been restored to all screens after two days.

See ZDNET post here:

 

Threat Modelling & Security Analysis For IoT

Among the most critical tasks in developing secure device is designing platforms with robust countermeasures for identified threats. Dr Andrew Jones from @Arm will be talking Threat Modelling & Security Analysis For IoT at the Secure IoT conference. Andrew will give an overview of Arm’s Platform Security architecture and how threat modelling can be performed to identify and mitigate attacks.

Dr Andrew Jones is the Arm architect focused on future systems design of IoT and embedded automotive systems. Andrew is a veteran system architect having previously worked at the University of Bristol, and several microelectronics companies in the UK and US. He has managed the specification of dozens of successful chips and is the holder of over 50 patents. Andrew Jones is the author of a book on network design and of a number of publications focused on system on chip architectures.

Bitfi the unhackable crypto currency wallet. Did anything go right?

At the Secure IoT conference – with live hacks and previously unpublished comments and insights Ken Munro @TheKenMunroShow from @PenTestPartners will explain and demonstrate the fiasco that is the Bitfi hardware crypto currency wallet. From poor design, even poorer security, and abysmal PR, you’ll get the whole story in one entertaining and enlightening instalment.

Ken is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He regularly blogs on everything from maritime security to hacking cars and the Internet of Things. This has gained him notoriety among the national press, leading to regular appearances on BBC TV and BBC News online as well as the broadsheet press. He’s also an Executive Member of the Internet of Things Security Foundation and spoke out on IoT security design flaws at the forum’s inaugural event.

He also writes for various newspapers and industry magazines in an effort to get beyond the unhelpful scaremongering put about by many security vendors. Ken has become a voice for reform and legislative change in the largely unregulated IoT, briefing UK and US government departments as well as being involved with various EU consumer councils.

Keeping Patients Alive: A Secure Internet of Medical Things

Rob Dobson, Director, @DeviceAuthority will be talking about how to secure Internet of Medical Things devices at the Secure IoT conference.

Experts predicted that like the Internet, the Internet of Things (IoT) too is going to be a part of our everyday life. With an increasing number of medical devices connecting to the Internet, the idea of a connected healthcare sphere becomes more interesting. Several software, service, and product companies are showing interest in connecting devices with a view to make their primary product or service more achievable.

IoT medical devices provide many benefits for different stakeholders, most notably improved healthcare for patients, efficiency and cost savings for the manufacturer and real time monitoring for healthcare professionals. However, there are risks associated with connecting medical devices to the Internet. The good news is there are ways to mitigate them, which will be addressed in this session.

The session will include:

  • Introduction to IoT medical devices: benefits, concerns and risks
  • Common security challenges
  • How to secure a connected / IoT medical device

Rob has over 25 years of experience in industry, with a wide range of expertise across cybersecurity, IoT, SaaS, Semiconductors and Software engineering. He has been involved in several successful start-ups. Rob helps customers architect and deploy successful IoT solutions with the security they need and is also well known for speaking at various events around the world on IoT Security across many markets, most prominently Industrial & Medical/Healthcare.

IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes

Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network – and other findings – at Black Hat USA conference in August. 

Ruben Santamarta was flying from Madrid to Copenhagen in November 2017 on a Norwegian Airlines flight when he decided to inspect the plane’s Wi-Fi network security. So he launched Wireshark from his laptop and began monitoring the network.

Santamarta noted “some weird things” happening. First off, his internal IP address was assigned a public, routable IP address, and then, more disconcerting, he suddenly noticed random network scans on his computer. It turned out the plane’s satellite modem data unit, or MDU, was exposed and rigged with the Swordfish backdoor, and a router from a Gafgyt IoT botnet was reaching out to the satcom modem on the in-flight airplane, scanning for new bot recruits.

The Internet of Things (IoT) botnet code didn’t appear to have infected any of the satcom terminals on that plane or others, according to Santamarta, but it demonstrated how exposed the equipment was to potential malware infections. “This botnet was not prepared to infect VxWorks. So, fortunately, it was no risk for the aircraft,” he said.

See Dark Reading Article:

IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships