Cyber Research

Cyber News

Cyber Info


 August, 2016







 In this issue



*         Brace Yourself for More Airline Outages Just Like Deltas

*         Schneider Electric Publishes New White Paper on Cyber Security Issues Affecting Data Centre Remote Monitoring

*         A New Wireless Hack Can Unlock 100 Million Volkswagens

*         Espionage Malware Penetrates Air-Gapped Networks “Operation Sauron” / Strider Group

*         Latest Cyber Security NewsLatest Cyber Security News


about the Cyber Security News update

The Cyber News Update is an activity of the Cyber Research Center - Industrial Control Systems and intended to reach out to all Cyber Security Professionals interested in industrial / critical infrastructure threats, protection & resilience. For more information visit the CRC-ICS website at www.crc-ics.net or www.cyber-research-center.net


Brace Yourself for More Airline Outages Just Like Delta's

August 12, 2016

The industry is long overdue for a tech overhaul.

Airlines will likely suffer more disruptions like the one that grounded about 2,000 Delta flights this week because major carriers have not invested enough to overhaul reservations systems based on technology dating to the 1960s, airline industry and technology experts told Reuters.

Airlines have spent heavily to introduce new features such as automated check-in kiosks, real-time luggage tracking and slick mobile apps. But they have avoided the steep cost of rebuilding their reservations systems from the ground up, former airline executives said.

Scott Nason, former chief information officer at American Airlines, said long-term investments in computer technology were a tough sell when he worked there.

“Most airlines were on the verge of going out of business for many years, so investment of any kind had to have short pay-back periods,” said Nason, who left American in 2009 and is now an independent consultant.

The reservations systems of the biggest carriers mostly run on a specialized IBM operating system known as Transaction Processing Facility, or TPF. It was designed in the 1960s to process large numbers of transactions quickly and is still updated by IBM, which did a major rewrite of the operating system about a decade ago.

A host of special features, ranging from mobile check-ins to seat selection and cabin upgrades, are built on top of the TPF core, or connected to it.

“They have surrounded that old industry infrastructure with modern technology,” said Bob Edwards, United Continental former chief information officer until 2014. “Those systems have to always reach back into the old core technologies to retrieve a reservation or to figure out who flies between Dallas and New York City.”

When a power outage shuts off that reservations system – as happened on Monday to Delta’s “Deltamatic” system – TPF falls out of sync with the newer technologies that passenger service agents use to assist travelers, Edwards said.

Airlines are then forced to cancel flights as demands from stranded customers flood their employees – who meanwhile are handling bookings on an older platform without their familiar, modern tools, he said.

Several years ago, it took United six hours to recover from a test shutdown, thanks to complications with the many add-ons built atop TPF, Edwards said.

Other recent disruptions include one in July that prompted Southwest Airlines Co to cancel over 2,000 flights and two outages last summer at United Continental.

Pressure for Profits

Delta spokeswoman Kate Modolo said in a statement that a small fire on Monday resulted in a “massive failure” at the airline’s technology center. Delta was forced to cancel flights because critical systems did not switch over to backup power as intended, she said.

Reuters sent Delta and other major carriers detailed questions on TPF infrastructure and their technology investments.

Modolo did not answer whether Delta relies on TPF, but said “the functionality of the IT programs we use” was not an issue. She had no comment on whether Delta had decreased or increased its spending on back-end technology over the past decade.

“We have a new CIO who has a go-forward plan to ensure Delta is on the cutting edge of customer service technology while strengthening our IT infrastructure so that it is reliable, redundant and nimble,” she said in a statement.

Most big airlines, including the four largest in the United States—American, Delta, United and Southwest—rely on TPF in some form, industry experts said.

In response to questions from Reuters, those airlines did not answer whether their aging systems put them at risk of future disruptions, but all stressed that they are upgrading their technology and are focused on reliability. Southwest, for example, said it is in the process of replacing its reservations system.

Earlier this week, in a video statement, Delta Chief Executive Ed Bastian said, “Over the last three years, we have invested hundreds of millions of dollars on technology infrastructure upgrades and systems including backup systems to prevent what happened yesterday from occurring. I’m sorry that it happened.”

U.S. and Canadian airlines are projected to spend an average of 3% of their revenue on information technology this year – compared to 8% by commercial banks and 4% by healthcare firms, according to Computer Economics, a firm that tracks IT spending.

Nason cautioned that comparing technology spending by airlines to some other industries, including banking, can be tricky. Banks have lower capital costs and they rely more heavily on information technology for their core business.

Still, technology experts say that level of spending by the major airlines is not sufficient, pointing to the recent failures as evidence.

Part of the challenge is that U.S. airlines are under pressure from investors to top recent record profits and boost stock prices, even as economic troubles overseas have reduced travel demand.

Delta, for example, is looking to boost its operating profit margin to between 17% and 19% by 2018. That’s up from last year’s margin target of 14% to 16%.

Fear of Failure

Airlines have also held off on making major network upgrades out of fear that systems could fail during the transition, making them feel that they cannot afford to take them down to add equipment, install patches and perform other maintenance, said Gartner analyst Mark Jaggers.

Some consumer groups have called on airlines to do a better job at planning for disruptions like the one this week at Delta, which affected hundreds of thousands of passengers over four days.

“It is unfair to the traveling public that the cost of under-investment in needed equipment be shifted and placed on the back of air travelers,” said travel consumer advocates Paul Hudson and Charlie Leocha in a letter to the heads of the U.S. Transportation Department and U.S. Federal Aviation Administration on Wednesday.

Henry Harteveldt, founder of the travel consultancy Atmosphere Research Group, said some airlines are choosing to risk outages that might cost them $20 million to $40 million rather than invest, for example, $100 million on technology upgrades. He believes investors and the general public will apply increasing pressure on airlines to avoid outages at any cost.

“We cannot afford, as a nation, for any of our airlines to be rendered useless by a technology failure,” Harteveldt said.

Yet it can be hard to convince airline management that the cost-benefit analysis justifies the major investments to make their computer systems truly fail-safe, said Edwards, the former United chief information officer.

“When fuel prices are low and there’s extra cash on hand, they want to spend it on the cool shiny things like planes and mobile apps,” he said. “Nobody gets excited about the data center.”

More info http://fortune.com/2016/08/12/delta-airlines-outages/

Schneider Electric Publishes New White Paper on Cyber Security Issues Affecting Data Centre Remote Monitoring

August 10, 2016

The White Paper elaborates in detail the finer considerations of eight principal practices, taking into account personnel issues, security testing of the monitoring platform, networking security and the physical security of the products contained in the installation being monitored.

Digital remote monitoring services provide real-time monitoring and data analytics for data center physical infrastructure systems.  These modern cloud-based platforms offer the promise of reduced downtime, reduced mean time to recovery (MTTR), less operations overhead, as well as improved energy efficiency for power and cooling systems.  However, with the cost of cyber security crime projected to quadruple over the next few years reaching $2 trillion by 2019, there is concern these systems could be a successful avenue of attack for cyber criminals.  This paper describes key security aspects of developing and operating digital, cloud-based remote monitoring platforms that keep data private and infrastructure systems secure from attackers.  This knowledge of how these platforms should be developed and deployed is helpful when evaluating the merits of remote monitoring vendors and their solutions.

Read more at  http://www.apcmedia.com/salestools/VAVR-AACHNH/VAVR-AACHNH_R0_EN.pdf?sdirect=true

A New Wireless Hack Can Unlock 100 Million Volkswagens

August 10, 2016.


2013 University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.

Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.


The $40 Arduino radio device the researchers used to intercept codes from vehicles' key fobs.

Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40. “The cost of the hardware is small, and the design is trivial,” says Garcia. “You can really build something that functions exactly like the original remote.”


100 Million Vehicles, 4 Secret Keys

Of the two attacks, the one that affects Volkswagen is arguably more troubling, if only because it offers drivers no warning at all that their security has been compromised, and requires intercepting only a single button press. The researchers found that with some “tedious reverse engineering” of one component inside a Volkswagen’s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”

The attack isn’t exactly simple to pull off: Radio eavesdropping, the researchers say, requires that the thief’s interception equipment be located within about 300 feet of the target vehicle. And while the shared key that’s also necessary for the theft can be extracted from one of a Volkswagen’s internal components, that shared key value isn’t quite universal; there are several different keys for different years and models of Volkswagen vehicles, and they’re stored in different internal components.

The researchers aren’t revealing which components they extracted the keys from to avoid tipping off potential car hackers. But they warn that if sophisticated reverse engineers are able to find and publicize those shared keys, each one could leave tens of millions of vehicles vulnerable. Just the four most common ones are used in close to all the 100 million Volkswagen vehicles sold in the past twenty years. They say that only the most recent VW Golf 7 model and others that share its locking system have been designed to use unique keys and are thus immune to the attack.

Cracked in 60 Seconds

The second technique that the researchers plan to reveal at Usenix attacks a cryptographic scheme called HiTag2, which is decades old but still used in millions of vehicles. For that attack they didn’t need to extract any keys from a car’s internal components. Instead, a hacker would have to use a radio setup similar to the one used in the Volkswagen hack to intercept eight of the codes from the driver’s key fob, which in modern vehicles includes one rolling code number that changes unpredictably with every button press. (To speed up the process, they suggest that their radio equipment could be programmed to jam the driver’s key fob repeatedly, so that he or she would repeatedly press the button, allowing the attacker to quickly record multiple codes.)

With that collection of rolling codes as a starting point, the researchers found that flaws in the HiTag2 scheme would allow them to break the code in as little as one minute. “No good cryptographer today would propose such a scheme,” Garcia says.

Volkswagen didn’t immediately respond to WIRED’s request for comment, but the researchers write in their paper that VW acknowledged the vulnerabilities they found. NXP, the semiconductor company that sells chips using the vulnerable HiTag2 crypto system to carmakers, says that it’s been recommending customers upgrade to newer schemes for years. “[HiTag2] is a legacy security algorithm, introduced 18 years ago,” writes NXP spokesperson Joon Knapen. “Since 2009 it has been gradually replaced by more advanced algorithms. Our customers are aware, as NXP has been recommending not to use HT2 for new projects and design-ins for years.”

While the researchers’ two attacks both focus on merely unlocking cars rather than stealing them, Garcia points out that they might be combined with techniques like the one he and different teams revealed at the Usenix conferences in 2012 and last year. That research exposed vulnerabilities in the HiTag2 and Megamos “immobilizer” systems that prevent cars from being driven without a key, and would allow millions of Volkswagens and other vehicles ranging from Audis to Cadillacs to Porsches to be driven by thieves, provided they could get access to the inside of the vehicle.

Black Boxes and Mysterious Thefts

Plenty of evidence suggests that sort of digitally enabled car theft is already occurring. Police have been stumped by videos of cars being stolen with little more than a mystery electronic device. In one case earlier this month thieves in Texas stole more than 30 Jeeps using a laptop, seemingly connected to the vehicle’s internal network via a port on its dashboard. “I’ve personally received inquiries from police officers,” says Garcia, who added they had footage of thieves using a “black box” to break into cars and drive them away. “This was partly our motivation to look into it.”

For car companies, a fix for the problem they’ve uncovered won’t be easy, Garcia and Oswald contend. “These vehicles have a very slow software development cycle,” says Garcia. “They’re not able to respond very quickly with new designs.”

Until then, they suggest that car owners with affected vehicles—the full list is included in the researchers’ paper (see below)—simply avoid leaving any valuables in their car. “A vehicle is not a safebox,” says Oswald. Careful drivers, they add, should even consider giving up on their wireless key fobs altogether and instead open and lock their car doors the old-fashioned, mechanical way.

But really, they point out, their research should signal to automakers that all of their systems need more security scrutiny, lest the same sort of vulnerabilities apply to more critical driving systems. “It’s a bit worrying to see security techniques from the 1990s used in new vehicles,” says Garcia. “If we want to have secure, autonomous, interconnected vehicles, that has to change.”

More Info https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/


Espionage Malware Penetrates Air-Gapped Networks “Operation Sauron” / Strider Group

August 9, 2016.

Active Cyber-Espionage Campaign Dates From 2011, Security Firms Warn

Security researchers are warning that they've discovered a highly advanced and targeted cyber-espionage campaign that appears to have been running since 2011, and which remains active. The APT malware used by the group behind the campaign is remarkable in part not only for having remained undetected for so long, but also for its ability to exfiltrate data from air-gapped networks using multiple techniques, including by piggybacking on network protocols, researchers say.

Based on a reference to "Sauron" in the malware configuration files, the APT campaign has been dubbed "Operation Sauron" by Kaspersky Lab - referring to an all-seeing villain "The Lord of the Rings" - as well as "Strider" by Symantec, referring to a character who fights against Sauron.

Kaspersky Lab, in an Aug. 8 blog post, says it first discovered related attacks in September 2015, after finding "anomalous network traffic in a government organization network," which it ultimately traced to malware that it describes as being "a top-of-the-top modular cyber-espionage platform."

The government target has not been named, although the security firm says that it's found more than 30 infected organizations in Russia, Iran and Rwanda, although believes that's "just a tiny tip of the iceberg." It adds that the ProjectSauron malware works on all modern versions of Windows, and that related infections have infected systems running Windows XP x86 as well as Windows 2012 R2 Server Edition x64, and likely everything in between.

In some cases, the malware appears to have been used to target and exfiltrate data related to "communication encryption software" used by government organizations and agencies, Kaspersky Lab says. "It steals encryption keys, configuration files, and IP addresses of the key infrastructure servers related to the software," it says, adding that the malware includes the ability to install backdoors on infected systems, record keystrokes and steal documents.

Symantec, in an Aug. 7 blog post based on data collected by its anti-virus products, says it's found 36 related infections in seven organizations, across four countries, involving "a number of organizations and individuals located in Russia, an airline in China, an organization in Sweden and an embassy in Belgium." It refers to the related malware as Remsec.

This isn't the first time that two separate security firms have issued nearly simultaneous research reports into long-running malware campaigns. But security researchers say that they often work together, and across organizational boundaries, to identify and study advanced malware campaigns (see AV Firms Defend Regin Alert Timing).

Nation State Suspected

To date, researchers don't know how this malware first infects systems, nor do they know who is responsible. But all signs point to a "very advanced actor," Kaspersky Lab says. The security firm's chief researcher, Costin Raiu, notes that the malware - written in English, although with some Italian words - rivals the sophistication of such advanced malware as Duqu, Flame, Equation and Regin. "Whether related or unrelated to these advanced actors, the ProjectSauron attackers have definitely learned from these others," the company's report says.

The malware is designed to be stealthy, for example remaining hidden until specified network protocols awaken it. "Much of the malware's functionality is deployed over the network, meaning it resides only in a computer's memory and is never stored on disk," Symantec says. "This also makes the malware more difficult to detect."

According to a technical teardown published by Kaspersky Lab, the malware can draw on 50 different modules, all of which appear to have been customized for individual targets.

After infecting a system, the malware pretends to be a Windows Local System Authority password filter on domain controllers, which is typically used by IT administrators to enforce password policies and validate that new passwords meet specified requirements, for example, involving length or complexity. "This way, the Project Sauron passive backdoor module starts every time any domain, local user, or administrator logs in or changes a password, and promptly harvests the passwords in plaintext," Kaspersky Lab says.

The security firm says the malware has been distributed in some organizations via legitimate scripts that system administrators use to distribute software to end users, and that the malware has been disguised with names that resemble executable filenames used by Hewlett-Packard, Kaspersky Lab, Microsoft, Symantec and VMware.


Malware Penetrates Air-Gapped Networks

One standout feature of the malware is its ability to penetrate air-gapped networks, using one of those 50 modules. Kaspersky Lab says this attack technique begins by infecting a networked system, which waits for a USB drive to be attached. When that happens, it reformats the drive to add a hidden, encrypted partition that's several hundred megabytes in size, inside which it installs its own virtual file system, which won't be recognized by a "common operating system" such as Windows.

This infected USB key is used to exfiltrate data from air-gapped systems, with the data getting grabbed back off of the device once it gets plugged into an infected, network-connected system, the researchers say.

But it's not yet clear how attackers are gaining control of the air-gapped systems themselves, which would be required before they could exfiltrate data. "There has to be another component such as a zero-­day exploit placed on the main partition of the USB drive," Kaspersky Lab says. "Unfortunately we haven't found any zero-day exploit embedded in the body of any of the malware we analyzed, and we believe it was probably deployed in rare, hard-to-catch instances."

Five Years and Counting

One reason the malware has been so difficult to spot, thus far, has been attackers' customizing their malicious code so that it's unique to each victim. "The attackers clearly understand that we as researchers are always looking for patterns," Kaspersky Lab says. "Remove the patterns and the operation will be harder to discover."

Read more: http://www.bankinfosecurity.com/espionage-malware-penetrates-air-gapped-networks-a-9331


Latest Cyber Security News

Individuals at Risk

Cyber Update

Got Microsoft? Time to Patch Your Windows: Microsoft churned out a bunch of software updates today fix some serious security problems with Windows and other Microsoft products like Internet Explorer (IE), Edge and Office. If you use Microsoft, here are some details about what needs fixing. KrebsOnSecurity, August 9, 2016

Cyber Danger

Road Warriors: Beware of ‘Video Jacking’: A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping. KrebsOnSecurity, August 11, 2016

Cyber Defense

SMS or authenticator app – which is better for two-factor authentication?: In the comments of one of our recent two-factor authentication (2FA) articles, we received a question about whether it was better to use an SMS (text message) code as your second factor of authentication, or to use a dedicated authenticator app to generate the code. Naked Security, August 12, 2016

Gmail to provide security alerts in bid to make email safer: Starting this week, we’re introducing two new security warnings in Gmail to help you keep your email safer. Google Apps, August 10, 2016

Information Security Management in the Organization

Information Security Governance

Cybersecurity skills crisis adds to cyber risk: Cybersecurity staffing continues to be a problem, a new report has found. Intel Security says a massive 82 percent of IT professionals that it surveyed are battling a shortage in workers specializing in cybersecurity. Network World, August 12, 2016

Security, Privacy, Risk: Think Convergence for Faster Response, Lower Costs: Security leadership has come a long way since the days when the CIO – and later CSO or CISO – was required to just be an information security or “cyber” expert. Running a security department now requires not just technical acumen but also business acumen. But the best organizations take it even further, by creating converged programs, says Roland Cloutier, CSO of Roseland, NJ-based global business outsourcing services provider ADP. BankInfoSecurity, August 12, 2016

A RISK-DRIVEN APPROACH TO SECURITY, FROM CHECK BOXES TO RISK MANAGEMENT FRAMEWORKS: Most industries are under regulatory pressure, so they take a compliance-driven approach to security to meet minimum requirements. But compliance requirements are often static and prescriptive, according to security executives. Compliance gives organizations a false sense of security that can be misleading, and it provides only a one-time snapshot. Security Intelligence, August 12, 2016

Gartner Says Worldwide Information Security Spending Will Grow 8% to $81B in 2016: Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 per cent over 2015, according to Gartner, Inc. Consulting and IT outsourcing are currently the largest categories of spending on information security. Until the end of 2020, the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP). IT Security Guru, August 11, 2016

Security Portfolios: A Different Approach To Leadership: In a recent column, I introduced the idea of cybersecurity portfolios, and today I want to talk more about how to use them. Essentially, a “cyber portfolio” or a “controls portfolio” is a way to model the state of your security based on the investments you’re making. This is analogous to how your financial portfolio is a model of your financial investments. DarkReading, August 11, 2016

Cyber Warning

Beware of browser hijacker that comes bundled with legitimate software: Lavians, a “small software vendor team,” is packaging its offerings with a variant of browser-hijacking malware Bing.vc. HelpNetSecurity, August 12, 2016

Data Breach At Oracle’s MICROS Point-of-Sale Division: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems. KrebsOnSecurity, August 8, 2016

Cyber Defense

USBFILTER: Packet-level firewall for blocking USB-based threats: The problem of planted malicious USB devices is compounded by the fact that, no matter what, users will rarely stop to think and ultimately choose not to insert them because they don’t know what could be on them. Curiosity gets the better of them, and, according to recent research by Google’s Elie Bursztein, some of them want to discover to whom the stick belongs to and return it. HelpNetSecurity, August 12, 2016

Use HTTPS to block hijacking vulnerability: Computer scientists have discovered a serious Internet vulnerability that allows attackers to terminate connections between virtually any two parties and, if the connections aren’t encrypted, inject malicious code or content into the parties’ communications. ars technica, August 10, 2016

Cyber Update

IPv6 router bug: Juniper spins out hotfix to thwart DDoS attacks: Juniper Networks has found and mostly patched a flaw in the way the firmware on its routers process IPv6 traffic, which allowed malicious users to simulate Direct Denial of Service attacks. ars technica, August 9, 2016

Cyber Security in Society

Cyber Privacy

Microsoft’s Mistaken Leak of Secure Boot Key Illustrates Risk of Encryption Backdoors: Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea. ThreatPost, August 11, 2016

Cyber Attack

Hackers Attack Olympics World Anti-Doping Agency, Court of Arbitration for Sport: Two organizations that handle drug use by Olympic athletes say they were targeted by hackers. The Daily Dot, August 12, 2016

Cyber Espionage

Espionage Malware Penetrates Air-Gapped Networks: Security researchers are warning that they’ve discovered a highly advanced and targeted cyber-espionage campaign that appears to have been running since 2011, and which remains active. The APT malware used by the group behind the campaign is remarkable in part not only for having remained undetected for so long, but also for its ability to exfiltrate data from air-gapped networks using multiple techniques, including by piggybacking on network protocols, researchers say. BankInfoSecurity, August 9, 2016

Know Your Enemy

I’m completely paranoid after week at #BlackHat #DefCon: I was somewhere around the Paris Hotel on the edge of the Las Vegas Strip when the paranoia began to take hold. BusinessInsider, August 12, 2016

Financial cyber attacks increase as malware writers join forces: Financial malware attacks increased 16% in the second quarter of the year, driven by collaboration between the developers of two banking Trojans in the top the financial malware threats, says Kaspersky Lab. ComputerWeekly, August 12, 2016

DIY bank account raiding trojan kit touted in dark web dive bars: Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. TheRegister, August 12, 2016

Cyber Law

Fighting for Jurisdiction Post-Breach: In today’s environment, federal and state regulators come at breached companies from all angles, with requests for investigative information, breach response plans and fines. Attorney Deborah Gersh, co-chair of the healthcare practice at law firm Ropes & Gray LLP, says it’s easy for organizations to become overwhelmed when numerous regulators demand answers simultaneously in the wake of a breach. By having well-defined breach response plans in place before an incident, however, organizations can streamline their procedures to ensure compliance without damaging their reputations. BankInfoSecurity, August 10, 2016

FTC Overturns Administrative Law Judge’s LabMD Ruling on Appeal: The Federal Trade Commission (FTC), on July 29, 2016, vacated Chief Administrative Law Judge D. Michael Chappell’s Initial Decision dismissing the FTC’s data security complaint against medical testing company, LabMD, Inc. (“LabMD”). LabMD was the first litigated data security action before the FTC. The National Law Review, August 4, 2016

Cyber Gov

OPM Taps DoD IT Leader as New CIO: The U.S. Office of Personnel Management – besmirched by a 2015 breach that exposed the personal information of 21.5 million individuals – turns to the military for its new chief information officer. BankInfoSecurity, BankInfoSecurity, August 10, 2016

Cyber Politics

Hacker Releases More Democratic Party Documents: WASHINGTON — A hacker believed to be tied to the Russian intelligence services made public another set of internal Democratic Party documents on Friday, including the personal cellphone numbers and email addresses of nearly 200 lawmakers. The New York Times, August 12, 2016

DNC announces formation of cybersecurity board in email hack’s aftermath: The Democratic National Committee has assembled a cybersecurity advisory board in the wake of the hack attack that resulted in thousands of internal party emails being leaked online, Politico reported Thursday. WashingtonTimes, August 12, 2016

Democratic, GOP leaders got a secret briefing on DNC hack last year: Top Congressional leaders were briefed a year ago on the Russian hack of the Democratic National Committee but were sworn to secrecy by intelligence officials. ars technica, August 12, 2016

Hack of Democrats’ Accounts Was Wider Than Believed, Officials Say: WASHINGTON — A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday. The New York Times, August 10, 2016

How to Hack an Election in 7 Minutes: When Princeton professor Andrew Appel decided to hack into a voting machine, he didn’t try to mimic the Russian attackers who hacked into the Democratic National Committee’s database last month. He didn’t write malicious code, or linger near a polling place where the machines can go unguarded for days. Politico, August 5, 2016

America’s Electronic Voting Machines Are Scarily Easy Targets: THIS WEEK, GOP presidential candidate Donald Trump openly speculated that this election would be “rigged.” Last month, Russia decided to take an active role in our election. There’s no basis for questioning the results of a vote that’s still months away. But the interference and aspersions do merit a fresh look at the woeful state of our outdated, insecure electronic voting machines. Wired, August 2, 2016

Internet of Things

A New Wireless Hack Can Unlock 100 Million Volkswagens: IN 2013, WHEN University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995. Wired, August 10, 2016

FDA Addresses Medical Device Cybersecurity Modifications: New Food and Drug Administration draft guidance aims to alleviate a common topic of confusion in the healthcare sector: whether medical device makers need to submit for FDA review the modifications manufacturers make that affect cybersecurity in existing products. HealthInfoSecurity, August 9, 2016

Cyber Research

New chip cards subject to fraud: Security researchers are eager to poke holes in the chip-embedded credit and debit cards that have arrived in Americans’ mailboxes over the last year and a half. Although the cards have been in use for a decade around the world, more brains trying to break things are bound to come up with new and inventive hacks. And at last week’s Black Hat security conference in Las Vegas, two presentations demonstrated potential threats to the security of chip cards. The first involved fooling point-of-sale (POS) systems into thinking that a chip card is a magnetic stripe card with no chip, and the second involved stealing the temporary, dynamic number generated by a chip card and using it in a very brief window of time to request money from a hacked ATM. ars technica, August 11, 2016

Robot Hackers Could Be the Future of Cybersecurity: A dozen years ago the Defense Advanced Research Projects Agency (DARPA) held its first “grand challenge” to see if autonomous automobiles could cross a 240-kilometer stretch of the Mojave Desert on their own. Mechanical problems and mishaps ended the race before any of the competitors had gone more than 12 kilometers. DARPA, the U.S. Department of Defense’s research arm, is looking for a better outcome Thursday in its inaugural Cyber Grand Challenge, where seven autonomous computers battle one another in what the agency claims is the “world’s first all-machine hacking tournament.” Scientific American, August 4, 2016

Cyber Miscellany

Airlines Need Core Software Rewrite to Avoid Future Outages Like Delta’s: Airlines will likely suffer more disruptions like the one that grounded about 2,000 Delta DAL -0.95% flights this week because major carriers have not invested enough to overhaul reservations systems based on technology dating to the 1960s, airline industry and technology experts told Reuters. Fortune, August 12, 2016




Cyber ReseArch

Cyber News

Cyber info


The content of this CRC-ICS Cyber News Update is provided for information purposes only. No claim is made as to the accuracy or authenticity of the content of this news update or incorporated into it by reference. No responsibility is taken for any information or services which may appear on any linked websites. The information provided is for individual expert use only.



Founded in 2015, the Cyber Research Center - Industrial Control Systems is a not for profit research & information sharing research center working on the future state of Physical & Cyber Protection and Resilience. CRC-ICS goals are to inform industries / critical infrastructures about the fast changing threats they are facing and the measures, controls and techniques that can be implemented to be prepared to deal with these cyber threats.



Cyber Research Center - Industrial Control Systems. 2016

www.crc-ics.net or www.cyber-research-center.net