Cyber Research

Cyber News

Cyber Info


 january, 2017







 In this issue



*         Secret details emerge on Iran’s Cyber Army

*         Iran creates ‘Cyber Brigades’ for online War

*         France thwarts 24,000 Cyber-Attacks against Defence Targets

*         US Energy Grid in “Eminent Danger” from Cyber Attack

*         Latest Cyber Security News



about the Cyber Security News update

The Cyber News Update is an activity of the Cyber Research Center - Industrial Control Systems and intended to reach out to all Cyber Security Professionals interested in industrial / critical infrastructure threats, protection & resilience. For more information visit the CRC-ICS website at www.crc-ics.net or www.cyber-research-center.net


Secret details emerge on Iran’s Cyber Army

January 15, 2017

A report by Al Arabiya has revealed the secrets of the Iranian electronic army and its intelligence and cyber activities against states and institutions.

It also examines the details behind the murder of Mohammad Hussein Tajik, its former commander.

Tajik was sacked from his post, detained and tortured over accusations of spying and leaking information to the opposition Green Movement inside Iran, according to sources confirmed by Al Arabiya.

One of those sources is journalist and reformist activist Roohollah Zam. According to him, Tajik was one of his most important sources. Zam is close to the Green Movement and currently resides in France.

Iran’s Ed Snowden?

During an exclusive interview with Al Arabiya, Zam said he did not believe the leaking of information was the main reason behind the murder, adding that if Tajik had left Iran and decided to work against the regime, he would have become “Iran’s Snowden”

But Iran’s security apparatus would have never allowed someone with as much insider information as Tajik to ever leave the country, according to Zam.

Tajik had said on multiple occasions that that he did not intend to leave Iran before his trial was over.

Inner workings of Iran’s cyber attacks

Zam said that the Khaybar center for information technology was established in 2011, adding that its units carried out several operations against the United States such as attacking a dam, a number of banks and power stations.

He noted that as a result of those activities, four Iranian hackers were sanctioned.

The Khaybar center also hacked Saudi banks, the Saudi kingdom’s statistics center, caused a 12-hour power cut in Turkey and attacked a number of Israeli institutions and satellites, Zam said.

Tajik’s father, also named Mohammed and known by his nickname Hajj Vali, is one of the old members of the Iranian intelligence ministry, Zam said, adding that he was one of the first to take over the Savak in 1979 following the revolution.

During the 1980s, Hajj Vali and some of his comrades travelled to an Arab country and built a secret network that works for the Iranian intelligence, Zam added.

That network included three extremist figures who graduated from universities in Cairo and Pakistan.

Zam also said that if Tajik had not been close to him, his murder would have remained a secret, adding that Tagyk’s father even detained and tortured his ex-wife – Tagyk’s mother - and broke her neck because she spoke about her son’s murder.

More info http://english.alarabiya.net/en/features/2017/01/15/Secrets-and-activities-of-Iran-s-electronic-army.html

Iran creates ‘Cyber Brigades’ for online War

January 06, 2017

The commander of students’ Basij militias, Ali Sabir Hamani, announced the formation of ‘Cyber Brigades’ comprising school students with the aim of taking part in cyber warfare launched against the Islamic Republic.

This would be in parallel to the ‘Joint Cyber Army’ of the Iranian Intelligence whose main task is to focus on monitoring online hostilities.

Hamani said that the ‘virtual cyber committee’ created by the Basij will train students on how “to effectively engage on social media,” according to Fars news agency.

According to the semi-official news agency, the committee has organized training programs attended by 200 of the ‘elite’ students from different Iranian provinces, trained on how to handle conflicts in cyberspace.


Al Arabiya.net has previously revealed in a special report published last September, the assassination of 35-year-old Tajik, the former commander of the ‘Cyber Army’ of the Ministry of intelligence after he was accused of spying and purveying security information to opposition activists of the ‘Green Movement.’

Tajik was also a member of the intelligence units of the Islamic Revolutionary Guard Corps (IRGC) and Quds Forces.

Read more at  https://english.alarabiya.net/en/News/middle-east/2016/12/05/Iran-creates-electronic-Brigades-for-cyber-war.html

France thwarts 24,000 Cyber-Attacks against Defence Targets

January 8, 2017.

France says it was the subject of 24,000 cyber-attacks against defence targets last year.

Defence Minister Jean-Yves Le Drian said such attacks were doubling every year and this year's presidential elections could be targeted.

He said it would be "naive" to think France was immune to the type of cyber-campaign that targeted the US election, which has been blamed on Russia.

Mr Le Drian is overseeing an overhaul of France's cyber-security operations.

Cyber-attacks in France have increased substantially in the last three years and have become a serious threat to the country's infrastructure, Mr Le Drian said.

In an interview with Le Journal du Dimanche newspaper, Mr Le Drian said that France "should not be naive".

He said that thousands of external attacks had been blocked, including attempts at disrupting France's drone systems.

His warning comes in the wake of a US intelligence report alleging that Russia was involved in an attempt to influence the 2016 presidential campaign.

Russia denies any involvement in cyber-attacks or hacking.

French elections in April and May this year are being carefully watched after the surprise victory of US President-elect Donald Trump, who said on Saturday that those who oppose good relations with Russia are "stupid people, or fools".

French conservative candidate Francois Fillon has said that he wants to improve relations with Russia and has been praised by Russian president Vladimir Putin. Far-right candidate Marine Le Pen also favours closer relations with Russia.

Relations between the two countries deteriorated after France's socialist president, Francois Hollande, played a key role in imposing sanctions on Russia when Crimea was annexed by Russia in 2014.

Mr Hollande also suggested last year that Russia could face war crimes charges over its bombardment of the Syrian city of Aleppo.

In April 2015, a powerful cyber-attack came close to destroying French TV network TV5Monde, which was taken off air.

A group calling itself the Cyber Caliphate, linked to so-called Islamic State (IS), initially claimed responsibility. But an investigation later discovered that it was carried out by a group of Russian hackers.

More Info http://www.bbc.com/news/world-europe-38546415




US Energy Grid in “Eminent Danger” from Cyber Attack

January 6, 2017.

The U.S. Energy Department says the electricity system "faces imminent danger" from cyber-attacks, which are growing more frequent and sophisticated, but grid operators say they are already on top of the problem.


In the department’s landmark Quadrennial Energy Review, it warned that a widespread power outage caused by a cyber-attack could undermine "critical defense infrastructure" as well as much of the economy and place at risk the health and safety of millions of citizens. The report comes amid increased concern over cybersecurity risks as U.S. intelligence agencies say Russian hacking was aimed at influencing the 2016 presidential election.


"Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency," it said in the 494-page report. "The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures."


The department detailed 76 recommendations to boost energy, including increasing the collection of data about online breaches from utilities. Separately, it called for extending tax credits to boost construction of new nuclear reactors. Overall, the report said, total investment requirements necessary for grid modernization range from $350 billion to $500 billion.


The risks to the electric sector were highlighted within the past week as suspicious Internet traffic was found on a laptop computer at a Vermont electric utility. While the laptop wasn’t connected to the grid, the Burlington Electric Department alerted federal authorities of the risk.


Modified or new grid reliability requirements and increased data collection on cyber-attacks will be needed to address the cyber risks, it said. While there haven’t been major attacks in the U.S., the department review noted that a 2015 attack on the Ukrainian grid caused widespread power outages. That "should be seen as an indicator of what is possible," it said.


The report also called for a new Energy Department assessment of cybersecurity for natural gas pipelines.


Regional wholesale grid operators including PJM Interconnection LLC said they have implemented security measures, such as having redundant facilities, to counter cyber threats.


“We are continually working to improve our security as cybersecurity threats evolve,” said Marcia Blomberg, spokeswoman for ISO New England Inc. in Holyoke, Massachusetts. “We monitor system conditions continuously, and we share information as needed with regulatory and industry bodies.”


Utilities have had "cyber incidents" like ransomware attacks, according to the National Rural Electric Cooperative Association, which represents smaller, rural electric cooperatives.


"These things typically happen via e-mail by clicking on an attachment or a link that brings the malware into the network," Barry Lawson, the association’s senior director of power delivery and reliability, said in an interview. Once that happens the network is locked. To get back in, the company must either pay ransom to a criminal enterprise or work around it over time. "But that can cost quite a bit of money," he said.


He declined to specify the number or timing of the cyber-attacks, but said all of the utilities were able to "get back where they need to be."


The Quadrennial Energy Review is part two of a broad administration-wide review of the nation’s energy policies. The first report, released in 2015 focusing on energy infrastructure, recommended spending $15.2 billion over a decade to improve the grid, and called for $2 billion to upgrade the Strategic Petroleum Reserve.

Read more: https://www.bloomberg.com/news/articles/2017-01-06/grid-in-imminent-danger-from-cyber-threats-energy-report-says

Latest Cyber Security News

Individuals at Risk

Cyber Privacy

You’ve probably never heard of this creepy genealogy site. But it knows a lot about you: Early Tuesday morning, Anna Brittain got a text from her sister: Did she know about Familytreenow.com? The relatively unknown site, which presents itself as a free genealogy resource, seemed to know an awful lot about her. The Washington Post, January 12, 2017

Cyber Warning

Critical security vulnerability in Samsung SmartCam range can give hackers full control: Security researchers have uncovered a critical and easy-to-exploit vulnerability in Samsung’s SmartCam range of cloud-based cam

Information Security Management in the Organization

New Survey Shows How Information Security Management Evolving to Meet Changing Risks: Security managers are seeing upheaval within their own organizations as they adopt new security policies and technologies designed to keep pace with the changes happening within business units, according to a recent Forbes Insights report, “Enterprises Re-engineer Security in the Age of Digital Transformation,” sponsored by BMC. The extent of this disruption is undeniable—69% of senior executives surveyed for the report believe that digital transformation is forcing them to rethink their cybersecurity strategies. Forbes, Jauary 20, 2017

Is the CISO Reporting Structure Outdated?: Security has become a top concern for enterprises, so it’s no wonder that the chief information security officer (CISO) reporting structure has changed. The position has risen in the organizational structure to the inner echelon of the C-suite, giving the CISO top-level visibility within the business. SecurityIntelligence, January 19, 2017

Case Study of Manufacturing Firm Victim of Ransomware: As their methods evolve, cybercriminals are increasingly targeting regional manufacturing businesses with sophisticated and potentially costly attacks. A recent ransomware attack on a mid-sized manufacturer in the Southeast provides a striking real world example. The National Law Review, January 19, 2017

Management Must get Everyone Involved so CISO Can Deal w Increased Demand for Security Services: With organizations going through digital transformation,IT leaders must fundamentally change how information security services are delivered, and make security part of everyone’s job. InformationWeek, January 12, 2017

How information security professionals can help business understand cyber risk: Information security is continually moving up business and board agendas, but information security professionals find it challenging to help business leaders to understand fully the cyber risks across increasingly digital businesses. ComputerWeekly, January 2017

This phishing scam poses as a charity email, delivers Ramnit banking Trojan malware: Cybercriminals are attempting to infect people with bank data stealing Ramnit malware by using phishing emails pretending to come from a charity. ZDNet, January 13, 2017

WhatsApp vulnerability allows snooping on encrypted messages: A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service. The Guardian, January 13, 2017

Should I be worried about the WhatsApp encryption vulnerability?: A vulnerability has been found within Facebook’s secure messaging service WhatsApp, which would allow the company and third-parties such as government agencies to intercept and read supposedly encrypted and private messages. The Guardian, January 13, 2017

Adobe quietly bundles data-collecting Chrome extension with latest Reader update: Chrome users who have installed the latest Adobe security updates have also been unknowingly saddled with a browser extension (“Adobe Acrobat”) that can collect some of their operating environment data. HelpNetSecurity, January 13, 2017

WhatsApp Says ‘Backdoor’ Claim Bogus: Claims of a backdoor in WhatsApp that could be used for third-party snooping were shot down by WhatsApp, which called the allegations false. ThreatPost, January 13, 2017

Peace Sign Pics Could Give Hackers Your Fingerprints: Researchers at Japan’s National Institute of Informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined. InfoSecurity Magazine, January 12, 2017

The Sorry State Of Cybersecurity Awareness Training: In today’s dangerous cyberworld, corporations often say that cybersecurity is now a top priority for them, especially after all the massive data breaches we’ve been hearing about on a day-to-day basis. But one has to wonder, if that’s case, why are so few companies doing cybersecurity training properly? DarkReading, January 13, 2017

Being a “compliant” victim of cybercrime: When I discuss cybersecurity with business leaders, the most common misconception I see involves the role of security compliance. In my last column, I described the reality of cybercrime, a wild frontier of advanced attackers that can critically damage your business with impunity. In this dangerous environment, it’s important to realize that compliance alone will not protect you. Mississippi Business Journal, January 13, 2017

Natl Assn Corporate Directors updates cybersecurity handbook for Boards & managers: The server room might be an obvious choice for a starting point when it comes to protecting your company’s cyber networks, but the National Association of Corporate Directors says the best place to begin is in the board room. FederalNewsRadio, January 12, 2017


Cyber Awareness

Social Engineering – Detecting/Stopping Attacks: A common misconception most people have about cyber attackers is that they use only highly advanced tools and techniques to hack into people’s computers or accounts. This is simply not true. Cyber attackers have learned that often the easiest way to steal your information, hack your accounts, or infect your systems is by simply tricking you into making a mistake. SANS, January 2017

Cyber Warning

Mac, Linux malware discovered targeting biomedical research: A Mac malware that’s been spying on biomedical research centers may have been circulating undetected for years, according to new research. PCWorld, January 19, 2017

Highly Effective Gmail Phishing Technique Being Exploited to Steal Credentials & Take-Over Account: As you know, at Wordfence we occasionally send out alerts about security issues outside of the WordPress universe that are urgent and have a wide impact on our customers and readers. Unfortunately this is one of those alerts. There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users. WordFence, January 12, 2017

Cyber Talent

Cybersecurity boot camps seek to fill the workforce gap: A startup in Denver and an initiative in Chicago are using cybersecurity boot camps to quickly prepare workers to fend off digital attacks. Christian Science Monitor, January 20, 2017

IT Security Employment Soars to Record High: The number of people employed in the United States as information security analysts reached a record high in 2017, according to uncirculated employment data provided by the U.S. Labor Department’s Bureau of Labor Statistics. BankInfoSecurity, January 18, 2017

Cyber Security in Society

Cyber Crime

Fraud Is The Most Common Crime in UK, Says Office of National Statistics: The Office of National Statistics has released its latest crime report, revealing that fraud now accounts for nearly one in three of all crimes committed, making it the country’s most common offence. It is estimated there were 3.6 million cases of fraud in a single year. Nick Brown, group managing director of identity data intelligence company GBG commented below. ISBuzzNews, January 20, 2017

Data breaches hit all-time record high, increase 40% in 2016:
The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a new report by the Identity Theft Resource Center (ITRC) and CyberScout. This represents a substantial hike of 40 percent over the near record high of 780 reported in 2015. HelpNetSecurity, January 20, 2017

Israeli phone hacking firm Cellebrite confirms ‘information security breach’: Cellebrite, the phone hacking company reportedly used by the FBI to crack the San Bernardino shooters’ iPhone, has itself become the victim of a major hack in which customer contact information was accessed by an outside party. RT, January 12, 2017

Los Angeles Valley College pays $28,000 in bitcoin ransom to hackers: The Los Angeles Community College District paid a $28,000 ransom in bitcoin last week to hackers who took control of a campus email and computer network until a payment was made. LATimes, January 11, 2017

Cyber Attack

Insecure Hadoop & CouchDB installations latest targets in wave of database highjacking attacks: Insecure Hadoop and CouchDB installations are the latest targets of cybercriminals who are hijacking and deleting data. Last week, security researchers said 28,000 MongoDB and Elasticsearch installations were hacked in a new wave of attacks against unprotected open source data management platforms. Threatpost, January 20, 2017

Hackers trigger yet another power outage in Ukraine: For the second time in as many years, security researchers have determined that hackers have caused a power outage in Ukraine that left customers without electricity in late December, typically one of the coldest months in that country. ars techica, January 11, 2017

Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed: Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other’s ransom notes. KrebsOnSecurity, January 10, 2017

Cyber Warning

Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story: A coalition of some of the globe’s top researchers and cryptographers are pleading with The Guardian to retract a story it published last week in which it suggested the encrypted messaging app WhatsApp contained a backdoor. ThreatPost, January 20, 2017

Know Your Enemy

Satan: A new Ransomware as a Service: If you’ve been hit by ransomware that has scrambled the names of your encrypted files and has appended the .stn extension to them, you’ve been targeted by Satan – not the “Prince of Darkness”, but by the eponymous new Ransomware as a Service. HelpNetSecurity, January 20, 2017

Cybersecurity Experts Uncover Dormant Botnet of 350,000 Twitter Accounts: A massive botnet secretly infiltrated the Twitterverse in 2013 but has lain mysteriously dormant since then, say researchers. MIT Technology Review, January 20, 2017

Who is Anna-Senpai, the Mirai Worm Author?: [Brian Krebs’ historical account of the growth of DDoS Attacks Using IoT. Fascinating & Instructive!!] On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack — using the name “Anna-Senpai” — released the source code for Mirai, spawning dozens of copycat attack armies online. KrebsOnSecurity, January 18, 2017

Carbanak cybercrime gang uses Google services to manage malware installed on victims PCs: An organised cybercriminal gang is is using Google services to issue command and control (C&C) communications to help monitor and control the machines of unsuspecting malware victims. ZDNet, January 20, 2017

Cyber Defense

Industry Security Consortium & Incident Response Group create Vulnerability Coordination SIG: Recent cyber attacks on organizations around the world have demonstrated the need for consistency in managing security vulnerabilities. To answer that demand, the Industry Consortium for the Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST) created the FIRST Vulnerability Coordination Special Interest Group (SIG). This is a collaboration among vendors, security researchers, product security incident response teams (PSIRTs), computer security incident response teams (CSIRTs), and other stakeholders in the incident response community. One of the goals for the Vulnerability Coordination SIG is to “develop and publish vulnerability coordination best practices, which include use cases or examples that describe scenario and disclosure paths”. CISCO, January 20, 2017

European Union Security Agency (ENISA) Says CyberSecurity Key to Blockchain Implementation: European Union Agency for Network and Information Security (ENISA) has entered into the Blockchain debate with a new report aimed to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger. The-Blockchain, January 20, 2017

Cyber Readiness

Data Privacy Day on Jan 28 to heighten privacy and security awareness: Respecting Privacy, Safeguarding Data and Enabling Trust is the theme for Data Privacy Day (DPD), an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information. StaySafeOnline, January , 2017

US National Cyber Security

Hack the Army Bounty Pays Out $100,000; 118 Flaws Fixed: The U.S. Army on Thursday shared the outcome of its first bug bounty, which concluded a three-week trial on Dec. 21, calling the program a success. ThreatPost, January 20, 2017

Trump on Hack: ‘I Think It Was Russia’: President-elect Donald Trump says he accepts the assessment of the U.S. intelligence community that Russia President Vladimir Putin directed cyberattacks against Democratic Party computers and a social media campaign in an attempt to influence the results of the U.S. presidential election. BankInfoSecurity, January 11, 2017

DNI: Putin Led Cyber, Propaganda Effort to Elect Trump, Denigrate Clinton: Russian President Vladimir Putin directed a massive propaganda and cyber operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday. KrebsOnSecurity, January 8, 2017

Suspected NSA tool hackers dump more cyberweapons in farewell: The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off — but not before releasing another arsenal of tools that appear designed to spy on Windows systems. PCWorld, January 12, 2017

Financial Cyber Security

Card-Not-Present Fraud Picking Up In US: Card-not-present (CNP) fraud is increasing as cyber thieves are showing they are quite able to use both technology and stolen payment card data to defraud retailers around the world. PYMNTS, January 18, 2017

Cyber Sunshine

Spanish police nab suspected hacker behind Neverquest banking malware: Spanish police have arrested a Russian programmer suspected of developing the Neverquest banking Trojan, a malware targeting financial institutions across the world. PCWorld, January 20, 2017







Cyber ReseArch

Cyber News

Cyber info


The content of this CRC-ICS Cyber News Update is provided for information purposes only. No claim is made as to the accuracy or authenticity of the content of this news update or incorporated into it by reference. No responsibility is taken for any information or services which may appear on any linked websites. The information provided is for individual expert use only.



Founded in 2015, the Cyber Research Center - Industrial Control Systems is a not for profit research & information sharing research center working on the future state of Physical & Cyber Protection and Resilience. CRC-ICS goals are to inform industries / critical infrastructures about the fast changing threats they are facing and the measures, controls and techniques that can be implemented to be prepared to deal with these cyber threats.



Cyber Research Center - Industrial Control Systems. 2017

www.crc-ics.net or www.cyber-research-center.net