Cyber Research

Cyber News

Cyber Info


 March, 2017







 In this issue



*         Hackers Drawn to Energy Sector’s Lack of Control

*         ThyssenKrupp Secrets Stolen in 'Massive' Cyber Attack

*         From Data to Critical Infrastructure: Attackers Get Physical

*         StoneDrill advanced wiper malware discovered in the wild

*         Latest Cyber Security NewsLatest Cyber Security News


about the Cyber Security News update

The Cyber News Update is an activity of the Cyber Research Center - Industrial Control Systems and intended to reach out to all Cyber Security Professionals interested in industrial / critical infrastructure threats, protection & resilience. For more information visit the CRC-ICS website at www.crc-ics.net or www.cyber-research-center.net


Hackers Drawn to Energy Sector’s Lack of Control

March 14, 2017



Oil and gas companies, including some of the most celebrated industry names in the Houston area, are facing increasingly sophisticated hackers seeking to steal trade secrets and disrupt operations, according to a newspaper investigation.


A stretch of the Gulf Coast near Houston features one of the largest concentrations of refineries, pipelines and chemical plants in the country, and cybersecurity experts say it's an alluring target for espionage and other cyberattacks.


"There are actors that are scanning for these vulnerable systems and taking advantage of those weaknesses when they find them," said Marty Edwards, director of U.S. Homeland Security's Cyber Emergency Response Team for industrial systems.


Homeland Security, which is responsible for protecting the nation from cybercrime, received reports of some 350 incidents at energy companies from 2011 to 2015, an investigation by the Houston Chronicle has found. Over that period, the agency found nearly 900 security flaws within U.S. energy companies, more than any other industry.


Steps are being taken to thwart attacks. For instance, the Coast Guard in a joint operation with Houston police patrolled the waters southeast of Houston last year conducting sweeps for unprotected wireless signals that hackers could use to gain access to facilities. The operation was one of the first of its kind in the U.S. concentrating on cyberattacks by sea.


But the vast network of oil and gas operations makes it difficult to secure. Thousands of interconnected sensors and controls that run oil and gas facilities remain rife with weak spots.


Many companies lack the technology and personnel to detect hackers. Equipment was designed decades ago without security features, and efforts over the years to link computer networks to devices that monitor pressure or control valves have exposed operations to online threats.


"You could mess with a refinery or cause a vessel to explode," Richard Garcia, a former FBI agent who became a cybersecurity specialist, told the Chronicle.


Power, chemical and nuclear facilities must adhere to strict cybersecurity measures, but federal law doesn't impose such standards on the oil and gas sector. And when oil and gas companies have been infiltrated by a hacker, they're not required to report the incident.


More than 20 of the nation's largest oil companies -- including Exxon Mobil Corp. and ConocoPhillips, refiner Phillips 66 and pipeline operator Kinder Morgan -- declined to comment or did not respond to multiple requests for comment. The American Petroleum Institute, the national trade association for oil and gas, also declined to comment.


Charles McConnell, executive director of Rice University's Energy and Environment Initiative, said oil companies tend to rush to deploy new computer technologies that make operations more productive, but only afterward considering ways to defuse online threats.


"The pace of change of the technology we've adopted is every step of the way more and more vulnerable to cyberattack," McConnell said.

More info http://www.toptechnews.com/article/index.php?story_id=020000MIYDBW

ThyssenKrupp Secrets Stolen in 'Massive' Cyber Attack

March 19, 2017


FRANKFURT - Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.

"ThyssenKrupp has become the target of a massive cyber attack," the industrial conglomerate said in a statement.

In breaches discovered by the company's internal security team in April and traced back to February, hackers stole project data from ThyssenKrupp's plant engineering division and from other areas yet to be determined, the company said.

ThyssenKrupp, one of the world's largest steel makers, attributed the breaches to unnamed attackers located in southeast Asia engaged in what it said were "organized, highly professional hacker activities".

Globally, cyber attacks on banks, retailers and other businesses have led to widespread consumer data breaches and mounting financial losses in recent years, but revelations of industrial espionage are rare.

ThyssenKrupp's belated disclosure came a week after an attack on nearly 1 million routers caused outages for Deutsche Telekom customers.

German business magazine Wirtschafts Woche reported the attacks hit sites in Europe, India, Argentina and the United States run by the Industrial Solutions division, which builds large production plants. The Hagen Hohenlimburg speciality steel mill in western Germany was also targeted, the report added.

The company declined to identify specific locations which were infected or why it had not previously disclosed the attack. It said it could not estimate the scale of the intellectual property losses.

A criminal complaint was filed with police in the state of North Rhine-Westphalia and an investigation is ongoing, it said. State and federal cyber security and data protection authorities have been kept informed, as well as Thyssen's board.

Secured systems operating steel blast furnaces and power plants in Duisburg, in Germany's industrial heartland in the Ruhr Valley, were unaffected, the company said.

No breaches were found at its marine systems unit, which produces military submarines and warships. The infected computer systems have been cleansed and are now subject to constant monitoring against further cyber attacks.

A previous cyber attack caused physical damage to an unidentified German steel plant and prevented the mill's blast furnace from shutting down properly.

The country's Federal Office for Information Security (BSI) revealed two years ago that the attack caused "massive damage", but gave no further technical details and the location of the plant has remained shrouded in mystery.

Subsequent media reports identified the target as a ThyssenKrupp facility, but the company has denied it was hit.

The company, a major supplier of steel to Germany's automotive sector and other manufacturers, is looking to merge its European steel operations with Indian-owned Tata Steel to combat over-capacity in the sector.

Read more http://www.newsmax.com/World/GlobalTalk/ThyssenKrupp-Cyber-Attack/2016/12/08/id/762840/


From Data to Critical Infrastructure: Attackers Get Physical

March 10, 2017.


The irresistible march of technological progress continues unfettered day after day, but there are consequences. Those who seek to further their own ends by exploiting weaknesses in these systems are constantly on the lookout for new ways to achieve their goals.

Thus, as we slide into the Internet of Things era, those black hats are looking to expand their repertoire from mere data theft to include attacks on critical infrastructure. It’s much easier to do today than it was even a few years ago. That’s bad news for all of us, because we’re no longer talking just about regulatory fines and reputational damage, but the possibility of actual physical harm.

As cyber-threats attain an increasingly dangerous physical dimension, a unified and layered endpoint security response becomes essential.

IoT under attack

A great deal of media coverage has focused of late on the forthcoming European General Data Protection Regulation (GDPR), but its requirements are partly a response to the growing problem of data breaches. Over one billion customer records were stolen by hackers in 2016, according to Forrester. These will certainly continue, as long as there’s a big enough cyber-black market for such information.

So will the more shadowy business of covert APTs designed to lift information useful to nation states and the like. In 2017 and beyond we’ll increasingly see a focus on IoT and the critical infrastructure it powers. Why? In part because many of the organizations which run such systems – most of them in the private sector – have historically relied upon “security-by-obscurity” for protection. That’s no longer keeping them safe and secure.

Unfortunately, many systems today are far from obscure. They can be easily researched online by hackers, code can be reverse engineered and weaknesses found. Plus, they’re often usually connected to the public-facing internet, which means anyone with a browser can probe them for flaws.

There are millions of these exposed systems in the US, and you can bet there are millions more in the UK and Europe. Gartner estimates 8.4 billion connected things will be in use this year, and with 3.1bn set to be used by businesses the risks are growing faster than our ability to mitigate them.

Hacking goes industrial

The risks are no longer theoretical either. In many ways Stuxnet was the grand-daddy of critical infrastructure attacks. More recently, state-sponsored campaigns using sophisticated malware against Ukrainian power stations in December 2015 and 2016 have shown us the potential impact of cyber-attacks on the real world.

Leave thousands without power in the height of winter and there’s a real danger to physical wellbeing. This goes way beyond the risks associated with theft of sensitive data.

The means to launch simpler but highly effective attacks on CNI firms is being democratized on an industrial scale thanks to the dark web. Just take a look at the havoc ransomware has managed to wreak on hospitals at home and abroad.

The Hollywood Presbyterian Medical Center was the first major case of ransomware impacting patient care. But it has been followed up by attacks on NHS Trusts. North Lincolnshire and Goole Trust had to cancel nearly 3,000 appointments due to an outbreak late last year that took key systems offline for days. The NHS is particularly vulnerable due to its vast, creaking IT infrastructure and the criticality of services. Freedom of Information requests suggest a third of Trusts were infected last year, and we can expect more of the same in 2017 – across various industries which can’t afford downtime and so are deemed more likely to pay up.

As if that weren’t bad enough, we’re also beginning to see the emergence of attacks blending data theft and ransomware. This could spell the worst of both worlds for CNI organizations: damaging customer and IP data loss alongside crippling service outages.

Unifying endpoint security

As the bad guys look to maximize the RoI of attacks by blending techniques in this way, organizations must revisit their endpoint security strategies to lock down risk where possible. That starts with gaining visibility into your estate – especially important given the explosion of smart devices and systems in the enterprise.

Task the service desk with this job, as it sits in a perfect position in the organization to lead such efforts, tooled up with the right unified security and asset management capabilities. Then look to layer up security to provide the most comprehensive range of protections possible. Legacy tools like AV and firewalls are fine against commodity malware, but can’t cope with ransomware and more sophisticated attacks.

Comprehensive patch management tools will keep endpoints safe against known threats, and application control can mitigate the risk of zero-day threats by ensuring nothing unsanctioned runs on the network. Also consider controls for removable media, data encryption, and enterprise mobility management to enforce policies on every device.

Your security end goal hasn’t changed: to keep key data safe and systems secure. As hackers increasingly turn their attention towards disrupting critical services, the stakes have well and truly been raised.

More Info https://www.infosecurity-magazine.com/opinions/data-critical-infrastructure/




StoneDrill Advanced Wiper Malware Discovered in the Wild

March 7, 2017.

In the wake of the Shamoon malware attacks, a new wiper targets the Middle East and shows interest in European targets.

Kaspersky Lab's Global Research and Analysis Team has discovered a new sophisticated wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.

StoneDrill is an advanced piece of malware, featuring anti-detection techniques and espionage tools in its arsenal.

In addition to targets in the Middle East, one StoneDrill target has also been discovered in Europe, where wipers used in the Middle East have not previously been spotted in the wild.

In 2012 the Shamoon (also known as Disttrack) wiper made a lot of noise by taking down around 35,000 computers in an oil and gas company in the Middle East.

This devastating attack left 10 percent of the world's oil supply potentially at risk. However, the incident was one of a kind, and after it the actor essentially went dark. In late 2016 it returned in the form of Shamoon 2.0 – a far more extensive malicious campaign using a heavily updated version of the 2012 malware.

While exploring these attacks Kaspersky Lab researchers unexpectedly found malware that was built in a similar “style” to Shamoon 2.0. At the same time, it was very different and more sophisticated than Shamoon. They named it StoneDrill.

It is not yet known how StoneDrill is propagated, but once on the attacked machine it injects itself into the memory process of the user's preferred browser.

During this process it uses two sophisticated anti-emulation techniques aimed at fooling security solutions installed on the victim machine. The malware then starts destroying the computer's disc files.

So far, at least two targets of the StoneDrill wiper have been identified, one based in the Middle East and the other in Europe.

Besides the wiping module, Kaspersky Lab researchers have also found a StoneDrill backdoor, which has apparently been developed by the same code writers and used for espionage purposes.

Experts discovered four command and control panels which were used by attackers to run espionage operations with help of the StoneDrill backdoor against an unknown number of targets.

Kaspersky Lab asserts that “perhaps the most interesting thing about StoneDrill is that it appears to have connections to several other wipers and espionage operations observed previously.”

When Kaspersky Lab researchers discovered StoneDrill with the help of Yara-rules created to identify unknown samples of Shamoon, they realised they were looking at a unique piece of malicious code that seems to have been created separately from Shamoon.

Even though the two families – Shamoon and StoneDrill – don't share the exact same code base, the mindset of the authors and their programming “style” appear to be similar. That's why it was possible to identify StoneDrill with the Shamoon-developed Yara-rules

Code similarities with older known malware were also observed, but this time not between Shamoon and StoneDrill. In fact StoneDrill uses some parts of the code previously spotted in the NewsBeef APT, also known as Charming Kitten – another malicious campaign which has been active in the last few years.

“We were very intrigued by the similarities and comparisons between these three malicious operations. When it comes to artefacts we can say that while Shamoon embeds Arabic-Yemen resource language sections, StoneDrill embeds mostly Persian resource language sections. Geopolitical analysts would probably be quick to point out that both Iran and Yemen are players in the Iran-Saudi Arabia proxy conflict, and Saudi Arabia is the country where most victims of these operations were found,” said Mohamad Amin Hasbini, senior security researcher on theGlobal Research and Analysis Team at Kaspersky Lab.

Hasbini added: “But of course, we do not exclude the possibility of these artefacts being false flags.”

Read more: https://www.scmagazineuk.com/advanced-new-destructive-wiper-malware-discovered-in-the-wild/article/642324/

Latest Cyber Security News

Individuals at Risk

Cyber Privacy

How to Keep Your Private Conversations Private for Real: A decade ago, I wrote about the death of ephemeral conversation. As computers were becoming ubiquitous, some unintended changes happened, too: Before computers, what we said disappeared once we’d said it. Neither face-to-face conversations nor telephone conversations were routinely recorded. A permanent communication was something different and special; we called it correspondence. Schneier on Security, March 7, 2017

New Strategies for Securing Our Private Lives: I recently wrote an essay reflecting on the reality that nearly anyone with a life online is today subject to being hacked and having anything private become public. Jonathan Zittrain, LawFare Blog, October 24, 2016

Cyber Update

Google Chrome 57 Browser Update Patches ‘High’ Severity Flaws: Google released an updated version of its Chrome browser on Thursday to fix nine high-severity vulnerabilities that if exploited could allow adversaries to take control of targeted systems. As part of the update, Google thanked nearly two dozen bug hunters with bug bounty payments totaling $38,000. ThreatPost, March 10, 2017

Cyber Defense

9 cybersecurity tips for the mildly paranoid (plus 4 for the truly anxious): So it looks as if the CIA could potentially break into most smart phone or computer networks, at least according to the stolen documents released by WikiLeaks on Tuesday. USA Today, March 9, 2017

With C.I.A. Hacking Revelations, The Most Important Thing to Protect Your Devices is Always Update: WikiLeaks this week published a trove of documents that appears to detail how the Central Intelligence Agency successfully hacked a wide variety of tech products, including iPhones, Android devices, Wi-Fi routers and Samsung televisions. The New York Times, March 8, 2017

Apple pushing two-factor authentication for iOS 10.3 users: Beta users of Apple iOS 10.3 are reporting that they’re receiving push notifications from Apple to enable two-factor authentication (2FA) for their Apple IDs, which is used on Apple devices (like iPads, iPhones and Macs) to synchronize and share iCloud user data. NakedSecurity, March 3, 2017

Securely Using Mobile Apps: Mobile devices, such as tablets, smartphones, and watches, have become one of the primary technologies we use in both our personal and professional lives. What makes mobile devices so versatile are the millions of apps we can choose from. These apps enable us to be more productive, instantly communicate and share with others, train and educate, or just have more fun. However, with the power of all these mobile apps comes risks. Here are some steps you can take to securely use and make the most of your mobile apps. SANS Institute Security Awareness Newsletter, March, 2017

Cyber Warning

Malware found pre-installed on 38 Android phones used by 2 companies: A commercial malware scanner used by businesses has recently detected an outbreak of malware that came preinstalled on more than three dozen Android devices. ars technica, March 10, 2017

Caveat Emptor as “confidential” messenger service said to lack basic security controls: A pair of damning advisories independently published Wednesday raise serious questions about the security assurances of Confide, a messaging app that’s billed as providing “battle tested, military grade” end-to-end encryption and is reportedly being used by individuals inside the US government. ars technica, March 9, 2017

130+ Android apps on Google Play found with malware. Did developers use infected computers?: More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers. PC World, March 1, 2017

Information Security Management in the Organization

Information Security Management and Governance

San Diego CISO Gary Hayslip on strategies for defending against next wave of cybersecurity threats: With a sprawling sensor network to be deployed soon, scads of systems and 1.3 million residents depending on service, San Diego is bracing for the next wave of cybersecurity threats. StateSchoop, March 10, 2017

Exploring The Gap Between Cybersecurity Perception And Reality Shows SMB Need for Security Partners: Most company executives and security professionals have a reasonable understanding of cybersecurity. Even if they don’t fully understand the mechanics under the hood, they at least realize that there is a vast and aggressive threat landscape out there, and that their networks are under virtually constant siege from attackers. When you ask how they feel about their security, though, and how confident they are in their ability to successfully detect and block attacks, the response shows a startling disconnect between reality and their perception. Forbes, March 9, 2017

How to Use & Share Customer Data without Damaging Trust–5 Tips for Protecting Consumer Privacy: These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run. Dark Reading, March 3, 2017

Situational Awareness: The Five C’s of Enlightened CyberSecurity: If you spend a lot of time with security vendors and testing their products, you are likely bombarded with sales pitches touting “next generation” of X, “real-time prevention” of Y, or “advanced” Z. These are all good things but studies suggest (PDF) security professionals are in short supply, and they are busy fighting fires caused by current products and lack the time to evaluate new ones. Our intent is to provide a five-point guide for security professionals looking to embark on the path of security enlightenment. ITSP Magazine, March 2, 2017

Yahoo CEO Loses Bonus Over Security Lapses After Sales Price Drops Significantly: Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company’s senior executives and legal team failed to properly comprehend or investigate the severity of the attacks. BankInfoSecurity, March 2, 2017

Importance of engaging cybersecurity counsel early, Robert Braun, JMBM Cybersecurity & Privacy Group: Last year, SEC Chair Mary Jo White named cybersecurity as the biggest risk facing financial markets. But the risk isn’t limited to the financial industry – even a casual review of breach reports in the mainstream press shows that cybersecurity is a risk common to all companies in any industry. The challenge facing companies is how to prepare for what seems to be inevitable, and how to do it in an efficient and economical basis. [Braun is a member of the SecureTheVillage Leadership Council.] JMBM, March 1, 2017

Cyber Defense

Fin’l Inst Survey Demonstrates Need for Stronger Application Security Management: New study shows banks all have policies in place, but lack metrics and good third-party software controls. Dark Reading, March 10, 2017

Nine Security Tips That Go Outside the Box: The great challenge of security is that you are not only battling Murphy’s Law — the universal tendency of things to go wrong — but also shrewd and malicious attackers who are looking for an edge. Rather than constantly changing strategies to match these evolving threats, many security pros could benefit from finding a few simple methods that can stand the test of time and help prevent a breach. Security Intelligence, March 2, 2017

Cyber Update

IT Depts Must Update Apache Struts 2. Under Active Attack: Apache Struts 2 installations are being targeted – and hacked in large numbers – by attackers who are exploiting a zero-day flaw in the platform to remotely execute code, security researchers warn. ThreatPost, March 9, 2017

Fileless Powershell malware uses DNS as covert communication channel: Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored. PC World, March 3, 2017

How hackers turned a Cape Cod fishing guide’s site into a host for e-commerce fraud: Cape Cod fishing guide Eric Stapelfeld trusted me to look after his website the same way that I trust him to find fish. Until a few weeks ago, I believed I had the easier part of the bargain. After all, what’s hard about maintaining a simple WordPress site with a phone number and lots of striped bass pictures? As it turns out, everything is hard, really hard, when hackers go to work on a vulnerable site — even a simple one. And no fish ever put up a fight like the malware that took over Eric’s site. Tech Crunch, March 3, 2017

Cyber Law

Credit union sues Eddie Bauer for failing to prevent data breach: A credit union has sued Eddie Bauer, alleging that the Bellevue clothing retailer failed to take adequate steps to protect against a hack that swiped the credit-card information of customers last year. The Seatlle Times, March 9, 2017

Cyber Security in Society

Cyber Crime

Payments Giant Verifone Investigating Breach: Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. KrebsOnSecurity, March 7, 2017

Cyber Freedom

FBI Director Says Growing Encryption Use Hinders Basic Crime Investigations: FBI Director James Comey on Wednesday again called for an “adult conversation” about encryption, saying its growing use is making it increasingly hard for law enforcement officials to investigate crimes. Consumer Reports, March 8, 2017

National Cyber Security

Dutch Gov’t Under Cyber Attack from Russian Hackers in Attempt to Influence Upcoming Election: The Dutch government, like its German and French counterparts, fears that Russia is trying to influence the upcoming election through hacking schemes and by spreading fake news. Thessa Lageman reports. DW, March 10, 2017

WikiLeaks Reveal Demonstrates Encryption Apps’ Vulnerabilities: The CIA can hack into smartphones and read messages as they’re being typed on encrypted messaging apps. David Greene talks to Moxie Marlinspike, founder of the encrypted messaging app Signal. NPR, March 10, 2017

What the CIA WikiLeaks Dump Tells Us: Encryption Works: NEW YORK — If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it’s that data-scrambling, The New York Times, March 10, 2017

WikiLeaks: We’ll Work With Software Makers on Zero-Days: When WikiLeaks on Tuesday dumped thousands of files documenting hacking tools used by the U.S. Central Intelligence Agency, many feared WikiLeaks would soon publish a trove of so-called “zero days,” the actual computer code that the CIA uses to exploit previously unknown flaws in a range of software and hardware products used by consumers and businesses. But on Thursday, WikiLeaks editor-in-chief Julian Assange promised that his organization would work with hardware and software vendors to fix the security weaknesses prior to releasing additional details about the flaws. KrebsOnSecurity, March 9, 2017

WikiLeaks Dumps Docs on CIA’s Hacking Tools: WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far. KrebsOnSecurity, March 8, 2017

CIA docs provide coding tips and practices for hackers: There are thousands of files in WikiLeaks’ dump of data from the Central Intelligence Agency’s Engineering Development Group (EDG). This organization within the CIA’s Center for Cyber Intelligence is responsible for creating the tools used to hack into digital devices around the world in support of the CIA’s mission. The leaked documents come from an Atlassian Confluence server used by the EDG’s developers to track and document their projects. ars technica, March 8, 2017

Stewart Baker talks to Matt Tait about Russia’s cyberespionage operations – Steptoe Cyberlaw: In this episode, Matt Tait, aka @PwnAllTheThings, takes us on a tour of Russia’s cyberoperations. Ever wonder why there are three big Russian intel agencies but only two that have nicknames in cybersecurity research? Matt has the answer to this and all your other Russian cyberespionage questions. Steptoe Cybersecurity Blog, March 6, 2017

New Report Illustrates Why Encryption Is Such a Headache for Lawmakers: Encrypted smartphones and messaging apps that prevent even the companies that make them from decrypting their data are unreasonably hindering criminal investigations, and the situation is worsening, say law enforcement officials. A new report from the Center for Strategic and International Studies, a prominent bipartisan policy think tank, helps quantify the scale and complexity of the issue. MIT Technology Review, March 3, 2017

Mike Pence used an AOL e-mail account for state business and it got hacked: As the US Republican vice presidential candidate, Mike Pence vigorously chastised Hillary Clinton for using a personal server to send and receive official e-mails while she was Secretary of State. Not only was the arrangement an attempt to escape public accountability, he said, it also put classified information within dangerous reach of hackers. ars technica, March 3, 2017

Ex-NSA head: Cybersecurity agencies don’t share enough information to be successful: A former leader of the National Security Agency (NSA) told lawmakers Thursday that government agencies working on cybersecurity are too “stovepiped” to safeguard the nation from digital threats. The Hill, March 2, 2017

House Panel OKs Plan for NIST to Audit Framework Implementation: A divided House Science, Space and Technology Committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework. BankInfoSecurity, March 1, 2017

Critical Infrastructure

FCC putting users at increased risk as it weakens telecom cybersecurity regulations: The ideological goal of “light touch regulation” as proposed by the new head of the US FCC has hit a barrier: cybersecurity. TheRegister, March 10, 2017

Cyber Research

Rand publishes first-ever study of 0-days. Time from discovery to exploit often less than a month: It takes less than a month for most zero-day exploits to be developed, and about a quarter of those previously unknown and unpatched vulnerabilities will go undiscovered and undisclosed to the vendor for an average of 9.5 years. And the odds two hackers will find the same zero day are slim. ThreatPost, March 10, 2017



Cyber ReseArch

Cyber News

Cyber info


The content of this CRC-ICS Cyber News Update is provided for information purposes only. No claim is made as to the accuracy or authenticity of the content of this news update or incorporated into it by reference. No responsibility is taken for any information or services which may appear on any linked websites. The information provided is for individual expert use only.



Founded in 2015, the Cyber Research Center - Industrial Control Systems is a not for profit research & information sharing research center working on the future state of Physical & Cyber Protection and Resilience. CRC-ICS goals are to inform industries / critical infrastructures about the fast changing threats they are facing and the measures, controls and techniques that can be implemented to be prepared to deal with these cyber threats.



Cyber Research Center - Industrial Control Systems. 2017

www.crc-ics.net or www.cyber-research-center.net