Cyber Research

Cyber News

Cyber Info


december, 2017







 In this issue



*         Cybersecurity trends for 2018

*         MMC CYBER HANDBOOK 2018

*         ‘Significant amount’ of sensitive security data stolen in Perth Airport hacking

*         Shipping giant hit by Cyberattack, refuses to pay hackers' ransom

*         Latest Cyber Security NewsLatest Cyber Security News


about the Cyber Security News update

The Cyber News Update is an activity of the Cyber Research Center - Industrial Control Systems and intended to reach out to all Cyber Security Professionals interested in industrial / critical infrastructure threats, protection & resilience. For more information visit the CRC-ICS website at www.crc-ics.net or www.cyber-research-center.net


Cybersecurity trends for 2018

December 8, 2017

2017 was dominated by news of major hacks, cybersecurity threats and data breaches. What will 2018 have in store?


2017 was a year dominated by news of data breaches and new cybersecurity threats, from major hacks affecting companies like Equifax and Verizon to ransomware attacks such as the global WannaCry incident.

It stands to reason then that we will see more of the same in 2018, with corporations, governments, public bodies and even political campaigns all likely targets.

So, what exactly will 2018 have in store? McAfee Inc.’s recent threats predictions report identified five key cyber security trends to watch in 2018:


·         An adversarial machine learning “arms race” between attackers and defenders

·         Ransomware to evolve from traditional PC extortion to IoT, high net-worth users, and corporate disruption

·         Serverless Apps to create attack opportunities targeting privileges, app dependencies, and data transfers

·         Connected home devices to surrender consumer privacy to corporate marketers

·         Consumer apps collection of children’s content to pose long-term reputation risk


It is hard to argue with these predictions, particularly those concerning an “arms race” and the evolution of ransomware.

Those of us involved in cybersecurity solutions have been locked in an “arms race” with hackers and their like for many years, each side trading the advantage as new risks emerge and new solutions are developed.

But the growth of AI and machine learning, with tech giants like Amazon, Facebook and Google all getting in on the game, makes this the next area ripe for exploitation.

As McAfee’s report said: “Adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.”

It will be essential, therefore, for enterprises to become more strategic in their thinking and combine machine learning with human intellect and intuition to understand these new risks and anticipate where they might come from.

When it comes to the threat of ransomware, we should see the WannaCry attack as the beginning of this trend, the thin end of the wedge if you will.

The good thing about WannaCry is that it focused attention in this area and now lots of enterprises are proactively investing in making their systems and data secure so they don’t fall victim to future attacks.

Unfortunately, these types of incidents will become more sophisticated and more frequent because they have been shown to work; as long as some enterprises are paying to rescue their data the attacks will continue.

I think the increase in number and sophistication of cyberattacks in 2017 will encourage many enterprises to introduce more rigorous cybersecurity procedures in 2018, both to hinder the external threats and negate the risk of insider threats.

This insider threat is particularly important as it presents the most immediate danger to an enterprise’s cybersecurity.

It can be broken down into three areas: the malicious insider, the opportunist insider and simple end user error.

It is this last category that poses the greatest risk. End user error is where an employee in the course of their work makes a mistake, such as inadvertently sharing something with the wrong person or typing in the wrong email address, which causes a data breach.

Even trusted employees are, after all, only human and can and will make honest mistakes.

A recent survey of cybersecurity professionals by Crowd Research Partners found the vast majority (90 per cent) of companies and government agencies feel vulnerable to insider threats.

What’s more, 53 per cent said there had been insider attacks against their organisation in the previous 12 months, and 27 per cent said they had become more frequent.

A renewed focus on cybersecurity will mean an increase in the use of external providers and solutions by many enterprises.

While this will be to their organisational advantage it will be to the detriment of their users, who will find themselves having to jump through more hoops to authenticate themselves and access systems and data.

This heightened security and atmosphere of mistrust could have implications for employee privacy, and we can expect to see cases where regulators have to get involved.

We should also expect the introduction of the GDPR in May to have a major impact. As with the introduction of most regulations or pieces of legislation, I expect there will be a period of grace in which the authorities will take a “softer” approach to breaches.

However, before the end of 2018 we should also expect to see at least one enterprise made an example of for breaching the GDPR and facing a huge fine, though nowhere near the maximum that has been threatened.

Finally, with the rapid improvements in artificial intelligence capability we should expect AI to be the next big thing in endpoint security.

Cyber solutions providers are already offering endpoint device protection using AI, and consequently we should also expect this to be an area hackers will look to exploit.

The key message for enterprises is to learn the lessons of 2017; cyberattacks will increase in volume and sophistication and if you are not being proactive in protecting yourself against them you stand to become a victim.


More info https://www.businesswire.com/news/home/20171129005305/en/McAfee-Labs-Previews-Cybersecurity-Trends-2018


December 15, 2017

Perspectives on the next wave of cyber


Cyber risk continues to grow as technology innovation increases and societal dependence on information technology expands. A new and important turning point has been reached in the struggle to manage this complex risk. In the war between cyber attackers and cyber defenders, we have reached what Winston Churchill might call “the end of the beginning.”

Three characteristics mark this phase shift. First, global cybercrime has reached such a high level of sophistication that it represents a mature global business sector – illicit to be sure, but one which is continually innovating and getting more efficient. In 2017 we have experienced the widespread use of nation state-caliber attack methods by criminal actors.

Powerful self-propagating malware designed to destroy data, hardware and physical systems have caused major business disruption to companies worldwide with an enormous financial price. The number of ransomware attacks has also spiked significantly. More attack incidents have impact extending beyond the initial victims with broad systemic ripple effects.

Second, business and economic sectors have high and growing levels of dependency on IT systems, applications and enabling software. Growth in connectivity between digital and physical worlds, and the acceleration in commercial deployment of innovative technologies like Internet of Things (IOT) and Artificial Intelligence (AI) will expand potential avenues for cyberattack and increase risk aggregation effects. These changes will make the next phase of cyber defense even more challenging.

The third shift is the rising importance of coordination among institutions – governments, regulatory authorities, law enforcement agencies, the legal and audit professions, the non-government policy community, the insurance industry, and others – as a critical counter to the global cyber threat. Cyber risk defense can only be effective if these groups share a common understanding of the changing nature of the threat, their importance and increased interconnected nature. Working individually and in concert, these groups can increase our collective cyber resilience. We are beginning to see expectations converge in areas such as increased transparency, higher penalties for failure to maintain a standard of due care in cyber defense, improved incident response, and an emphasis on risk management practices over compliance checklists. It will be vital for this trend to continue in the next phase.

Against this backdrop, the 2018 edition of the MMC Cyber handbook provides perspective on the shifting cyber threat environment, emerging global regulatory concepts, and best practices in the journey to cyber resiliency. It features articles from business leaders across Marsh & McLennan Companies as well as experts from Microsoft, Symantec, FireEye and Cyence.

We hope the handbook provides insight which will help you understand what it takes to achieve cyber resiliency in the face of this significant and persistent threat.

So, what is on the horizon to be the next new normal for the cyber world? At Cyence, our white hats are seeing a lot of new trends, but some areas we see evolving to include increased exposure to Internet of Things (IoT) exposures, increased ransomware efforts, and increased regulations. We believe there will be more attacks disrupting GPS and other geo location systems to cause disruptions in the physical world from supply chains and marine risks, to consumers reliant on GPS based products. As Bitcoin and other cryptocurrencies become more widely adopted, we expect to see more frequent and severe ransomware campaigns like WannaCry and NotPetya. Last, sovereign states are increasingly seeking regulations on data storage locations to provide governments with better control over their data. This control is desired for a variety of reasons including privacy, censorship, and anti-terrorism; compliance will require operational change by companies, but the variety of cloud resources available can simplify that transition for those organizations.

Read more: https://www.crc-ics.net/documents/CRC-ICS-2018_mmc-cyber-handbook-2018.pdf

‘Significant amount’ of sensitive security data stolen in Perth Airport hacking

December 10, 2017.


A skilled hacker in Vietnam stole sensitive security details and building plans from Perth Airport after breaking into its computer systems.

The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get access to the airport’s computer systems in March last year.

Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair MacGibbon said yesterday the man stole “a significant amount of data” relating to the airport, including building schematics and details of physical security at airport buildings.

Mr MacGibbon said Hai did not access radars or other systems linked to aircraft operations and the travelling public was not put at risk.

Perth Airport detected the breach and passed the information on to the Federal Government’s cybersecurity centre in Canberra.

The hack was traced to Vietnam and the Australian Federal Police tipped off counterparts in Vietnam, whose investigation led to Hai’s arrest.


The 31-year-old was convicted in a Vietnamese military court last week and sentenced to four years jail.

As well as hacking Perth Airport, Hai was found to have attacked infrastructure and websites in Vietnam, including those of banks, telecommunications and an online military newspaper.

Perth Airport is thought to have been his only Australian-based target. Mr MacGibbon described the hack as a “near miss”, saying it could have been a lot worse.

While Hai had accessed sensitive material, he had not stolen the personal details of travellers. “Was anyone ever at risk? The answer is no,” Mr MacGibbon said.

He praised the quick work of Perth Airport staff in detecting the hack and alerting authorities in Canberra.

Mr MacGibbon said it also showed how the AFP and the Australian Government had developed strong links with Vietnam.

He said there was no indication Hai was working with a larger group and no suggestion he had on-sold the material he stole from Perth Airport.

“This is a sign of the type of work we are going to be doing a lot more of in the future,” Mr MacGibbon said.

He said using details of a third-party contractor to break into critical infrastructure was becoming increasingly common.

Perth Airport chief executive Kevin Brown said it appeared the man had been attempting to steal credit card data.

“We completed a full and thorough risk assessment of the data that had been accessed to ensure there had been no threat to the safety of the travelling public,” he said. “At no time was the safety or security of the airport, its staff, passengers or partners compromised.”

Mr Brown said the airport was looking at ways to improve security related to contractors’ access to systems.

It was revealed this year that foreign attackers stole sensitive plans about Australia’s Joint Strike Fighter program after breaking into computers of a third-party contractor.

Although the contractor was working on some of the Government’s most sensitive programs, its security protocols were poor.

Mr MacGibbon said the episode underlined the need for big companies to demand contractors use strong security with two-factor identification procedures.

More Info https://thewest.com.au/news/wa/significant-amount-of-sensitive-security-data-stolen-in-perth-airport-hacking-ng-b88686393z




Shipping giant hit by Cyberattack, refuses to pay hackers' ransom

December 1, 2017.


File photo - A cargo ship is seen crossing through the New Suez Canal, Ismailia, Egypt, July 25, 2015. (REUTERS/Stringer)

U.K. shipping giant Clarkson has fallen victim to a cyberattack, but has vowed not to pay a ransom to the hackers.

On Wednesday, the London-based company confirmed the incident, which breached its computer systems. “Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled,” it said, in a statement. “We have also put in place additional security measures to best prevent a similar incident happening in the future.”

Clarkson has been working with police following the attack, but warned that the hacker or hackers may release some of the data they accessed. “The data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information,” it said.


The Wall Street Journal describes Clarkson as the world’s biggest shipbroker.

While specific details about the attack have not yet been released, Clarkson CEO Andi Case said that the company will not be intimidated into paying a ransom. “I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised,” he said, in the company’s statement.

This is not the first time that hackers have placed the shipping industry in their crosshairs. Danish shipping giant A.P. Moller-Maersk, for example, was targeted in the huge Petya ransomware attack earlier this year.


Read more: http://www.foxnews.com/tech/2017/11/30/shipping-giant-hit-by-cyberattack-refuses-to-pay-hackers-ransom.html

Latest Cyber Security News

Individuals at Risk

Cyber Danger

Privacy not included: A Guide to Make Shopping for Connected Gifts Safer, Easier, and Way More Fun: THE HOLIDAYS, it’s the most wonderful time of the year. Unless you buy a gift that spies on your kid or gets your friend hacked. Wish lists this year will have more connected devices than ever. How do you know if that gift comes with privacy included? We did the research to help you decide. Because Santa should be the only one watching you this holiday season. Mozilla, December 2017

Don’t Give Kids Holiday Gifts That Can Spy on Them: SAN FRANCISCO — During the holiday season, my husband and I tend to offer suggestions to those who are generous enough to insist on buying presents for our kids. Things like “Don’t spend more than $50” and “No guns.” Or, for those with whom we can be comfortably blunt, “Just cash, please.” The New York Times, December 8, 2017

Hackers Can Spy On Kids Through Some Holiday Toys: Some of this holiday season’s smart toys that can listen and talk to children are vulnerable to hackers who can take over such devices’ electronics, researchers are warning parents. CBS, December 8, 2017

Cyber Update

Google patches Android flaw allowing attackers to poison signed Apps with malicious code: Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and escalate privileges on targeted device with a signed app that appears to be from a trusted publisher, according to researchers. ThreatPost, December 8, 2017

Apple Fixes Flaw Impacting HomeKit Devices: Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers. Threatpost, December 8, 2017

Microsoft Issues Emergency Patch for ‘Critical’ Flaw in Windows Security: Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency’s National Cyber Security Centre (NCSC). DarkReading, December 8, 2017

Cyber Warning

Bitcoin traders beware: Fake trading bot offer installs Remote Access Trojan (RAT): As the price of Bitcoin keeps hitting surprising heights, more and more cyber crooks are turning their sights on anything and anyone who trades or uses the popular cryptocurrency. HelpNetSecurity, December 8, 2017

Mailsploit’ Lets Hackers Forge Perfect Email Spoofs: Pretending to be someone you’re not in an email has never been quite hard enough—hence phishing, that eternal scourge of internet security. But now one researcher has dug up a new collection of bugs in email programs that in many cases strip away even the existing, imperfect protections against email impersonation, allowing anyone to undetectably spoof a message with no hint at all to the recipient. Wired, December, 5, 2017

Information Security Management in the Organization

Information Security Management and Governance

NIST Releases Updated Cyber Framework V1.1: On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks and benefits, and addresses six new topics, including the Cyber-Attack Lifecycle. NIST has updated both the Framework and its accompanying Roadmap. ALston & Bird, December 5, 2017

Cyber Awareness

Phishers Are Upping Their Game. So Should You: Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate. KrebsOnSecurity, December 7, 2017

Cyber Defense

What Slugs in a Garden Can Teach Us About Security: Design principles observed in nature serve as a valuable model to improve organizations’ security approaches. DarkReading, December 8, 2017

Cybersecurity in Society

Cyber Crime

Cyber Criminals Steal $64M of Bitcoin From Cryptocurrency Firm NiceHash: A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies. Insurance Journal, December 8, 2017

NiceHash cryptomining exchange hacked, payment system compromised, and contents of NiceHash Bitcoin wallet stolen. $64m in Bitcoins stolen: NiceHash buyers and miners, change your passwords immediately if you haven’t already been ransacked: the cryptomining exchange that describes itself as the world’s largest marketplace for mining digital currencies has been vacuumed out. Naked Security, December 7, 2017

North Carolina County Refuses to Pay $23,000 Ransom to Hackers: In a world rocked by hackers, trolls and online evildoers of all stripes, the good people of the internet have long looked for a hero who would refuse to back down. Finally, someone has said enough is enough. And that someone is the government of Mecklenburg County, N.C. The New York Times, December 6, 2017

Shipping giant hit by cyberattack, refuses to pay hackers’ ransom: U.K. shipping giant Clarkson has fallen victim to a cyberattack, but has vowed not to pay a ransom to the hackers. Fox, November 30, 2017

Cyber Law

Bill Proposes Jail Time for Executives Who Conceal Data Breaches: On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach. Alston & Bird, December 4, 2017

Know Your Enemy

Cybersecurity Trends for 2018. McAfee Forecasts Adversarial Machine Learning, Ransomware, Serverless Apps, Connected Home Privacy, and Privacy of Child-Generated Content: 2017 was a year dominated by news of data breaches and new cybersecurity threats, from major hacks affecting companies like Equifax and Verizon to ransomware attacks such as the global WannaCry incident. CSO, December 8, 2017

How North Korea recruits its army of young hackers: SEOUL, South Korea — Teenage math whiz Ri Jong Yol was a solid candidate to join Kim Jong Un’s army of elite hackers. NBC News, December 8, 2017

Cybercrime Now Driven by Four Distinct Groups, says new report from Malwarebytes on “New Mafia”: The new generation of cyber-criminals resemble traditional Mafia organizations, not just in their professional coordination, but also in their willingness to intimidate and paralyze victims. InfoSecurity Group, December 8, 2017

Anti-Skimmer Detector for Skimmer Scammers: Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology. KrebsOnSecurity, December 5, 2017

National Cybersecurity

Stewart Baker discusses “unmasking” of US identities in intelligence reports with Lawfare’s Susan Hennessey and Andrew McCarthy of National Review – Steptoe Cyberlaw Podcast: Episode 195 features an interview with Susan Hennessey of Lawfare and Andrew McCarthy of the National Review. They walk us through the “unmasking” of US identities in intelligence reports — one of the most divisive partisan issues likely to come up in the re-enactment of section 702 of FISA. I bask momentarily in the glow of being cast as a civil liberties extremist. And Thidwick the Big-Hearted Moose offers insights into 702 reform. Steptoe Cyberblog, December 4, 2017

Financial Cybersecurity

Vulnerability in mobile apps of several high-profile banks exposed customers to man-in-the-middle attack allowing attackers to steal customers’ credentials including usernames and passwords: A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices. ZDNet, December 7, 2017

Cyber Medical

Experts Look For Lessons in FDA’s Pacemaker Cybersecurity Recall: In a paper in JAMA this week, two experts highlight lessons that could be learned from the US Food and Drug Administration’s (FDA) first major cybersecurity-related recall for a permanent implantable medical device. RAPS, December 8, 2017

Cyber Sunshine

Hacked Password Service Leakbase Goes Dark: Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year. KrebsOnSecurity, December 4, 2017

Former NSA Employee Pleads Guilty to Taking Classified Data: A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government. KrebsOnSecurity, December 2, 2017

Cyber Miscellany

Google’s AlphaZero artificial intelligence (AI) taught itself chess from scratch in four hours. Then, it wiped the floor with the former world-leading chess software, Stockfish 8: Human chess grandmaster Peter Heine Nielsen tells the BBC that he’s “always wondered how it would be if a superior species landed on earth and showed us how they played chess.” NakedSecurity, December 8, 2017

Gartner: IT Security Spending to Reach $96 Billion in 2018: Identity access management and security services to drive worldwide spending growth. DarkReading, December 8, 2017

So, What is This Blockchain Thing?: It’s hard to avoid articles, white papers, blog pieces and presentations that promote the almost magical use of blockchain – it seems that blockchain, a form of distributed ledger technology, can be applied to virtually any situation, and best of all, it is entirely secure. As Don and Alex Tapscott wrote in Blockchain Revolution, “The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.” Robert Braun, JMBM Cybersecurity Lawyer Forum, December 7, 2017



Cyber ReseArch

Cyber News

Cyber info


The content of this CRC-ICS Cyber News Update is provided for information purposes only. No claim is made as to the accuracy or authenticity of the content of this news update or incorporated into it by reference. No responsibility is taken for any information or services which may appear on any linked websites. The information provided is for individual expert use only.



Founded in 2015, the Cyber Research Center - Industrial Control Systems is a not for profit research & information sharing research center working on the future state of Physical & Cyber Protection and Resilience. CRC-ICS goals are to inform industries / critical infrastructures about the fast changing threats they are facing and the measures, controls and techniques that can be implemented to be prepared to deal with these cyber threats.



Cyber Research Center - Industrial Control Systems. 2018

www.crc-ics.net or www.cyber-research-center.net