Cyber Research

Cyber News

Cyber Info


january, 2018







 In this issue



*         How the Triton malware shut down critical infrastructure in the Middle East

*         Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack

*         Industrial Firms Increasingly Hit With Targeted Attacks: Survey

*         Infrastructure giants warned: Be ready for cyber attacks or face fines

*         Latest Cyber Security NewsLatest Cyber Security News


about the Cyber Security News update

The Cyber News Update is an activity of the Cyber Research Center - Industrial Control Systems and intended to reach out to all Cyber Security Professionals interested in industrial / critical infrastructure threats, protection & resilience. For more information visit the CRC-ICS website at www.crc-ics.net or www.cyber-research-center.net


How the Triton malware shut down critical infrastructure in the Middle East

January 17, 2018

Nation state cyberattackers recently caused the emergency shutdown of an industrial organization when they attempted to reprogram the safety system, FireEye researchers explained.

The malware, dubbed Triton by the researchers, was created specifically to interface with the Triconex Safety Instrumented System (SIS) controllers in use at the organization. The attacks follows a trend of malware created to target industrial control systems (ICS), which grew after the 2010 Stuxnet attack in Iran, the post said.

According to the post, an attacker got access to an actual SIS engineering workstation (which was running Windows) before deploying the Triton malware. The original goal was to use the malicious software to reprogram the safety controllers.

The attack vector for Triton, the nation state-sponsored malware that attacked industrial sites in the Middle East in December 2017, has been revealed by the hardware manufacturer whose equipment was the target.


Schneider Electric recently published a security notification detailing how the Triton malware managed to infect its Triconex Safety Controllers using a zero-day exploit specific to some of its older controllers.

That wasn't the only cause of the infection, however: Had a critical Tricon key switch not been in "program" mode, the attack would never have been able to spread through the network.

"A complex malware infection scenario"

Regardless of the limited success of Triton's ultimate goals, it did manage to pull off several phases of what Triton called a complex scenario.

To begin, Triton had to gain unrestricted access to the safety network, which could be accomplished either physically or by remote. To get any further, however, Triton needed the aforementioned switch to be in "program" mode, and it was—as far as Schneider Electric can tell.


Perhaps Triton's most important function was its ability to perform network reconnaissance, in which it could "scan and map the industrial control system to provide reconnaissance and issue commands to Tricon controllers," Schneider Electric said.

From there, Triton was designed to act as a remote access Trojan (RAT), enabling its controller to perform actions on the infected network as if it had physical access.

As our sister site ZDNet points out, flaws in Triton's payload script caused it to fail to do much besides simply infect the network—its payload failure triggered a response in the control systems, placing them in safe mode and preventing spread of the attack.

Industrial systems are tempting targets

Triton isn't the only example of an attack on industrial systems and the industrial internet of things (IIOT). Both are tempting targets, especially as industry continues to become more connected.

Estimates put the IIOT market at $151 billion by 2020, and if proper security measures aren't in place, companies, and even national infrastructure, could be crippled by the right attack.

SEE: Incident response policy (Tech Pro Research)

Schneider Electric makes some excellent suggestions for protecting your industrial control systems and IIOT hardware in its security bulletin. These are steps companies should be following regardless of who their hardware vendor is:

  • Make sure that proper antivirus software is installed on all machines.
  • Install security, OS, and firmware updates as soon as they are available.
  • Deploy safety features on all networks—even isolated ones.
  • Ensure that physical measures are in place to prevent unauthorized access to control systems. That includes locking cabinets as well as placing sensitive hardware behind access-controlled doors.
  • Restrict network access for outside devices until they can be verified to be virus and malware free.
  • Use the NIST Cybersecurity Framework to develop effective policies and assess your preparedness for an attack.

More info https://www.techrepublic.com/article/how-the-triton-malware-shut-down-critical-infrastructure-in-the-middle-east/#ftag=RSS56d97e7

Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack

January 16, 2018


The world's largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.

By all accounts, this is a monumental effort from Maersk's IT staff, equivalent to installing a new infrastructure from the ground up.

The effort is even more jaw-dropping when we take into consideration that Maersk is the world's largest shipping companies, hauling over a fifth of the world's ship containers.

Maersk CEO: "We had to reinstall an entire infrastructure"

These new details came to light yesterday, while Jim Hagemann Snabe, Chairman of A.P. Møller-Maersk, participated in a panel on securing the future of cyberspace at the World Economic Forum held in Davos, Switzerland.

The incident Snabe was referencing is the NotPetya ransomware outbreak that hit companies around the world.

"I'll never forget, It was the 27 of June when I was woken up at 4 o'clock in the morning. A call came from the office that we had suffered a cyberattack," Snabe said.

"The impact of that is that we basically found that we had to reinstall an entire infrastructure," Snabe continued. "We had to install 4,000 new servers, 45,000 new PCs, 2,500 applications."

"And that was done in a heroic effort over ten days. Normally —I come from the IT industry— I would say it's gonna take six months. It took ten days," Snabe added, referring to his previous position as SAP's CEO.

Maersk covered 80% of all shipping volume without any IT

The consequences were felt almost immediately in Maersk's operations, but Snabe says his company's employees faced the storm bravely, with minimal impact on the firm's activity.

"Imagine a company where a ship with 20,000 containers would enter a port every 15 minutes, and for ten days you have no IT.

"It's almost impossible to even imagine. And we actually overcome that problem with human resilience," Stabe said. "We only had a 20% drop in volume, so we managed 80% of that volume manually. [...] Customers were great contributors to overcoming that."

Maersk: We were collateral damage of probably a state attack

In hindsight, Snabe says he feels that his company was just "collateral damage of probably a state attack."

The NotPetya ransomware initially spread as a malicious update of M.E.Doc, a popular Ukrainian accounting software. Many non-Ukrainian companies were also infected because NotPetya spread to internal networks via VPN. The ransomware infected a company's offices in different countries after it initially infected Ukrainian headquarters.

Snabe's remarks regarding NotPetya being a state attack come after many cyber-security companies attributed to NotPetya ransomware to a cyber-espionage group named TeleBots that many suspect is the cyber-arm of a Russian intelligence agency.

Ukrainian officials didn't mince words or time blaming NotPetya on Russia, and recently, even the CIA officially blamed the Russian military's GRU GTsST, or Main Center for Special Technology, as the source of the NotPetya ransomware, in a classified report seen by Washington Post reporters.

Maersk: NotPetya damage between $250 and $300 million

Sabe also said his company estimated the damages caused by NotPetya to between $250 and $300 million. This is also the damages tag that both US pharmaceutics giant Merck and US-based international courier service FedEx also put on the NotPetya aftermath.

Maersk was lucky to fully recover in ten days after the incident. A month after NotPetya hit some of its factories, Merck was still not producing some types of bulk products used for products such as KEYTRUDA, JANUVIA, and ZEPATIER, critical drugs for various illnesses.

FedEx was also unlucky, revealing that some of the NotPetya damage was permanent, and admitting that its TNT subsidiary might have lost some customer package details for good.

Maersk CEO now sees the good side of the incident

"It was an important wake-up call," he said. "We were basically average when it comes to cyber-security, like many companies. And this was a wake-up call to become not just good —we actually have a plan to come in a situation where our ability to manage cyber-security becomes a competitive advantage."

In the subsequent discussions, Snabe also urged fellow Davos World Economic Forum participants to focus on securing cyberspace.

A video of Snabe's comments regarding Maersk's NotPetya recovery efforts, and more, is embedded below. The discussion is right at the beginning, following the 02:20 mark.

Read more: https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pcs-and-4-000-servers-to-recover-from-notpetya-attack/

Industrial Firms Increasingly Hit With Targeted Attacks: Survey

January 5, 2018.

An increasing number of companies in the industrial sector have experienced a targeted attack, according to a survey conducted by Kaspersky Lab and B2B International.

As part of its 2017 IT Security Risks Survey, Kaspersky talked to more than 5,200 representatives of small, medium and large businesses in 29 countries about IT security and the incidents they deal with.

Of the 962 industrial companies surveyed, 28% said they had faced a targeted attack in the last 12 months. This represents an 8 percentage point increase compared to the previous year.

“The fact that the most dangerous incident type has grown by more than a third strongly suggests that cybercriminal groups are paying much closer attention to the industrial sector,” Kaspersky said.

More than half of industrial organization surveyed by Kaspersky reported being hit by malware attacks in the last year.

A majority of industrial sector respondents claimed that the security incidents they experienced were complex, and nearly half admitted that there is insufficient insight into the threats they face.

Roughly one-third of companies reported that it had taken them several days to detect an incident, while 20% said it had taken them several weeks.

While 62% believe sophisticated security software is necessary to address potential threats, almost half of respondents also noted that staff has not followed IT security policies. The number of people who blamed staff in the industrial sector is 6% higher compared to other sectors that took part in Kaspersky’s survey.

“Cyberattacks on industrial control systems have become the indisputable number-one concern. The good news is that the majority of industrial market players know which threats are coming to the fore today and will be relevant in the near future,” explained Andrey Suvorov, Head of Critical Infrastructure Protection Business Development at Kaspersky.

“That’s why it’s crucially important to implement a complex security solution that’s specifically designed to protect automated industrial environments, is highly flexible and configured in accordance with the technological processes of each organisation.”

More Info http://www.securityweek.com/industrial-firms-increasingly-hit-targeted-attacks-survey




Infrastructure giants warned: Be ready for cyber attacks or face fines

January 27, 2018.

Britain's energy, water and transport companies have been ordered to strengthen their cyber defences or risk fines amid growing fears that Russian hackers are planning an attack on critical infrastructure.

Companies dealing with infrastructure that have failed to prepare for assaults will be penalised in the event of an attack, the Government has announced. Offenders face fines of up to £17m for weak defences or failing to notify regulators about cyber attacks.

The new measures will cover electricity, oil and gas companies, water suppliers, healthcare, air, sea, road and rail transport, telecoms groups, and digital companies such as cloud ­service providers.

The head of the UK’s National Cyber Security Centre has warned that a major cyber-attack on the UK is a matter of “when, not if”, raising the prospect of devastating disruption to British elections and critical infrastructure.

Read more: http://www.telegraph.co.uk/technology/2018/01/27/infrastructure-giants-warned-ready-cyber-attacks-face-fines/

Latest Cyber Security News

Individuals at Risk

Cyber Defense

90% of Gmail users could improve their security easily, but don’t: Google has finally admitted something alarming about the world’s one billion regular Gmail users – barely any have turned on two-step verification (2SV) security. Naked Security, January 19, 2018

Google removes 53 apps from official Play Store because they were spreading a new breed of Android malware named GhostTeam that could steal Facebook credentials and push ads to infected phones: Google has removed 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam that could steal Facebook credentials and push ads to infected phones. BleepingComputer, January 18, 2018

Intel Confirms Fresh Spectre, Meltdown Patch Problems: Intel says the firmware updates it developed to help protect users against Meltdown and Spectre flaws are causing stability problems in its newest chips. BankInfoSecurity, January 18, 2018

Internet of Things

Some Basic Rules for Securing Your IoT Stuff: Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldn’t begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and “smart” lightbulbs. KrebsOnSecurity, January 17, 2018

Cyber Warning

Hackers are using recent Microsoft Office vulnerabilities to distribute malware: Malware can steal passwords, bitcoin wallets, software keys, as well as carry out DDoS attacks and more — and a campaign distributing it is targeting telecommunications, insurance, and financial services. ZDNet, January 19, 2018

Hackers cast out 300% more phishing attacks via messages: This research provides a clear warning that everyone must be thorough and diligent when it comes to clicking on links, always be sceptical. CBR, January 18, 2018

Chromecast and Google Homes reportedly overloading home Wi-Fi: Users on the Google help forums and Reddit are reporting that Google Home and Google Chromecast devices are causing issues with their Wi-Fi networks. Users say hooking up these Google hardware products leads to an unstable Wi-Fi network or a network that goes down entirely. ars technica, January 17, 2018

Found: New Android malware with never-before-seen spying capabilities: Last year, researchers found what at the time was quite possibly the world’s most sophisticated espionage app ever written for the Android mobile operating system. Now, in a discovery that underscores the growing arms race among competing malware developers, researchers have uncovered a new Android spying platform that includes location-based audio recording and other features that have never been seen in the wild before. ars technica, January 16, 2018

MaMi malware targets Mac OS X DNS settings: A researcher has discovered a strain of malware in the wild which targets Mac OS X users. ZDNet, January 15, 2018

Fake Meltdown/Spectre Patch Installs Malware: Cybercriminals are already taking advantage of the massive attention the recently detailed Meltdown and Spectre CPU flaws have received, in an attempt to trick users into installing malware instead, Malwarebytes warns. SecurityWeek, January 15, 2018

Information Security Management in the Organization

Information Security Management and Governance

Supply Chain Cyber Attacks Illustrate Importance of Vendor Risk Management: While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security. DarkReading, January 19, 2018

Cyberattacks on Hotels — What Should Hotel Owners and Operators Do?: Almost as soon as there were data breaches, hotels became a prime target of hackers, and the hospitality industry has consistently been one of the most commonly targeted businesses. Since 2010, hotel properties ranging from major multinational corporations to single location hotels have been impacted. Robert Braun, SecureTheVillage Leadership Council, JMBM Cybersecurity Lawyer Forum, January 12, 2018

Cyber Awareness

Google’s Confusing Gmail Security Alert Looks Exactly Like a Phishing Attempt: Last week, my partner got a strange email alert from Google—or at least it looked like it came from Google. Motherboard, January 16, 2018

Staying Secure on the Road: We want you to be able to make the most of technology at all times, including when you travel. In this newsletter, we cover how you can connect to the Internet and use your devices securely on the road. SANS, February 2017

Cyber Warning

Linux and Windows Servers Targeted with RubyMiner Cryptocurrency Malware: Security researchers have spotted a new strain of malware being deployed online. Named RubyMiner, this malware is a cryptocurrency miner spotted going after outdated web servers. BleepingComputer, January 15, 2018

Box users scramble as files disappear for several days: Business user file sync and sharer Box “sank” for some users late last week, who took to forums and social media complaining they could not see any of their files. TheRegister, January 15, 2018

Cyber Defense

Fujitsu will replace passwords and keycards with palm scanning for 80K employees in Japan: The new authentication method, which verifies a user based on a vein in their palm, will give employees access to buildings and desktops. TechRepublic, January 19, 2018

Meltdown-Spectre: More businesses warned off patching over stability issues: Industrial companies are being told to avoid some Meltdown and Spectre fixes after reports of problems. ZDNet, January 15, 2018

Cybersecurity in Society

Cyber Crime

Hospital Pays $55K Ransomware Demand Despite Having Backups: An Indiana hospital paid a ransom of $55,000 to get rid of ransomware that had infected its systems and was hindering operations last week. BleepingComputer, January 16, 2018

OnePlus suspends credit card payments after customers report fraudulent purchases: OnePlus has temporarily shut down credit card payments on its website following reports that customers’ payment details were stolen after they bought goods through its online store. The company says it’s disabling credit card payments “as a precaution,” but will still be accepting purchases through PayPal. OnePlus also says it’s looking for “alternative secure payment” options. TheVerge, January 16, 2018

Serial SWATter Tyler “SWAuTisticBarriss Charged with Involuntary Manslaughter after phony emergency call to Kansas police last month triggered fatal shooting: Tyler Raj Barriss, a 25-year-old serial “swatter” whose phony emergency call to Kansas police last month triggered a fatal shooting, has been charged with involuntary manslaughter and faces up to eleven years in prison. KrebsOnSecurity, January 15, 2018

Hackers Hijack DNS Server of BlackWallet to Steal $400,000: Unknown hackers (or hacker) have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and has stolen over $400,000 from users’ accounts. BleepingComputer, January 14, 2018

Cyber Danger

Cyber-attacks are a top three risk to society, alongside natural disaster and extreme weather: A report has warned that ransomware, Internet of Things hacks, and industrial attacks could be almost as big a problem as natural disasters and extreme weather. ZDNet, January 17, 2018

Cyber Privacy

iPhone’s Apple Health data used as evidence in murder trial: If you have an iPhone running iOS 6S or later, you’ve got Apple’s Health App, which accurately records steps. You’ve also got the Altimeter app, which keeps track of changes in elevation, to track how many stairs you’ve climbed. NakedSecurity, January 15, 2018

Cyber Attack

How the Triton malware shut down critical infrastructure in the Middle East: The December attack leveraged a zero-day flaw, and user error, to infect industrial equipment. TechRepublic, January 19, 2018

Know Your Enemy

North Korean Hacker Group Seen Behind Crypto Attack in South: The same North Korean hacking outfit associated with the Sony Pictures Entertainment data theft was behind attacks on South Korean cryptocurrency users and exchanges toward the end of last year, U.S.-based researchers said. Bloomberg, January 16, 2018

Cyber Freedom

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. HelpNetSecurity, January 19, 2018

National Cybersecurity

Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes: The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine last year, an effort to disrupt that country’s financial system amid its ongoing war with separatists loyal to the Kremlin. The Washington Post, January 12, 2018


Cyber Sunshine

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com: Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com. KrebsOnSecurity, January 15, 2018


World’s Largest Spam Botnet Is Pumping and Dumping an Obscure Cryptocurrency: Necurs, the world’s largest spam botnet, is currently sending millions of spam emails that push an obscure cryptocurrency named Swisscoin. BleepingComputer, January 17, 2018

Cyber Miscellany

21 states sue FCC to restore net neutrality rules: Twenty-one states and the District of Columbia today kicked off a lawsuit to overturn the Federal Communications Commission’s repeal of net neutrality rules. Advocacy groups are also suing the FCC. ars technica, January 16, 2018

Identity Theft

Infant Social Security numbers are for sale on the dark web for $300 in bitcoin. Includes date of birth and mother’s maiden name: Cybercriminals claim to be selling the Social Security numbers of babies on the dark web. CNN, January 22, 2018

Cyber Privacy

Could hackers – or your spouse – be spying on your Tinder?: Be careful who you swipe right on — hackers may be taking note. MarketWatch, January 27, 2018

Large cache of sensitive medical records handled by a US-based digital records management company was found stored in an Amazon S3 storage bucket without adequate protection.: A large cache of sensitive medical records handled by a US-based digital records management company was found stored in an Amazon S3 storage bucket without adequate protection. SC Magazine, January 22, 2018

Cyber Crime

Coincheck cryptocurrency exchange loses more than $400m to hackers in world’s biggest ever digital currency ‘theft’: One of Japan’s largest digital currency exchanges says it has lost some $534m (£380m) worth of virtual assets in a hacking attack on its network. BBC, January 27, 2018

Coincheck to Repay Customers Who Lost Money in $400 Million Hack: Japanese cryptocurrency exchange Coincheck Inc. said it will use its own capital to reimburse customers who lost money in Friday’s $400 million theft. Bloomberg, January 27, 2018

Bell Canada informs customers that personal data has been compromised in breach affecting up to 100,000 individuals: Bell Canada has started informing customers that their personal data has been compromised in a breach that reportedly affects up to 100,000 individuals. SecurityWeek, January 24, 2018

National Stores, Inc. notifies customers that malware may have compromised payment cards: National Stores, Inc., (“National Stores” or the “Company”) announced today that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. Immediately upon detecting the incident, the Company engaged nationally recognized digital cybersecurity firms to assist with an investigation. The Company also contacted payment card brands so the payment card brands could take steps to prevent fraudulent activity on any affected cards. In addition, the Company contacted the FBI about this criminal activity and will continue to provide whatever cooperation is necessary to hold the malicious actors accountable. DataBreaches.net, January 23, 2018

Cyber Awareness

Are YOU too smart to be scammed? Try this online test to see if you are one of the 9% that can spot a hoax message: Nine in 10 people think they can spot a fraudulent message. But it seems we may be overconfident in our skills. New research has found only one in ten people can score full marks on a quiz that tests their scam-spotting abilities. The Daily Mail, January 21, 2018

Cyber Update

Apple Patches Meltdown Flaw in Older Versions of macOS: Apple on Tuesday released security updates for a majority of its products, and it patched the vulnerability that allows Meltdown attacks in earlier versions of its Mac operating system. SecurityWeek, January 24, 2018

Cyber Warning

Hackers Abuse Google Ad Network To Spread Malware That Mines Cryptocurrency: More than a decade ago Google bought DoubleClick, one of the first major advertising services on the Web, for a cool $3.1 billion. That acquisition is a major reason that Google is such a dominant force in online advertising today. Forbes, January 26, 2018

Infected Android Games Spread Adware to More Than 4.5 Million Users: An Android app component meant to provide inter-user chatting capabilities has been opening websites and clicking on ads in phones’ background. BleepingComputer, January 25, 2018

Flaws found in popular personal panic buttons could render them useless: Another day, another addition to the trashfire that is Internet of Things’ security. ZDNet, January 24, 2018

Bitcoin wallet devices vulnerable to security hacks, study shows: Devices used to manage accounts on the innovative payment system Bitcoin could be improved to provide better protection against hackers, research suggests. Phys.org, January 23, 2018

Information Security Management in the Organization

Information Security Management and Governance

Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack: The world’s largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. BleepingComputer, January 25, 2018

Fraud, cyber, & security risks at all-time high as cyber attacks displace theft of physical assets ‘for first time,’ says new Kroll report: Fraud, cyber, and security risks are at an all-time high, according to an annual report on global fraud and risk carried out by Kroll, a US-based corporate investigations and risk management consultancy, which noted that “information theft, loss, or attack was the most prevalent type of fraud experienced” for the first time in the annual Kroll report’s 10-year history. InternationalInvestment, January 22, 2018

Take Time To Understand The Cyber Threat Landscape: Cybercrime is on the rise. The number of data breaches in 2017 was staggering and things are likely to get worse. More than 5 million data records are lost or stolen every day, according to the Breach Level Index. Cybercrime is predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures. ISTP Magazine, January 2018

Cyber Awareness

Are bad analogies killing your security training program?: Humans make irrational decisions under pressure. Security training needs to focus on changing behavior, not just raising awareness. Using effective analogies can help. CSO, January 23, 2018

Cyber Warning

Ransomware Outlook: 542 Crypto-Lockers and Counting. “From a business standpoint, the biggest threat, especially at the end of last year, was ransomware,” says Adam Kujawa, director of malware intelligence at security firm Malwarebytes: Ransomware continues to pose a clear and present threat to businesses and consumers. BankInfoSecurity, January 25, 2018

Security flaw found in Electron, a major application development tool. Affected apps include Skype, Signal, Slack, Twitch, WordPress, Github, Others: A flaw in a very popular software-building framework may affect a large number of popular desktop apps from Microsoft (Skype, Visual Studio Code), Brave (browser), GitHub (Atom Editor), Signal, Slack, Basecamp, WordPress.com, Twitch, Ghost, and others. BleepingComputer, January 24, 2018

Cyber Defense

Artificial intelligence and cybersecurity: The real deal: AI will have a growing impact on cybersecurity technology as a helper app, not as a new product category. CSO, January 25, 2018

Spectre and Meltdown: Cheat sheet: What are the Spectre and Meltdown vulnerabilities, and how do they affect you? This essential guide will tell you everything you need to know about Spectre and Meltdown. TechRepublic, January 26, 2018

Dell Advising All Customers To Not Install Spectre BIOS Updates: The Spectre & Meltdown mess continues with Dell now recommending their customers do not install the BIOS updates that resolve the Spectre (Variant 2) vulnerabilities. These updates have been causing numerous problems for users including performance issues, boot issues, reboot issues, and general system instability. BleepingComputer, January 23, 2018

Red Hat Pulls Spectre Patches Due to Instability: Red Hat has decided to pull microcode patches for one variant of the Spectre exploit after users complained that updates had caused their systems to stop booting. SecurityWeek, January 22, 2018

Spectre and Meltdown patches causing trouble as realistic attacks get closer: Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year. ars technica, January 15, 2018

Cyber Leadership

Good privacy is good for business. Data privacy concerns are causing significant sales cycle delays, according to new Cisco report: Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018 Privacy Maturity Benchmark Study. HelpNetSecurity, January 26, 2018

Cyber Insurance

Industry estimates a cyber attack against a major cloud provider could be as costly as a hurricane. Cyber-attacks are listed as a top three risk to society alongside natural disasters and extreme weather: The economic costs of a large cyber-attack could be as large as the impact of a major natural disaster. ZDNet, January 17, 2018

Cybersecurity in Society

Cyber Crime

The Global Cost Of Cybercrime Will Reach Two Trillion Dollars By 2019, A Threefold Increase From 2015 Predicts Global Cyber Alliance: After a welcoming address from Giulia Lupato – PIMFA’s Senior Policy Adviser and Chair for the day – the 2018 financial crime conference began with an address from Robin Jones, Head of FCA Technology – Resilience & Cyber Specialist Supervision. Robin spoke about cyber resilience, contingency planning, moving cyber security considerations beyond the remit of a company’s IT department to its board and creating a security culture in firms. MondoVisione, January 26, 2018

More than 10% of funds from initial coin offerings (ICOs) lost or stolen by hackers; $400 million from $3.7 billion in funding for 372 ICOs. Ernst & Young Research: Research by Ernst & Young indicates that hackers stole about $400 million from 372 initial coin offerings over the last two years. CNET, January 22, 2018

National Cybersecurity

To sell in Russia, tech firms provided source code of software widely used by U.S. government to Russian Defense Agency. Russians can analyze source code for vulnerabilities to attack U.S. government: Major global technology providers SAP (SAPG.DE), Symantec (SYMC.O) and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found. Reuters, January 25, 2018

Know the Enemy

IoT Botnets the Work of a ‘Vast Minority’: In December 2017, the U.S. Department of Justice announced indictments and guilty pleas by three men in the United States responsible for creating and using Mirai, a malware strain that enslaves poorly-secured “Internet of Things” or IoT devices like security cameras and digital video recorders for use in large-scale cyberattacks. KrebsOnSecurity, January 24, 2018

Fake News

Russian bots duped 650,000 Twitter users in the 2016 US election: Russian Twitter accounts sent 170,000 tweets in the run up to the election. ITPro, January 22, 2018


Long accused of being a Ponzi-scheme, Bitconnect shuts its cryptocurrency exchange and lending service after receiving cease and desist letters from two American securities regulators: What looked too good to be true ended up being just that, as Bitconnect has all but closed its doors. CoinTelegraph, January 19, 2018

Cyber Regulation

Net neutrality will be enforced in New York under orders from governor: Executive order prevents state from buying Internet service that isn’t neutral. ars technica, January 25, 2018



Cyber ReseArch

Cyber News

Cyber info


The content of this CRC-ICS Cyber News Update is provided for information purposes only. No claim is made as to the accuracy or authenticity of the content of this news update or incorporated into it by reference. No responsibility is taken for any information or services which may appear on any linked websites. The information provided is for individual expert use only.



Founded in 2015, the Cyber Research Center - Industrial Control Systems is a not for profit research & information sharing research center working on the future state of Physical & Cyber Protection and Resilience. CRC-ICS goals are to inform industries / critical infrastructures about the fast changing threats they are facing and the measures, controls and techniques that can be implemented to be prepared to deal with these cyber threats.



Cyber Research Center - Industrial Control Systems. 2018

www.crc-ics.net or www.cyber-research-center.net