10-24-18 – News This Past Week

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia.
https://thehackernews.com/2018/10/russia-triton-ics-malware.html

Russia was likely behind dangerous critical infrastructure attack, report says
The malware, alternately dubbed Triton and Trisis, was most likely designed to cause physical damage inside critical infrastructure sites, such as gas refineries and chemical plants, FireEye researchers said in a report published in December.
https://arstechnica.com/information-technology/2018/10/russia-was-likely-behind-dangerous-critical-infrastructure-attack-report-says/

Plaintext Passwords Often Put Industrial Systems at Risk
Plaintext passwords crossing the network, outdated operating systems, direct connections to the Internet, and the lack of automated updates for security solutions often put industrial systems at risk of attacks, according to a new report published on Tuesday by industrial cybersecurity firm CyberX.
https://www.securityweek.com/plaintext-passwords-often-put-industrial-systems-risk-report

The Danger and Opportunity in 5G Connectivity and IoT
The IoT is already rife with security issues resulting from poor incentives to fix vulnerabilities. At the same time, we are spiraling closer towards a hyper-connected world with the increasing momentum around 5G infrastructure. As telecommunications organizations build more infrastructure for 5G networks, we can expect to see wider adoption of IoT devices and an increase in the impact of the threats they pose.
https://threatpost.com/the-danger-and-opportunity-in-5g-connectivity-and-iot/138493/

Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking
Commandeered equipment – think Internet-of-Things sensors and gizmos, and automotive and industrial systems – can then be used to, say, spy on owners, siphon data out of a network, launch other cyber-attacks, and so on.
https://www.theregister.co.uk/2018/10/22/freertos_iot_platform_security_flaws/

AWS FreeRTOS Bugs Allow Compromise of IoT Devices
The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take them over. And while patches have been issued, researchers warn that it still may take time for smaller vendors to update.
https://threatpost.com/aws-freertos-bugs-allow-compromise-of-iot-devices/138455/

New Security Woes for Popular IoT Protocols
They found that the widely used device-to-device communications protocols contained inherent security weaknesses, especially in the way they are implemented in IoT devices – exposing flaws that could allow attackers to execute denial-of-service (DoS) attacks on devices or gain remote control of industrial IoT or consumer IoT devices for cyber espionage or worse.
https://www.darkreading.com/vulnerabilities—threats/new-security-woes-for-popular-iot-protocols/d/d-id/1333069

FBI Investigates Attack on Critical Water Utility
According to a media release from Onslow Water and Sewer Authority (ONWASA) issued on October 15, 2018, a critical water utility in North Carolina was targeted in a cyber-attack. Federal and state officials are now working with the water utility as part of the investigation into the attack on some of its computer systems.
https://www.infosecurity-magazine.com/news/fbi-investigates-attack-on/

Vulnerable controllers could allow attackers to manipulate marine diesel engines
These security flaws could be exploited by attackers to change the firmware and configuration files, install malware, and perform actions that effectively allow them to take control of a vessel’s engines
https://www.helpnetsecurity.com/2018/10/18/manipulate-marine-diesel-engines/

Medical device maker Medtronic finally fixes its hackable pacemaker
The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software with malicious software that could manipulate the impulses that regulate a patient’s heartbeat. The researchers, Jonathan Butts and Billy Rios, revealed the vulnerability at the Black Hat conference in August, more than a year after first reporting the vulnerability to Medtronic
https://techcrunch.com/2018/10/16/medical-device-maker-medtronic-finally-fixes-its-hackable-pacemaker/

GreyEnergy group targeting critical infrastructure with espionage
BlackEnergy has been terrorizing Ukraine for years and rose to prominence in December 2015 when they caused a blackout that left 230,000 people without electricity – the first-ever blackout caused by a cyberattack. Around the time of that incident, ESET researchers began detecting another malware framework named GreyEnergy.
https://www.helpnetsecurity.com/2018/10/17/greyenergy-group/

In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack
The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several weeks to come.”
https://threatpost.com/in-county-crippled-by-hurricane-water-utility-targeted-in-ransomware-attack/138327/

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers
A flaw in Medtronic’s CareLink 2090 and CareLink Encore 29901 programmers, which are portable computer systems used to manage implanted cardiac devices in clinical settings, would have allowed remote code implantation over Medtronic’s dedicated Software Deployment Network (SDN).
https://threatpost.com/remote-code-implantation-flaw-found-in-medtronic-cardiac-programmers/138363/

FDA Warns of Flaws in Medtronic Programmers
A vulnerability in the software update process of certain Medtronic Programmer models has determined the vendor to block the functionality on affected devices, the U.S. Food and Drug Administration (FDA) informs.
https://www.securityweek.com/fda-warns-flaws-medtronic-programmers

Feds Investigate After Hackers Attack Water Utility
The head of the Onslow Water and Sewer Authority said in a news release Monday that its internal computer system, including servers and personal computers, were subjected to what was characterized as “a sophisticated ransomware attack.”
https://www.securityweek.com/feds-investigate-after-hackers-attack-water-utility

NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
The massive NotPetya ransomware outbreak that crippled organizations around the world last year turns out to have links to the Industroyer backdoor, which targets industrial control systems (ICS) and took down the Ukrainian power grid in Kiev in 2016
https://threatpost.com/notpetya-linked-to-industroyer-attack-on-ukraine-energy-grid/138287/

Posted in Uncategorized.