Cyber pirates terrorising the high seas

By Nicholas Newman, April 18, 2019

Today’s pirates are just as innovative in the tactics and technologies they use as they were in historic times. Where once the likes of Henry Morgan, Captain Kidd and Blackbeard boarded ships and stole cargo, the modern-day pirate relies not on a cutlass but on hacking skills to obtain more ill-gotten gains than Blackbeard could ever have dreamed of.

Pirates’ interest in cyber tools is in part because of the interconnectedness of shipping with the global internet. Today, the world’s 51,000 vessels that carry around 90 per cent of the world’s freight are equipped with modern technologies such as industry 4.0, which are vulnerable to a range of hacking incidents. These incidents include the ghosting of GPS systems, taking over of command-and-control systems, disruption attacks, ransomware and even cyber commercial intelligence gathering.

Today’s digital piracy threats come not only from external adversaries but also from “disgruntled employees who may misuse their privileges to attack a system or exfiltrate important corporate data”, says Prakasha M Ramachandra of Aricent, a global design and engineering company.

Full article:

GPS spoofing: what’s the risk for ship navigation?

By Chris Lo

GPS spoofing – or GNSS spoofing more accurately – is a much-discussed cyber-threat to ship navigation systems. With the potential for paralysed shipping lanes, collisions and even untraceable piracy incidents, what is the current state of play between the shipping industry’s cyber-defences and the malicious actors who aim to cause chaos through GPS spoofing?

The shipping industry has been aware of the threat of GPS spoofing for years, but one incident in 2017 pushed the issue higher up the global news agenda. In June of that year, at least 20 vessels in the Black Sea, in the vicinity of Novorossiysk Commercial Sea Port, reported that their automatic identification system (AIS) traces erroneously showed their position as Gelendzhik Airport, around 32km inland.

The large number of vessels involved and the fact that all of the ships’ tracking systems placed them in the same nonsensical location, led to informed speculation – still unconfirmed officially – that the incident could be attributed to Russian testing of satellite navigation spoofing technology as part of its electronic warfare arsenal. . . . “Since then, there have been persistent concerns that the shipping industry may be vulnerable to GPS spoofing, raising the risk of keeping ships at sea longer than necessary to clear the confusion, as occurred in the Black Sea, or even dangerous scenarios such as ship collisions, either with other ships or with land. . . .

So what exactly is GPS spoofing, what threat does it pose to shipping, and what action should the industry be taking to reduce the risk?

Full article:

Report: Russian GPS Spoofing Threatens Safety of Navigation

By Dana A. Goward 2019-04-02

A new report by the non-profit analytic group C4ADS shows that Russian jamming and spoofing of GPS signals is far more extensive and frequent that previously thought.

The report – “Above Us Only Stars – Exposing GPS Spoofing in Russian and Syria” – outlines the discovery of almost 10,000 instances of spoofing detected over the course of two years impacting over 1,300 unique vessels. Ship locations ranged from the Mediterranean, Black Sea, and Gulf of Finland, to the waters off Vladivostok. While a majority of the vessels were in Russian territorial seas, a substantial number were in international waters.

Full article:

Full report:

Norway says it proved Russian GPS interference during NATO exercises

By Nerijus Adomaitis

Norway has electronic proof that Russian forces disrupted global positioning system (GPS) signals during recent NATO war games, and has demanded an explanation from its eastern neighbor, the Nordic country’s defense minister said on Monday.

Both Finland and Norway said in November that Russia may have intentionally disrupted GPS signals before and during Western military exercises, which also affected the navigation of civilian air traffic in the Arctic.

Both Norway and Finland protested to Russia, which dismissed those allegations when they were first made.

Full article:

The US Navy is ‘under cyber siege’ from Chinese hackers — and hemorrhaging national security secrets

By: Ryan Pickrell, Business Insider

An internal U.S. Navy review concluded that the service and its various industry partners are “under cyber siege” from Chinese hackers who are building Beijing’s military capabilities while eroding the U.S.’s advantage, The Wall Street Journal reported Tuesday.

Full article:

Senate Report Highlights Equifax ‘Neglect’ Before Data Breach (1)

By: Sara Merken, Bloomberg Law

Equifax Inc.’s years-long failure to prioritize cybersecurity left the company vulnerable to a data breach that exposed more than 145 million Americans’ personal information, a Senate subcommittee said in a bipartisan staff report.

“Equifax’s shortcomings are long-standing and reflect a broader culture of complacency toward cybersecurity preparedness,” the staff report said.

The company said it has made progress since the breach to strengthen its operations by hiring new technology officers and IT security professionals and increasing its technology and security spending by $1.25 billion between 2018 and 2020.

Full article:

Senate report:

FireEye publishes its 2019 #MTrends Report

Executive Summary

Over the past 10 years, we covered many different topics in our M-Trends® reports, including a primer on the exploitation life cycle, how attackers were hiding their activities, malware trends and case studies providing technical details into many of the investigations we performed.

On the surface, not much has changed over the past 10 years. 2018 was much like 2017, and 2017 like the preceding years. We continue to see large impactful incidents, though fewer high-profile public disclosures. Extortion cases are on the rise, assisted by cryptocurrency and other forms of non-attributable payment. Cryptocurrencies are also directly targeted via wallets, payment systems and miners.

The significant trends or shifts we saw in 2018 were:  

  • A significant increase in public attribution performed by governments. Recent years have seen a significant increase in private sector attribution of attack activity, but the past year saw a significant number of attacks publicly attributed by way of indictments from the U.S., U.K., Netherlands and Germany. Some of these were assisted by data from private sector companies such as FireEye. Governments have not changed their operational rules of engagement, but they are combating threats publicly through indictments.  
  • As more and more customers move to software as a service and cloud, attackers are following the data. Attacks against cloud providers, telecoms, and other organizations with access to large amounts of data have increased.

M-Trends 2019 looks at some of the latest trends revealed through FireEye incident response investigations by FireEye Mandiant. These include evolving APT activity in various regions, phishing risks during mergers and acquisitions, and some defensive trends that we consider best practices.

We also answer the question that everyone asks: As an industry, are we getting better at detecting threat actors? We are quite pleased to announce that the answer is a big yes. From October 1, 2017, to September 30, 2018, the global median dwell time was 78 days. That means attackers are operating for just under three months, on average, before they are detected. That’s roughly a quarter of the global median dwell time of 101 days in last year’s report—a modest improvement.

It wouldn’t be M-Trends if we didn’t include a variety of case studies to demonstrate exactly what we saw in the field that enabled us to provide the information in this report. This year, we show how early identification is key by diving into an incident involving attacker activity now attributed to the threat group TEMP.Demon. We also discuss an incident at a Southeast Asia-based international telecommunications company that started with an extortion email sent from the CEO’s work account by an attacker.

When we launched our first M-Trends report 10 years ago, we had one primary goal—and that hasn’t changed: to arm security teams with the knowledge they need to defend against today’s most often used cyber attacks, as well as lesser seen and emerging threats.

Full report:

Report: Concerted Global Cyber Attack Could Disrupt Global Economy

By: Anastasios Arampatzis, February 21, 2019

According to a hypothetical cyber risk scenario prepared by the Cyber Risk Management (CyRiM) project for risk management purposes, a ransomware strain that can disrupt more than 600,000 businesses worldwide within 24 hours would potentially lead to damages in the amount of billions of dollars.

Consequences of the attack are catastrophic, with organizations of all sizes in all sectors unable to perform day-to-day operations. The report shows a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, IT clean-up costs, ransom payments and supply chain disruption. As a result, some organizations opt to pay ransoms. Among them are healthcare companies, which need to keep life-saving equipment online.

No matter how companies choose to deal with the attack, the Lloyd’s report predicts that such an event would cost a total of $193 billion around the world as a result of cyber incident response, damage control and mitigation, business interruption, lost revenue and reduced productivity. To put that figure into perspective, it’s estimated that WannaCry caused a total of $4 billion in damages.

Full article:

Cyprus Beefs Up Hacking Defences as Attacks Show EU Vulnerabilities

By: Ruairi Kavanagh, February 22, 2019

Last December, a targeted hacking campaign – using tactics reportedly familiar to an elite unit of the Chinese People’s Liberation Army – compromised Cypriot digital networks, resulting in the leak of 1,100 European Union diplomatic cables. The attack exposed the fragility of cyber-security within European Union networks and gave added weight to those in Cyprus who have warned of the threat of cyber-attacks, and have worked hard to build up the nation’s defences.

. . .

As an island nation with a rich seafaring and shipping tradition, Cyprus also views the threat of maritime cyber-attacks extremely seriously.

Full article: