16 November 2018

IRM Weekly Cybersecurity Roundup: US stages power grid attack

Remote US island stages power-grid attack

A small island off the shore of Long Island has been the centre of a power-grid attack scenario organised by the Defense Advanced Research Projects Agency (DARPA). ‘Plum Island’ has only 840 acres, but has its own power plant, water treatment and security, making it the ideal location for a staged cyber-attack.

The exercise named “Liberty Eclipse” was designed to ensure that the US utility companies can bounce back from a power outage caused by a cyber-attack. The staging took one week and involved a mix of simulated cyber and physical attacks. For example, a data “wiper” modelled on a real-world ransomware case which threatened the ability of operators to recover their systems.

DARPA plans to publish a public report to cover any weaknesses discovered. They hope it will encourage best practice when dealing with critical national infrastructure attacks in the future.

You can read more here.

Rise of the robots

As of 12th November, over 200 British troops began testing over 70 types of futuristic technologies. Among the examples include enhanced surveillance drones and unmanned vehicles.

The month-long experiment named “Autonomous Warrior” will involve prototype aerial and ground vehicles to help reduce the danger for troops during combat. One of the key aims of the experiment is to ensure the “last mile” can be supported by the new technology. The “last mile” is the final approach to the combat zone when the resupply of food, fuel and ammunition are vital to keep troops alive.

Defence Secretary Gavin Williamson said: “The equipment could revolutionise our Armed Forces, keeping them safe and giving them the edge in an increasingly unstable world”.

You can read more here.

Hack and hack again

A feature that first appeared in WordPress version 3.6 – the GDPR compliance plugin – has been hacked . The plugin was designed to allow WordPress users to add consent tick boxes to their websites.  There is a vulnerability in the plugin – the “admin-ajax.php” request and configuration – which has allowed attackers to send malicious commands. Once stored and executed, hackers can use it to trigger WordPress actions of their own.

WordPress has discovered that hackers were utilising the vulnerability in two ways. By creating new administrative accounts to allow them to access the site and infect it with malware, and a more complex process of hijacking the ‘WooCommerce’ plugin where the objective unknown.

WordPress has now fixed the flaw and re-uploaded the plugin to the directory.

You can read more here.

Pakistan banking hack – cybersecurity lessons to be learned?

Following the Pakistani banking hack we covered last week, the Federal Investigation Agency (FIA) has asked Pakistani banks to upgrade their cybersecurity. After considerable sums of money were stolen from over 15 banks, the FIA’s request aims to increase international standards.

Despite the affected banks stating they were fulfilling the cybersecurity criteria, a body of intelligence officials were set up by the law ministry to formulate recommendations. The advice included upgrading their IT systems, using consultants for security planning and organising cybersecurity training to ensure they enhance in-house capability.

In addition, the FIA suggests that the banks require a “cyber emergency response team” to help counteract potential future attacks.

You can read more here.

Almost 50% of utilities bosses concerned over cyber-attacks

A survey has shown that 47% of utility executives are under pressure from the likelihood of a cyber-attack. The figures showed that 40% of CEOs felt unprepared to identify new cyber threats. If a cyber-attack was to occur, over 30% wouldn’t feel confident managing external stakeholders.

Many of the executives surveyed recognised that cybersecurity specialists are one of the most important new roles to introduce into the business. This is to ensure cyber defence, but also to prepare for potential attacks.

The survey indicates that the executives also understand the importance of protecting customers’ data assets in the utilities industry, but are struggling to meet the requirements that cybersecurity demands.

You can read more here.

Malay media company recovers from ransomware attack

A media company in Kuala Lumpur, Media Prima, is continuing business as usual after last week’s ransomware attack affected their databases. Despite recovering their systems, the company is still unsure on the extent of data loss and are only currently aware of some lost computer files.

Although a ransom was demanded (allegedly 1,000 bitcoins), Media Prima has not confirmed whether they have decided to pay it or not. Unfortunately, the company data was most recently backed up a couple of months ago.

You can read more here.

To receive this blog post direct to your inbox every week, sign up to our newsletter.

Next week, we are hosting a webinar on cybersecurity in the engineering realm – click the image below to learn more about what will be covered and to sign up.