Skip Navigation

Critical Infrastructure News

Maritime Companies Warned of Cyber Attacks

The International Maritime Bureau (IMB) is asking shipping and maritime companies to be vigilant to the potential commercial impact that cyber attacks can cause.  IMB says that cybersecurity is not only about trying to identify and to prevent systems on board ships from getting hacked. “There is also a very real danger that emails being sent to and from ships are monitored or altered. This could have huge commercial effect on vessels,” an IMB spokesman said.

At its recent Maritime Safety Committee meeting, the International Maritime Organization approved interim guidelines on maritime cyber risk management. The recommendations are aimed at enabling stakeholders to take necessary steps to safeguard shipping from current and emerging threats and vulnerabilities related to digitization, integration and automation of processes and systems in shipping.

A new study led by England’s Plymouth University’s Maritime Cyber Threats Research Group established that vessels are under significant threat of cyber attack because many are carrying outdated software and were not designed with cybersecurity in mind.

It said traditionally, attacks on ships have included piracy, boarding and theft, and while these attacks have often been successful and continue, they are well understood. In contrast, the research says cyber attacks are stealthier, and have a range of potential implications including business disruption, financial loss, damage to reputation, damage to goods and environment, incident response cost, and fines and/or legal issues.

The research suggests maritime cyber attacks would most likely target systems responsible for navigation, propulsion, and cargo-related functions, with many incentives for attackers, given that over 90 percent of world trade occurs via the oceans. It adds that operators could easily mitigate against such dangers by updating security systems, improving ship design and providing better training for crews.

Source: Security Magazine

Banks urged to tighten security as hacks continue

SWIFT, the messaging network that connects the world's banks, says it has identified new hacks targeting its members, and it is warning them to beef up security in the face of "ongoing attacks." It did not name the banks affected.  The warning follows cyberattacks on banks in Bangladesh, Vietnam, the Philippines and Ecuador in which malware was used to circumvent local security systems, and in some cases, steal money.  An attack on Bangladesh's central bank yielded $101 million. Ecuador's Banco del Austro was hit for $12 million.

The message from SWIFT, which was first reported by Reuters, urges banks to protect themselves against the "persistent, adaptive and sophisticated" attacks, which use a similar method to crack their local security systems.  "These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers' local environments and input the fraudulent messages," SWIFT said.  SWIFT did not say how many new attacks had been discovered. The company says that its network and core messaging services have not been compromised by the attacks.

 

In each documented case, the criminals followed the same basic pattern:

·         Attackers used malware to circumvent a bank's local security systems.

·         They gained access to the SWIFT messaging network.

·         Fraudulent messages were sent via SWIFT to initiate cash transfers from accounts at larger banks.

 

SWIFT CEO Gottfried Leibbrandt warned in May that more attacks could have occurred.  "The Bangladesh fraud is not an isolated incident: we are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts," he said.  Leibbrandt said the method of attack is much more serious than a typical data breach or theft of customer information. Instead, the loss of control over payment channels could bring down a bank.

"In the recent cases, thieves were able to move just some of those banks' overseas assets," he said. "As a result, for the banks concerned, the events haven't been existential. The point is that they could have been."  SWIFT is taking extra measures to secure client banks, including sharing more information, supporting security audits and introducing tougher requirements for local bank computer networks.  Cybersecurity researchers have suggested that a hacking team known as "Lazarus" is responsible for the attacks. In May, U.S. law enforcement officials told CNNMoney that the attackers may be linked to North Korea.

Source: CNN Money

University hit 21 times in one year by ransomware

Universities and NHS trusts in England have been hit hard by ransomware in the last year, according to Freedom of Information requests carried out by two cybersecurity firms.  Bournemouth University, which boasts a cybersecurity centre, has been hit 21 times in the last 12 months.  Twenty-eight NHS Trusts said they had been affected.

Ransomware is a form of computer malware which encrypts files and then demands a ransom for their release.  It can travel via email or hide in downloadable files and programmes from corrupted sites and applications, and the ransom is usually payable in bitcoins.

Cybersecurity firm SentinelOne contacted 71 UK universities. Of the 58 which replied, 23 said they had been attacked in the last year.  None of them said it had paid a ransom but the largest sum demanded was five bitcoins (about $2,900 or £2,200), the firm said.  Only one university had contacted the police.

According to the report, two of the institutions said they did not use anti-virus software. Both have been contacted for comment.  Bournemouth University confirmed the attacks but said: "It is not uncommon for universities to be the target of cybersecurity attacks; there are security processes in place at Bournemouth University to deal with these types of incident." It added that there had been "no impact" on its activity as a result of the attacks.

In a separate study, security firm NCC Group asked every NHS Trust in England whether it had been a victim of ransomware.  Of the 60 responses, 28 said they had experienced an attack, one said it had not and 31 declined to comment on the grounds of patient confidentiality.  "Paying the ransom - which isn't something we would advise - can cost significant sums of money, yet losing patient data would be a nightmare scenario for an NHS Trust," said Ollie Whitehouse, technical director at NCC Group.

According to the US government, ransomware attacks in America have increased in frequency by 300% year on year in 2016, with 4,000 incidents a day now being reported.  It advises that "prevention is the best defence" and suggests the use of spam filters, firewalls, anti-virus programmes and employee training for businesses - as well as regular data back-ups.  If a computer is infected it should be removed from any network and switched off as soon as possible.

Source: BBC

Security Alerts are Ignored 90% of the Time

People ignore software security warnings up to 90 percent of the time, according to a new study from Brigham Young University.  The cause, according to the study, is an inability to multitask.  "While these [alerts] provide timely information, research shows they come at a high cost in terms of increased stress and decreased productivity," BYU team said in the study's abstract. "This is due to dual-task interference (DTI), a cognitive limitation in which even simple tasks cannot be simultaneously performed without significant performance loss."  The study, which had participants use a computer while attached to sensors measuring brain activity, found that focusing on a security alert drastically reduces our ability to keep on doing whatever it is we were doing before the alert -- even something simple, like watching a video.  Seventy-four percent of participants shunned the alert if they were in the middle of closing a webpage, and 87 percent ignored an alert that popped up while they were entering a confirmation code.  Jeff Jenkins, lead author of the study said that the problem can be fixed simply by changing the timing of the warnings.  “Waiting to display a warning to when people are not busy doing something else increases their security actions substantially.”

Source: Security Magazine

Delta still digging out on Day 3

Delta Airlines, which has been scrambling ever since a six-hour global shutdown on Monday, said it is starting Wednesday with about 150 canceled flights across its system. The day before, 250 were canceled in the early hours.  "The bulk of delays and cancellations are coming as a result of flight crews displaced or running up against their maximum allowed duty period following the outage," said Delta.  Delta is the world's second largest airline and has invested hundreds of millions of dollars in the past three years building up its infrastructure.  The airline's statement said it hopes to resume more normal operations by mid-to-late afternoon Wednesday, though it warned that forecasts of thunderstorms in the eastern United States could delay its return to normal.  Delta's woes started in the early hours Monday when a power outage at its Atlanta operations center took its computer system offline, grounding flights around the world.  Since Monday the problems have built up throughout the day, as canceled flights reached about 800 by the end of the day Tuesday, on top of about 1,000 cancellations on Monday.

But in the midst of the busy summer travel season, finding seats to accommodate all the affected passengers has been a nightmare for the airline. And it has ended up with aircraft and crews out of position to cover all the scheduled flights, which is why there are continued cancellations more than 48 hours after the initial problem.  Experts agree the tight schedule airlines run is why it's so difficult to recover from a major problem like the one Delta experienced.  Southwest Airlines (LUV) experienced the same kind of three-day problem from a computer glitch late last month.

Source: CNN MONEY