DHS Office of Cybersecurity & Communications
CYBER NEWS SPOTLIGHT INSIGHT ON CYBERSECURITY NEWS & TRENDS FOR CRITICAL INFRASTRUCTURE Op April 2014
TABLE OF CONTENTS CHEMICAL ...... 2 COMMERCIAL FACILITIES ...... 2 COMMUNICATIONS ...... 3 CRITICAL MANUFACTURING ...... 5 DAMS ...... 6 DEFENSE INDUSTRIAL BASE ...... 6 EMERGENCY SERVICES ...... 7 ENERGY ...... 8 FINANCIAL SERVICES ...... 10 FOOD & AGRICULTURE ...... 11 GOVERNMENT FACILITIES ...... 12 HEALTHCARE & PUBLIC HEALTH ...... 13 INFORMATION TECHNOLOGY ...... 14 NUCLEAR ...... 15 TRANSPORTATION ...... 16 WATER ...... 17 CROSS SECTOR ...... 18
Department of Homeland Security Disclaimer - The Office of Cybersecurity & Communications Industry Engagement and Resilience Branch’s Cyber News Spotlight is a non-commercial publication intended to educate and inform personnel engaged in cyber infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranties with respect to this Cyber News Spotlight, including no warranty of ownership of any original copyrights, or of accuracy with respect to the original source material. DHS does not endorse any resources linked to or referenced in this Cyber News Spotlight or the contents of such resources.
CHEMICAL April 25, Wisconsin – Mass casualty exercise to take place in Portage Saturday, Portage Daily Register: http://www.wiscnews.com/news/local/article_0605d68a-3d65- 54d7-b8ff-b21e262672ee.html
Context: A city in Wisconsin will test its disaster response preparedness in an exercise involving the explosion of a facility containing hazardous chemicals. The exercise is intended to test communications and coordination in the event of a real disaster. The exercise also displays how testing alert and information-sharing systems across multiple entities can help ensure a timely and effective response among chemical industry owners and operators, government leaders, emergency responders, and healthcare providers.
April 23, United States – Chemical Safety Board releases preliminary findings in West Fertilizer investigation, BLR: http://safety.blr.com/workplace-safety-news/hazardous- substances-and-materials/chemical-hazards/Chemical-Safety-Board-releases-preliminary- finding/ Context: Since the Texas chemical plant explosion in 2013, both chemical safety and incident response have gained renewed interest among government agencies and first responders. This article reveals some of the key preliminary findings of the investigation, including the need to develop better guidance regarding the storage and handling of ammonium nitrate, the main chemical involved in the explosion. The article highlights the importance of previous guidance that calls for automatic sprinkler and fire detection systems, which can help monitor, alert, and communicate hazardous conditions to plant operators and emergency responders.
COMMERCIAL FACILITIES
April 23, United States – Phishers divert home loan earnest money, Krebs on Security: http://krebsonsecurity.com/2014/04/phishers-divert-home-loan-earnest-money/ Context: According to the article, cyber criminals have begun intercepting emails associated with housing down payments in order to steal money. The article states that the criminals send prospective borrowers phishing emails that mimic legitimate emails sent by a title insurance company to facilitate wire transactions. However, the emails change the company’s bank account information so that the money is sent to the criminals instead. This article highlights how consumers can be vulnerable to spoofed emails during real estate transactions, especially involving online money transfers. April 21, United Kingdom – Web scam attacks target World Cup ticket buyers, Internet experts warn, Metro: http://metro.co.uk/2014/04/21/web-scam-attacks-target-world-cup- ticket-buyers-internet-experts-warn-4704809/ Context: Soccer fans looking for World Cup merchandise and tickets are encountering fraudulent websites that pose a cybersecurity threat. The article states that fraudulent websites and mobile applications claiming to be associated with the World Cup have appeared and could be used to distribute malware to steal personal information. The article demonstrates how major sporting events can be used by malicious actors to conduct cyber crime.
PAGE 2
April 14, Massachusetts – U.S. retailers to share cyber threat data after Target attack, Chicago Tribune: http://www.chicagotribune.com/business/sns-rt-us-retail-cybersecurity- 20140414,0,6201954.story Context: The National Retail Federation plans to form an Information Sharing and Analysis Center (ISAC) focused on the retail industry that will be operational by June 2014. According to the article, retailers experienced problems obtaining information about cyber attacks after a major breach of a large retailer occurred in late 2013. This article highlights how retailers are collaborating to share information among themselves to identify threats faced by the entire industry. April 8, New Jersey – Judge rules FTC can sue Wyndham over cyber security lapses, Fox Business: http://www.foxbusiness.com/industries/2014/04/08/us-ftc-can-sue-hotel- group-over-poor-data-security-court-rules/ Context: A judge ruled that a U.S.-based hotel chain can be sued by the Federal Trade Commission (FTC) over cyber security lapses. According to the article, the FTC suit alleges that the hotel chain’s inadequate cybersecurity led directly to the theft of customer data. The article demonstrates that businesses could be subject to litigation in addition to the costs directly associated with the cyber incidents.
Additional Reading: April 23, United States – Media and entertainment industry targeted in cyberattacks, CSO: http://www.csoonline.com/article/2146983/media-and-entertainment-industry-targeted-in-cyberattacks.html April 17, United States – 3 million customer credit, debit cards stolen in Michaels, Aaron Brothers breaches, Krebs on Security: http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards- stolen-in-michaels-aaron-brothers-breaches/ April 17, Washington, D.C. – Agency: Target hackers may take years to find, Associated Press: http://www.usatoday.com/story/money/business/2014/04/17/target-breach-investigation-secret- service/7830893/ April 7, United States – Neiman Marcus breach linked to Russians who eluded U.S., Bloomberg: http://www.bloomberg.com/news/2014-04-07/neiman-marcus-breach-linked-to-russians-who-eluded-u-s- .html April 2, United Kingdom – Manchester City become first Premier League club to offer free WIFI at their stadium, Express: http://www.express.co.uk/news/science-technology/468273/Manchester-City-become- first-Premier-League-club-to-offer-free-WIFI-at-their-stadium
COMMUNICATIONS
April 25, International – Mobile bots grow 1,000% in 2013, Infosecurity: http://www.infosecurity-magazine.com/view/38135/mobile-bots-grow-1000-in-2013/ Context: A report found an increase of 1,000 percent in mobile botnet traffic in 2013. According to the article, the improvement in LTE networks and the rise in smartphone usage have facilitated the growth in mobile botnets, which use increasing amounts of bandwidth. This finding reflects how the rising number of mobile botnets and the growing volume of traffic they generate will continue to be a problem of mobile network operators and their ability to provide reliable mobile services.
PAGE 3
April 25, International – Vulnerability in Viber allows intercept of images, videos, Threatpost: http://threatpost.com/vulnerability-in-viber-allows-intercept-of-images- videos/105705 Context: Researchers discovered a vulnerability in a popular voice-over-IP application that would leave users’ video and picture messages open to interception. Although user text messages are encrypted, the article states that video and picture messages were unencrypted and did not need authentication to be accessed. This discovery highlights the role of encryption and authentication in protecting the privacy of users’ communications. April 17, International – Satellite communications wide open to hackers, Dark Reading: http://www.darkreading.com/vulnerabilities---threats/satellite-communications- wide-open-to-hackers/d/d-id/1204539 Context: A report found that some satellite terminals have vulnerabilities associated with encryption, passwords, and backdoors that could be exploited to hijack, spoof, or otherwise tamper with communications. According to the article, some of the vulnerabilities can be easily exploited, without the sophistication and expertise previously needed to attack satellite communications. These findings highlight a shift in the profile of actors able to tamper with satellite communications because a malicious actor no longer needs government resources to exploit certain satellite vulnerabilities. March 28, International – Google yanks two battery-sucking Bitcoin mining Android apps from Play store, ZDNet: http://www.zdnet.com/google-yanks-two-battery-sucking- bitcoin-mining-android-apps-from-play-store-7000027828/ Context: A security researcher discovered two Android applications that contained malware designed to mine crypto-currencies. The article indicates that the applications only mined for crypto- currencies while the mobile devices were charging. Although mining for crypto-currencies using mobile devices is not as effective as with traditional computers, the emergence of mining applications designed for mobile phones underlines how a critical mass of mobile malware can clog up data flows on a mobile network.
Additional Reading: April 25, United Kingdom – EE and Three's voicemail systems hacked using number-cloning trick, Engadget: http://www.engadget.com/2014/04/25/ee-three-voicemail-hacking/ April 23, United Kingdom – SMS spam rises in UK as 'accident compensation' scammers get busy, CSO: http://www.csoonline.com/article/2147062/sms-spam-rises-in-uk-as-accident-compensation- scammers-get-busy.html April 20, International – Easy-to-use NTP amplification emerges as common DDoS attack vector, eWeek: http://www.eweek.com/security/easy-to-use-ntp-amplification-emerges-as-common-ddos-attack- vector.html April 6, International – Gov't contractor Klas Telecom responds to getting hacked by NullCrew, ZDNet: http://www.zdnet.com/govt-contractor-klas-telecom-responds-to-getting-hacked-by-nullcrew-7000028102/ April 4, International – BlackBerry pushes upcoming BBM Protected for end-to-end encrypted messaging, Computerworld: http://www.computerworld.com/s/article/9247453/BlackBerry_pushes _BBM_Protected_for_end_to_end_encrypted_messaging
PAGE 4
CRITICAL MANUFACTURING
April 18, Alabama – UAH planning for regional vehicle manufacturing center, WHNT: http://whnt.com/2014/04/18/uah-planning-for-regional-vehicle-manufacturing-center/
Context: An Alabama university and manufacturers in the area announced plans to create manufacturing research center focused on cars, planes, and trains, among other modes of transportation. According to the article, participants in the research centers will produce large amounts of data for use in the manufacturing process, and the research center will provide cybersecurity capabilities to the participants. The proposed research center is an example of cybersecurity being recognized as an issue for manufacturers even before the research center is established.
April 9, United States – Microsoft targets cars in Internet of things push, eWeek: http://www.eweek.com/mobile/microsoft-targets-cars-in-internet-of-things-push.html Context: A large software provider presented a prototype of its Internet-of-things platform for cars at a recent conference. According to the article, developers will be able to design applications for the platform, and customers will be able to connect their devices to the car’s computer. Although a prototype at this stage, the development of this platform reflects the continued trend of software providers working with auto manufacturers to incorporate Internet connectivity into their cars. April 8, International – How will big data affect manufacturing? Manufacturing Business Technology: http://www.mbtmag.com/articles/2014/04/how-will-big-data-affect- manufacturing Context: This article discusses the results of a survey about the potential use of big data analytics in the manufacturing industry. Although big data analysis remains in its early stages, the survey indicates that manufacturers are interested in using big data to forecast production, understand plant performance, and support customers, among a number of potential uses. These survey results highlight the abundance of proprietary data that manufacturers hold in their own servers or store with third-party vendors. March 31, International – Tesla cars' weak password protocol could allow remote unlock, locating, SC Magazine: http://www.scmagazine.com/tesla-cars-weak-password- protocol-could-allow-remote-unlock-locating/article/340520/ Context: A security researcher demonstrated how passwords for certain cars could be deciphered at a March 2014 security conference. According to the article, the car’s manufacturer required a six-character password to access the car’s features. The manufacturer has since implemented a password lockout feature to thwart password cracking attempts. The researcher’s findings demonstrate the extent to which auto manufacturers must address cybersecurity issues during the manufacturing process of their products.
Additional Reading: April 23, Austria – What is the fourth industrial revolution? Manufacturers’ Monthly: http://www.manmonthly.com.au/features/what-is-the-fourth-industrial-revolution April 17, International – Supply chain risks in manufacturing can be mitigated by using clean IT: CII, Dataquest: http://www.dqindia.com/dataquest/news/213240/supply-chain-risks-manufacturing-mitigated- clean-it-cii
PAGE 5
DAMS
April 25, International – Remote surveillance of dams, International Water Power & Dam Construction: http://www.waterpowermagazine.com/features/featureremote-surveillance- of-dams-4220501/ Context: The article discusses how remotely operated vehicles (ROVs) are now being used in different countries to conduct dam inspections and gather scientific data. These ROVs demonstrates how technology is being used to ensure dam and inspection safety and to decrease the costs to owners and operators that are associated with these maintenance activities. April 15, Australia – Data flow puts Tassie farmers in the know, Denver Sun: http://www.theaustralian.com.au/technology/data-flow-puts-tassie-farmers-in-the- know/story-e6frgakx-1226884252592# Context: Sensors and gauges are used to monitor and gather data on myriad environmental and structural factors. Australian farmers are using sensors and gauges to better manage resources through a new sensor network. According to the article, the technology has a web-enabled dashboard that has helped farmers better understand the irrigation system, allowing them to maintain proper water levels, understand the impacts of weather, and improve the health of an Australian river. The system represents the continued trend of leveraging technology to improve the efficiency and effectiveness of operations among dams.
DEFENSE INDUSTRIAL BASE
April 21, United States – Deltek breach raises questions about widespread hacking, NextGov: http://www.nextgov.com/cybersecurity/2014/04/deltek-breach-raises-questions- about-widespread-hacking/82867/?oref=ng-channeltopstory Context: Thousands of login and financial credentials were compromised through a network breach of a company widely used within the defense industry. According to the article, the intruder was able to obtain the information by exploiting Adobe ColdFusion vulnerabilities and carrying SQL injection attacks. The article suggests that the incident may be connected to other breaches of federal networks. This breach demonstrates that both defense industry and federal civilian networks continue to be threatened by attempts to steal personal information. April 15, Malaysia – BAE shifts cyber software development to Malaysia, Defense News: http://www.defensenews.com/article/20140415/DEFREG03/304150023/BAE- Shifts-Cyber-Software-Development-Malaysia Context: A large British defense contractor is establishing a cyber hub focused on cyber software development in Malaysia. According to the article, the hub will focus on providing cybersecurity and national security solutions for the Southeast Asia market. This business expansion reflects the globalized nature of cybersecurity software development among defense contractors and how security products can be developed across multiple locations. April 11, United States – DOD taking new look at commercial cloud, Federal Times: http://www.federaltimes.com/article/20140411/FEDIT01/304110009/DoD-taking-new-look- commercial-cloud Context: This article discusses the role that commercial cloud storage and cloud services could have within the Department of Defense (DOD). According to the article, DOD has traditionally operated its own data centers, which provides greater risk transparency. A security official notes
PAGE 6
that DOD storage policies could change as a result of cost effective commercial cloud solution offerings. A shift to commercial cloud services could impact how the defense industry supports DOD data management functions. April 7, United States – Navy to finish moving IT network to NGEN contract by September, Federal News Radio: http://www.federalnewsradio.com/?nid=412&sid =3597709 Context: The Navy plans to transition its enterprise IT network to a new contract structure by September 2014. According to the article, the Next Generation Enterprise Network will entirely replace the existing Navy-Marine Corps Intranet, marking a shift from an outsourced IT program to an in-house model with contractor support. This transition reflects the wider movement toward insourcing IT services within the Department of Defense (DOD), which may affect how the defense industry supports DOD IT services.
Additional Reading: April 25, United States – Lawmakers want Pentagon to clarify cloud security standards, Nextgov: http://www.nextgov.com/cloud-computing/2014/04/lawmakers-want-pentagon-clarify-cloud-security- standards/83245/ April 22, United States – Contractors affected by the US cybersecurity requirements: take part in the GWAC comment process, The Lawyer Security: http://www.thelawyer.com/briefings/contractors-affected- by-the-us-cybersecurity-requirements-take-part-in-the-gwac-comment-process/3019611.article April 15, United States – DIA focuses on integration, cyberspace, Defense News: http://www.defense news.com/article/20140415/C4ISRNET13/304150039 April 14, Germany – Germany's Space Centre 'hacked by cyber spies', SC Magazine: http://www.scmagazineuk.com/germanys-space-centre-hacked-by-cyber-spies/article/342464/ April 13, United States – You Can Track Your F-35s, At ALIS’ Maintenance Hub, Defense Industry Daily: http://www.defenseindustrydaily.com/you-can-track-your-f-35s-at-alis-maintenance-hub-04368/
EMERGENCY SERVICES
April 15, Santa Ana, CA – Cops: Sex offender serial murder suspects wore GPS trackers, CBS News: http://www.cbsnews.com/news/cops-parolee-rape-murder- suspects-wore-gps-trackers/ Context: Two men have been arrested for raping and murdering four women. The men, both registered sex offenders, were on parole and wearing geo-positioning system-enabled ankle bracelets while allegedly committing the crimes. The article states that while that it is unclear how registered sex offenders under police surveillance were able to commit the offenses, local law enforcement authorities reported that the bracelets provided investigative assistance that led to the suspects’ arrest. This case highlights the role that geo-positioning devices can play in criminal investigations, as well as the potential limits of these devices in preventing crime. April 11, United Kingdom – UK police ill-equipped to deal with cyber attacks, SC Magazine: http://www.scmagazineuk.com/uk-police-ill-equipped-to-deal-with-cyber- attacks/article/342284/ Context: A report by the British Government found that only three out of 43 English and Welsh police departments were prepared to handle a cyber incident. The article cited work at the national level in Great Britain to fight cyber threats, but the limited ability of local law enforcement to respond would limit the effectiveness of national level initiatives. These findings reflect how law
PAGE 7
enforcement at the local level faces responding to cyber crimes in addition to more common, traditional crimes. April 11, Anchorage, AK – Former APD officer sentenced for criminal database snooping, KTUU: http://www.ktuu.com/news/news/former-apd-officer-sentenced-for- criminal-database-snooping/25441412 Context: A former Anchorage Police Department officer was sentenced for illegally accessing a police database to search for information about pending criminal charges involving friends and family, according to the article. This incident highlights how insider threats and improper access to law enforcement databases continue to be a problem. The incident also illustrates how insider threats have a variety of motivations for improperly accessing sensitive information, ranging from personal gain to financial or political reasons. April 2, United States – Anonymous linked to hack of Albuquerque police amid shooting protests, FoxNews: http://www.foxnews.com/us/2014/04/02/anonymous- hacks-albuquerque-police-amid-shooting-protests/ Context: A New Mexico police department’s website was temporarily rendered inaccessible due to a distributed denial of service attack that coincided with street protests against the department’s alleged use of excessive force. Officials have not revealed the attack’s perpetrators, according to the article. Hacktivist collective Anonymous threatened to target the department just before the attack for the department’s alleged abuses, which was reported on in the March 2014 issue of the Cyber Spotlight News. This attack highlights the existence of a hacktivist threat to police departments that coincides with unpopular incidents.
Additional Reading:
April 17, Allentown, PA – Allentown unveils 911 texting service; call it next-generation technology, The Morning Call: http://articles.mcall.com/2014-04-17/news/mc-allentown-text-message-911-service- 20140417_1_texting-service-assistant-chief-keith-morris-verizon-customers April 15, Olympia, WA – Questions for CenturyLink on Washington 911 outage, Associated Press: http://www.katu.com/news/local/Questions-for-CenturyLink-on-Washington-911-fail-255355571.html April 9, United States - Next-generation 911: what you need to know, Emergency Management: http://www.emergencymgmt.com/safety/Next-Generation-911-What-You-Need-to-Know.html April 8, United States – Public safety workers to get GIS tools and training, GCN: http://gcn.com/ articles/2014/04/08/napsg-esri.aspx April 1, United States – Emergency management: there's an app for that, Emergency Management: http://www.emergencymgmt.com/training/Emergency-Management-App.html?page=2&
ENERGY
April 23, Washington, D.C. – Cybersecurity quickly trumping physical security, FierceSmartGrid: http://www.fiercesmartgrid.com/story/cybersecurity-quickly-trumping- physical-security/2014-04-23 Context: The U.S. Justice Department released a ruling that allows companies to share data on cyber intrusions to better secure their networks. The article states that the ruling alleviates antitrust concerns about sharing information among companies. The ruling will allow for greater collaboration within the energy industry to identify potential threats and share cybersecurity information.
PAGE 8
April 22, United States – IT security in utilities, Intelligent Utility: http://www.intelligent utility.com/article/14/04/it-security-utilities Context: Energy and utility enterprises are increasingly the target of cyber attacks. According to the article, the Department of Homeland Security revealed that energy companies were the target of 53% of reported cyber attacks during the first six months of 2013. The article also states that utilities have traditionally focused on the physical security of their systems instead of cyber security. These findings reflect how malicious actors continue to attack energy infrastructure. April 21, United States - Drones are becoming energy's new roustabouts, The New York Times: http://www.nytimes.com/2014/04/22/business/energy-environment/drones- are-becoming-energys-new-roustabouts.html Context: Energy companies have increased their use of drones to assist in managing assets spread over a large geographic area. The article states that drones operate autonomously, use GPS and pre-programmed flight plans, and store their data with cloud providers. This article highlights how energy companies are increasingly using autonomous devices and cloud storage to conduct their operations. April 7, United States – Security holes in power grid have federal officials scrambling, Los Angeles Times: http://articles.latimes.com/2014/apr/07/nation/la-na- grid-security-20140407 Context: Security holes identified in networks of energy companies have alarmed both private industry and U.S. government officials. According to the article, the increase in the use of cyber systems to manage the electrical grid has opened up utilities to potential attacks from malicious actors. The article also highlights how some energy companies are unable to obtain cyber insurance policies because of weaknesses in their cybersecurity measures. These findings highlight weak cybersecurity measures can have a range of consequences from a data breach to the inability to transfer risk. Additional Reading:
April 27, International – Cyber security must be enhanced in oil & gas, Arabian Oil and Gas: http://www.arabianoilandgas.com/article-12351-cyber-security-must-be-enhanced-in-oil-gas/ April 27, United States – Cyber firms look to move the electrical grid, The Washington Post: http://www.washingtonpost.com/business/on-it/cyber-firms-look-to-move-the-electrical-grid/2014/04/27/ 4e3163f2-cb06-11e3-93eb-6c0037dde2ad_story.html April 25, United States – Satellite imaging to offer sharper view of remote oil, gas operations, Rigzone: http://www.rigzone.com/news/oil_gas/a/132767/Satellite_Imaging_to_Offer_Sharper_View_ of_Remote_Oil_Gas_Operations April 14, Connecticut – Connecticut’s plan to defend power grid from cyber attacks, CT Mirror: http://ctmirror.org/connecticuts-plan-to-defend-power-grid-from-cyber-attacks/ April 6, Colorado – Cyber attacks also a concern of oil and gas industry, not just retail chains, Greeley Tribune: http://www.greeleytribune.com/news/10882084-113/cyber-oil-attacks-security
*This sector is also included in one article in the Cross Sector section.
PAGE 9
FINANCIAL SERVICES
April 23, United Kingdom – Bank clerks accused of £2m fraud involving Lloyds TSB, Oxford Mail: http://www.oxfordmail.co.uk/NEWS/11164434.Bank_clerks_accused_of___ 2m_fraud_involving_Lloyds_TSB/ Context: Three employees of a British bank were accused of installing a device onto one of the bank’s computers to steal more than £2 million. According to the article, the employees accessed the bank’s systems remotely to transfer the funds out. This incident highlights both the importance of physical security to banking terminals and the continued problem of insider threats. April 21, United States – SEC seeks data on cyber security policies at Wall Street firms, Computerworld: http://www.computerworld.com/s/article/9247802/SEC_seeks _data_on_cyber_security_policies_at_Wall_Street_firms Context: The Securities and Exchange Commission (SEC) included cybersecurity for the first time in its National Examination Program. The article states that the SEC has requested cybersecurity information to establish the preparedness levels of broker-dealers and investment advisors in the event of a cyber attack. Although previous examinations have looked at overall company risk management and data security policies, this examination’s emphasis on cybersecurity reflects the extent to which cyber threats affect non-bank entities within the financial industry. April 8, International – Zeus variant contains legitimate certificate, Infosecurity: http://www.infosecurity-magazine.com/view/37879/zeus-variant-contains-legitimate- certificate/ Context: A security vendor discovered a version of the Zeus banking Trojan signed with a legitimate digital certificate. According to the article, antivirus software is less likely to flag digitally signed malware as a threat. This variant of the Zeus Trojan is indicative of a growing trend of digitally signed malware designed to take advantage of the trust associated with legitimate certificates or evade standard detection protocols. April 4, United States – New federal rule requires banks to fight DDoS attacks, Networkworld: http://www.networkworld.com/news/2014/040414-banks-ddos-280425.html Context: New Federal Financial Institutions Examinations Council regulations require banks to monitor for and mitigate against distributed denial of service (DDoS) attacks. The article states that this requirement represents a regulatory approach to combatting the DDoS attacks that have plagued a number of banks since a high-profile DDoS campaign in the second half of 2012. The new regulations also reflect an acknowledgment of the extent to which DDoS attacks degrade the ability of banks from providing services to their customers.
Additional Reading: April 29, United States – Vishing attacks targeting dozens of banks, Threatpost: http://threatpost.com/ vishing-attacks-targeting-dozens-of-banks/105774 April 24, United Kingdom – Thieves break into bank, hack into computers and steal over £1.25 million…but get caught, The Journal: http://www.thejournal.ie/bank-robbery-cybercrime-london-1431783- Apr2014/ April 24, United Kingdom – Ethical hackers 'to target 20 UK banks,' Sky News: http://news.sky.com/ story/1248595/ethical-hackers-to-target-20-uk-banks April 17, International – Facebook users targeted by Ibanking Android Trojan app, CIO: http://www.cio. com/article/751624/Facebook_Users_Targeted_By_Ibanking_Android_Trojan_App
PAGE 10
April 3, United States – Banking watchdog warns about possible hacking of ATMs, UPI: http://www.upi. com/Business_News/2014/04/03/Banking-watchdog-warns-about-possible-hacking-of-ATMs/86413965 51345
*This sector is also included in one article in the Cross Sector section.
FOOD & AGRICULTURE
April 15, United Kingdom – Farmers frustrated by online SPS problems, Farmers Weekly: http://www.fwi.co.uk/articles/15/04/2014/144161/farmers-frustrated-by-online- sps-problems.htm Context: Some farmers in the United Kingdom are experiencing computer problems when submitting farm payment application forms online. According to the article, farmers can choose to submit paper applications but there is currently a plan to transition to an online-only application in 2015. The incident highlights the global growing use of online services to connect stakeholders in the agriculture industry to government agencies and the potential consequences when there are outages in these services. April 14, United States – Audit shows NASS crop report vulnerability, High Plains Journal: http://www.hpj.com/archives/2014/apr14/apr14/0408LockupWoesLDsr.cfm Context: A report published by the U.S. Department of Agriculture Office of the Inspector General indicates that the National Agricultural Statistics Service has physical and cybersecurity vulnerabilities that may endanger the security of commodity data. According to the article, sensitive information about commodities could lead to unfair trading in commodity markets if the information stolen or leaked. This report highlights the sensitivity of some forms of agricultural data and the potential financial impact of security lapses. April 14, United States – USDA rolls out mobility management as a service, GCN: http://gcn.com/articles/2014/04/14/usda-mobile.aspx Context: The U.S. Department of Agriculture (USDA) is implementing a new system to manage use of government-issued and personal mobile devices employed for business purposes. According to the article, U.S. Government agencies have been concerned about the security of adopting mobile solutions. The article highlights the growing role that mobile devices have on the government side of the food and agriculture industries and that device and data security remain considerations when adopting new technology. April 13, United States – 'Panera 2.0’ will allow for easy mobile or online ordering, Seattle Times: http://seattletimes.com/html/businesstechnology/2023364846_inperson paneraceoxml.html Context: A national restaurant chain is planning to expand online ordering from the testing phase to all of its 1,700 locations in the next few years. Restaurants offering online ordering capabilities continue a growing trend in the restaurant industry covered in the March 2014 and February 2014 issues of the Cyber News Spotlight.
Additional Reading: April 22, Easton, NY – With farm robotics, the cows decide when it’s milking time, New York Times: http://www.nytimes.com/2014/04/23/nyregion/with-farm-robotics-the-cows-decide-when-its-milking-time.html April 17, Vermont – Small food companies win big with new lot tracking software, The Bridge: http://www.montpelierbridge.com/2014/04/small-food-companies-win-big-with-new-lot-tracking-software/
PAGE 11
April 11, United States – U.S. farm industry seeks rules on data privacy, no consensus yet, Reuters: http://www.reuters.com/article/2014/04/11/usa-agriculture-data-idUSL2N0N21WM20140411 April 3, International – Smart packaging turns science fiction into fact, Food Processing: http://www.foodprocessing.com/articles/2014/smart-packaging-turns-science-fiction-into-fact/?show=all April 1, United States – Ag retail: 3 tech trends to watch in 2014, CropLife: http://www.croplife.com/ equipment/ag-retail-3-tech-trends-to-watch-in-2014/
*This sector is also included in one article in the Cross Sector section.
GOVERNMENT FACILITIES
April 25, Massachusetts – Mother of Sandy Hook victim spurs new security in Sudbury schools, Boston Globe: http://www.bostonglobe.com/metro/2014/04/24/mother- sandy-hook-victim-spurs-new-security-sudbury-schools/RjcWZTlAVxL75utZKtlDQO/ story.html Context: This article describes how a parent worked with a school district to implement a cloud- based security system in the district’s school. According to the article, the local police department will have a live feed from the school’s camera’s as well as details of the school’s floor plans. This security system is an example of educational facilities turning to cloud based services for security solutions. April 22, United States – Government employees cause nearly 60% of public sector cyber incidents, Nextgov: http://www.nextgov.com/cybersecurity/2014/04/government- employees-cause-nearly-60-public-sector-cyber-incidents/82933/ Context: Analysts recently determined that a sizeable majority of public sector cyber incidents are caused by government personnel, with a large portion of such incidents being attributed to poor security or IT practices According to the article, this data contrasts against industrial cyber incidents, in industries like mining and manufacturing where espionage or criminal activities make up a significant percentage of incidents are more prevalent. This story highlights the importance of training and reinforcement of security practices amongst government personnel. April 22, Iowa – Iowa State server breach exposes SSNs of nearly 30,000, SC Magazine: http://www.scmagazine.com/iowa-state-server-breach-exposes-ssns-of- nearly-30000/article/343732/ Context: Several thousand Iowa State students and alumni have been warned that their personal information may have been compromised in a server breach. According to the article, five university servers were likely breached by a group of persons who intended to use the systems for cryptocurrency mining. This incident highlights how cyber criminals’ motivations are evolving beyond breaching servers for the purpose of data theft. April 9, United States – IT security controls at IRS endanger taxpayer data, says GAO, FierceGovernmentIT: http://www.fiercegovernmentit.com/story/it-security-controls- irs-endanger-taxpayer-data-says-gao/2014-04-09 Context: Analysts believe that information security weaknesses at the IRS could compromise the information security of users and expose sensitive information, according to an article reporting on a recent GAO study. The weaknesses are the result of insufficient vulnerability patching and information system monitoring. This story illustrates the importance of proper information security management at all levels of federal organizations, and the extent to which individual programs can have an impact on broad portions of their stakeholders.
PAGE 12
Additional Reading: April 29, United States – DHS advises computer users to temporarily consider an alternate to Microsoft’s Internet Explorer, Government Security News: http://www.gsnmagazine.com/node/41043 April 28, United States – Commerce bureaus flunk cyber test, FCW: http://fcw.com/articles/2014/04/28/ commerce-ig-cyber-test.aspx April 11, United States – Federal agencies avoid Heartbleed risk, DHS says, NextGov: http://www. nextgov.com/cybersecurity/2014/04/federal-websites-avoid-heartbleed-risks-dhs-says/82261 April 10, Maryland – Latest UMD 'intrusion' linked to IT worker exposing security issues, account shows, SC Magazine: http://www.scmagazine.com/latest-umd-intrusion-linked-to-it-worker-exposing- security-issues-account-shows/article/342202/ April 2, United States – State assessment tests hit by cyber attacks, KSN.com: http://ksn.com/ 2014/04/02/state-assessment-tests-hit-by-cyber-attacks/
Articles affecting government entities may be included in other sectors' sections of the Cyber News Spotlight because they relate directly to the functions, assets, and stakeholders in those sectors.
HEALTHCARE & PUBLIC HEALTH
April 25, United States – It’s insanely easy to hack hospital equipment, Wired: http://www.wired.com/2014/04/hospital-equipment-vulnerable/ Context: After a two-year cybersecurity study of equipment employed by healthcare centers in four states, a team of security researchers discovered that a wide variety of healthcare equipment and tools—such as medical records, devices, and storage systems—were vulnerable to tampering. The June, July, and August 2013 issues of Cyber News Spotlight focused on the Food and Drug Administration’s guidance for wireless medical devices, and the September 2013 issue highlighted an effort to secure medical implant software by encrypting heartbeats. The article demonstrates that a large number of medical devices and systems have cyber components and vulnerabilities. April 24, Boston, MA – FBI warns healthcare sector vulnerable to cyber attacks, Reuters: http://in.reuters.com/article/2014/04/23/us-cybersecurity-healthcare-fbi- idINKBN0D914Y20140423 Context: A private notice circulated by the Federal Bureau of Investigation to healthcare industry members indicates that the industry’s information technology systems are less secure than those in other industries. The article indicates that as a result, these systems are vulnerable to attempts by malicious actors to obtain individuals’ health insurance and medical information. These findings highlight the sensitive nature of data housed on healthcare information technology systems and their value to threat actors. April 22, United States – Cyber attack simulation exposes need for better collaboration, preparedness, FierceHealthIT: http://www.fiercehealthit.com/story/cyber- attack-simulation-exposes-need-better-collaboration-preparedness/2014-04-22 Context: The Health Information Trust Alliance (HITRUST) published the results of its first cyber attack exercise in April 2014. The simulation, called CyberRX, included private sector healthcare industry participants such as hospitals, insurance providers, and pharmacies. The article noted that the exercise findings revealed the importance of cross-organization collaboration and information sharing during cyber incidents. The exercise displays how simulations can play a role in increasing cyber attack preparedness.
PAGE 13
April 16, United Kingdom – Hackers attempt to blackmail plastic surgeons, The Register: http://www.theregister.co.uk/2014/04/16/hackers_attempted_extortion_ plastic_surgeons/ Context: Cybercriminals attempted to blackmail a large United Kingdom plastic surgery practice by threatening to release data on prospective patients that was allegedly stolen from a breached practice website. According to the article, the medical group admitted that a site containing approximately 480,000 records of potential patients was compromised. The article states that the practice refused to pay the ransom but does not indicate whether the criminals followed through on their threat. Data ransom threats, which have been growing in popularity in a wide variety of industries, represent a newer trend in the healthcare industry.
Additional Reading: April 24, Boston, MA – Hacker group Anonymous targets Children’s Hospital, Boston Globe: http://www.bostonglobe.com/business/2014/04/24/hacker-group-anonymous-targets-children-hospital-over- justina-pelletier-case/jSd3EE5VVHbSGTJdS5YrfM/story.html April 21, United States – Healthcare.gov passwords vulnerable to Heartbleed bug, FierceGovernmentIT: http://www.fiercegovernmentit.com/story/healthcaregov-passwords-vulnerable- heartbleed-bug/2014-04-21 April 17, United States – UPMC data breach may affect as many as 27,000 employees, Pittsburgh Post- Gazette: http://www.post-gazette.com/business/finance/2014/04/17/UPMC-data-breach-may-affect-as- many-as-27-000-employees/stories/201404170277 April 16, United States – IT security study cites healthcare insider threat concerns, HealthITSecurity: http://healthitsecurity.com/2014/04/16/it-security-study-cites-healthcare-insider-threat-concerns/ April 2, United States – LewisGale Regional Health System dealing with data breach, WDBJ7: http://www.wdbj7.com/news/local/lewisgale-regional-health-system-dealing-with-data-breach/25289888
INFORMATION TECHNOLOGY
April 23, Brazil – Brazil becomes one of the first to adopt Internet ‘Bill of Rights,’ NPR: http://www.npr.org/blogs/thetwo-way/2014/04/23/306238622/brazil-becomes-one- of-the-first-to-adopt-internet-bill-of-rights Context: Brazil enacted a constitution for the Internet this month in response to online privacy concerns. The bill prohibits broadband providers from blocking access or discriminating against Internet traffic traveling over connections, a response to limit mass surveillance on Brazilian citizens. The article highlights how laws such as this one, along with the recommended introduction of a new global community to operate Internet functions, could affect how the Internet is used and governed. April 21, International – Easter egg: DSL router patch merely hides backdoor instead of closing it, Ars Technica: http://arstechnica.com/security/2014/04/easter-egg-dsl- router-patch-merely-hides-backdoor-instead-of-closing-it/ Context: The end of 2013 and beginning of 2014 saw stories regarding a vulnerability in router software that exposed companies and individual homes to significant cyber threats. According to the article, a researcher found that some of the patches created to fix the vulnerability do not solve the problem but rather simply hide it from view. The article highlights how intended patches and hotfixes may not always address a vulnerability completely.
PAGE 14
April 7, International – Heartbleed: serious OpenSSL zero day vulnerability revealed, ZDNet: http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed- 7000028166/ Context: Researchers found a widespread vulnerability that allows attackers to grab the memory from web servers. The article states that the vulnerability, commonly called “Heartbleed,” is in the actual OpenSSL library used to secure Web transmission from the sender to the recipient. Researchers state that the vulnerability has put users’ passwords at risk and can also reveal the private keys used to encrypt secure transmissions via the HTTPS protocol. This incident highlights the dependence on secure protocols for a variety of online activities. April 2, International – 24 million reason to lock down DNS amplification attacks, SC Magazine: http://www.scmagazineuk.com/24-million-reasons-to-lock-down-dns- amplification-attacks/article/341026/ Context: Researchers have identified vulnerabilities in broadband routers that would collectively allow hackers to create large-scale amplification attacks by manipulating Domain Name System (DNS) traffic lookups. The article states that owners rarely update the firmware on their legacy routers and hackers can use them by spoofing the IP address of a target and creating an alternative request on the vulnerable router. Researchers have found that attackers have already discovered that more than 5.3 million routers have been used in such attacks. These attacks highlight how these vulnerabilities can result in the disruption of Internet service provider networks and a degraded ability to provide reliable service. Additional Reading: April 21, International – Heartbleed attack targeted enterprise VPN, Dark Reading: http://www.dark reading.com/attacks-breaches/heartbleed-attack-targeted-enterprise-vpn-/d/d-id/1204592 April 18, International – Research shows vulnerabilities go unfixed longer in ASP, SC Magazine: http://www.scmagazine.com/research-shows-vulnerabilities-go-unfixed-longer-in-asp/article/343357/ April 17, International – Attackers use reflection techniques for larger DDoS attacks, Net-Security: http://www.net-security.org/secworld.php?id=16707 April 13, United States – Obama administration backs disclosing software vulnerabilities in most cases, Network World: http://www.networkworld.com/news/2014/041414-obama-administration-backs- disclosing-software-280641.html April 7, International – Zeus variant uses valid digital signature to avoid detection, SC Magazine: http://www.scmagazine.com/zeus-variant-uses-valid-digital-signature-to-avoid-detection/article/341674/
NUCLEAR
April 16, Germany – Nuclear waste heads into the virtual realm, physicsworld.com: http://physicsworld.com/cws/article/news/2014/apr/16/nuclear-waste-heads-into-the- virtual-realm Context: Researchers believe that software could ease the identification and design of nuclear waste storage sites. According to the article, the technology is designed to help analysts estimate how potential repository sites may evolve over time and handle radiologic material. However, critics assert that the software will divert resources and attention away from other research conducted in underground laboratories. The article highlights how software could be used to aid decision making in the nuclear industry.
PAGE 15
April 16, Japan – Robot helps with cleanup at Fukushima Daiichi, Power Engineering: http://www.power-eng.com/articles/npi/print/volume-7/issue-2/technology/robot-helps- with-cleanup-at-fukushima-daiichi.html Context: A firm supporting nuclear plant decommissioning activities in Japan will reveal a robot designed to enhance cleanup and recovery efforts related to maintenance, testing, sampling, and decontamination. This article illustrates the value of IT and computer-related technologies in potentially hazardous environments.
TRANSPORTATION
April 21, United States – Three states develop $1.7M traffic management system, Eagle Tribune: http://www.eagletribune.com/latestnews/x2117341476/Three-states- develop-1-7M-traffic-management-system Context: Maine, New Hampshire, and Vermont are creating a traffic management system to convey information to motorists in real-time. According to the article, the cloud based system will provide traffic, weather, and emergency updates via electronic highway message signs and on a central website. A state transportation official indicated that the system would allow third-party access for application development. The development of this traffic management system reflects the wider trend of intelligent highway transportation system implementation. April 15, Tampa Bay, FL – Port Tampa Bay buys cyber liability insurance, Tampa Bay Business Journal: http://www.bizjournals.com/tampabay/news/2014/04/15/port-tampa- bay-buys-cyberliability-insurance.html Context: A Florida port is adding cyber liability insurance to its annual insurance portfolio. According to the article, this is possibly one of the first ports to purchase cyber liability insurance, which is reported to cover the costs of liability for stolen data, forensic investigation expenses, and costs associated with notifying parties affected by breaches. This purchase decision highlights how cyber liability insurance is becoming an aspect of cybersecurity risk management. April 11, New York – Clever thieves are using these tiny cameras to steal credit-card info from NYC subway riders, Business Insider: http://www.businessinsider.com/mta- metrocard-subway-credit-card-scam-2014-4 Context: A New York transit agency warned its customers to be vigilant when purchasing fares from fare card vending machines. According to the article, a hidden camera and credit card skimming device were found on a fare card vending machine in a New York City subway station. The article notes that similar devices have been discovered before within this transportation system. This discovery highlights how transportation system point-of-sale machines continue to be targeted to obtain credit card information. March 26, India – Collegian used software skills to corner rail tickets in bulk, Mumbai Mirror: http://www.mumbaimirror.com/mumbai/crime/Collegian-used-software-skills-to- corner-rail-tickets-in-bulk/articleshow/32685952.cms Context: An Indian law enforcement service arrested a suspect for allegedly exploiting a vulnerability in a rail service provider's online booking website to obtain tickets before they became available to the public. The suspect then resold the tickets at higher rates. According to the article, the suspect stated that he learned about the vulnerability through a family member who had worked for an agency that shared a booking system with the rail service provider. The incident provides highlights the potential for employees of third-party business partners to discover and take advantage of vulnerabilities on shared systems.
PAGE 16
Additional Reading: April 16, United States – FAA: ADS-B ground infrastructure complete, FierceGovernmentIT: http://www.fiercegovernmentit.com/story/faa-ads-b-ground-infrastructure-complete/2014-04-16 April 15, Netherlands – Dutch government plans full ERTMS rollout by 2030, Global Rail News: http://www.globalrailnews.com/2014/04/15/dutch-government-plans-full-ertms-rollout-by-2030/ April 14, United States – IG Calls on USPS to better manage data storage, FEDweek: http://www.fedweek.com/item-view.php?tbl=15&ID=160 April 14, International – Dutch teen reportedly arrested for tweeting threat at American Airlines, Time: http://time.com/61690/girl-arrested-for-tweeting-threat-at-american-airlines-twitter/ April 2, International – Freighter without crew, Phys.org: http://phys.org/news/2014-04-freighter-crew.html
*This sector is also included in one article in the Cross Sector section.
WATER
April 8, Los Angeles, CA – Report Shows Strong Progress in Major Utilities' Use of Social Media, Emergency Management: http://www.emergencymgmt.com/emergency- blogs/crisis-comm/Report-shows-strong-progress-in-major-utilities-use-of-social- media.html Context: A study of the largest 50 utilities in the U.S. reported that a California water utility was one of the top three users of social media. As stated in the article, the water utility has used social media for communications and customer service. Although the use of social media to connect with customers has not yet reached all water utilities, the findings discussed in the article point to an increased online presence among water utilities. April 7, United States – Washington turns attention to cybersecurity, safety issues, WaterWorld: http://www.waterworld.com/articles/print/volume-30/issue-4/departments/ washington-update/washington-turns-attention-to-cybersecurity-safety-issues.html Context: This article discusses how water industry members and government have increased the profile of water cybersecurity. According to the article, a water industry association has developed a list of cybersecurity best practices and an evaluation tool for water utilities. The best practices and evaluation tool represent an industry-specific approach to improving cybersecurity and increasing cybersecurity awareness.
Additional Reading: April 16, Pennsylvania – Smart water meters: 130 million worldwide by 2018, Lehigh Valley News: http://www.wfmz.com/news/news-regional-lehighvalley/Man-slapped-with-43-000-water-bill/25522060 April 8, United States – Smart water meters: 130 million worldwide by 2018, Metering.com: http://www.metering.com/smart-water-meters-130-million-worldwide-by-2018/
PAGE 17
CROSS SECTOR
April 21, Texas – Each one is a potential attack point: study could assess cyber security in Basin oil and gas industry, CBS7: http://cbs7kosa.com/news/article_225 27f36-c9cc-11e3-a0e8-001a4bcf6878.html Sectors: Energy, Transportation Context: A recent conference convened by the Department of Homeland Security and the oil and gas industry highlighted the cyber threats to oil pipelines and pumping stations. According to the article, conference speakers noted that oilfield operations can be accessed remotely and are vulnerable to cyber attacks. The article highlights the integrated nature of cyber and oil and gas production systems.
Additional Reading: April 8, United States – CME resumes trading in ag markets after technical glitch halted trading Tuesday afternoon, Futures Magazine: http://www.futuresmag.com/2014/04/08/cme-resumes-trading-in- ag-markets-after-technical Sectors: Financial Services, Food and Agriculture
PAGE 18
CS&C IER Cyber News Spotlight Information
About The Office of Cybersecurity and Communications (CS&C) Industry Engagement & Resilience (IER) Branch produces the Cyber News Spotlight, which is a monthly summary of open-source published information concerning significant cybersecurity and cyber infrastructure issues. Articles at the beginning of each section include context on the article to provide additional information and indicate the effect that the article may have on the sector. The CS&C IER Cyber News Spotlight is available to Critical Infrastructure sector members on the CS&C IER Homeland Security Information Network – Critical Sectors (HSIN-CS) portal at the following URL: https://hsin.dhs.gov/ci/iir/ier CS&C’s IER branch, which is part of the Stakeholder Engagement and Cyber Infrastructure Resilience Division, works with the private sector and its industry associations through tailored engagements to identify and define sector cybersecurity goals, develop cybersecurity strategies, and implement risk management approaches. Applying experience gained as the Sector-Specific Agency for the Communications and Information Technology sectors, as well as working with all sectors since the inception of DHS, IER helps sectors secure their communications and cyber infrastructure.
Methodology: Every month, IER’s Cyber News Spotlight team searches for news articles relevant to each of the 16 critical infrastructure sectors. The news articles are all unclassified and publicly accessible, collected from sources such as newspapers, online and print news media organizations, technology news publications, and television news media. IER compiles articles of interest at the end of each month, and submits the articles for editorial review. Articles selected for inclusion represent issues that were covered in news media during the previous month and are designed to highlight topics of discussion within sector and cybersecurity communities. IER ensures that each article and the context written add value to current discussions about sector cybersecurity.
Contact Information For content suggestions and/or questions on the Cyber News Spotlight, or to learn about additional capabilities available to help the critical infrastructure sectors secure their cyber and communications infrastructure please e-mail [email protected].
Contact DHS To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us- cert.gov or visit their Web page at the following URL: http://www.us-cert.gov. To report physical infrastructure incidents or to request information, please contact the National Infrastructure Coordinating Center at [email protected] or (202) 282-9201.
Department of Homeland Security Disclaimer The CS&C IER Cyber News Spotlight is a non-commercial publication intended to educate and inform personnel engaged in cyber infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranties with respect to this Cyber News Spotlight, including no warranty of ownership of the copyright, or accuracy with respect to the original source material. DHS does not endorse the contents of any resources linked to or referenced in this Cyber News Spotlight or the contents of such resources.
Distributed on May 9, 2014
PAGE 19