DOCSLIB.ORG

Information Assurance MELANI

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Information Assurance MELANI Federal IT Steering Unit FITSU Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI https://www.melani.admin.ch/ INFORMATION ASSURANCE SITUATION IN SWITZERLAND AND INTERNATIONALLY Semi-annual report 2018/I (January – June) 8 NOVEMBER 2018 REPORTING AND ANALYSIS CENTRE FOR INFORMATION ASSURANCE MELANI https://www.melani.admin.ch/ 1 Overview / Content 1 Overview / Content .............................................................................................. 2 2 Editorial................................................................................................................. 5 3 Key topic: vulnerabilities in the hardware ....................................................... 6 3.1 Spectre and Meltdown ..................................................................................... 6 3.2 Why this design error? .................................................................................... 6 3.3 Possible solutions ........................................................................................... 7 3.4 Possible developments.................................................................................... 8 4 Situation in Switzerland...................................................................................... 9 4.1 Espionage ........................................................................................................ 9 Spiez Laboratory name misused as sender of "Olympic Destroyer" ........................... 9 4.2 Industrial control systems ............................................................................. 11 Open systems on the net - threat or "daily business"? ............................................. 11 4.3 Attacks (DDoS, defacements, drive-bys) ....................................................... 14 Apophis Squad activities in Switzerland ................................................................... 14 4.4 Social engineering and phishing ................................................................... 15 Phishing .................................................................................................................. 15 Calls on behalf of banks .......................................................................................... 16 GDPR phishing ....................................................................................................... 16 Espionage attacks via the calendar ......................................................................... 17 Supposed prizes - chain letters in the name of IKEA, Milka and Co ......................... 18 From the internet to the real world - when attackers make personal visits ................ 18 "Look alike" domains ............................................................................................... 19 Email addresses for sale ......................................................................................... 20 4.5 Data leaks....................................................................................................... 22 Swisscom sales partners lose customer data .......................................................... 22 The use of stolen data ............................................................................................. 23 Passwords for sextortion ......................................................................................... 23 Credential stuffing with old passwords ..................................................................... 24 4.6 Crimeware ...................................................................................................... 24 4.7 E-banking Trojans in Switzerland .................................................................. 26 "Retefe" und social engineering ............................................................................... 26 "Dridex" and offline payment software ..................................................................... 27 "Gozi ISFB" and drive-by dissemination ................................................................... 28 Page 2 of 61 5 Situation internationally ................................................................................... 29 5.1 Espionage ...................................................................................................... 29 "Sofacy" linked to various incidents ......................................................................... 29 VPN filter - at least 500,000 devices affected ........................................................... 30 Attack on the German Federal Government network ............................................... 31 Attacks on energy providers .................................................................................... 32 Attackers focus on "Cisco's" "Smart Install" ............................................................. 33 5.2 Industrial control systems ............................................................................. 35 VW and Audi infotainment systems hacked ............................................................. 35 Cryptominers at European wastewater facility.......................................................... 36 "Hide'n Seek" - IoT botnet with peer-to-peer function ............................................... 36 5.3 Attacks (DDoS, defacements, drive-bys) ....................................................... 37 "Memcached DDoS" attack ..................................................................................... 37 Banks' internal systems remain the target of cybercriminals..................................... 39 5.4 Data leaks....................................................................................................... 39 DHS privacy leak..................................................................................................... 39 "Exactis" data leak .................................................................................................. 40 5.5 Preventive measures ..................................................................................... 40 Member behind the Carbanak/Cobalt attacks arrested............................................. 40 Cyber Europe 2018 - preparing for the next cyber crisis ........................................... 41 Lazarus C&C server take over ................................................................................. 42 6 Trends and outlook ........................................................................................... 42 6.1 The use of data in attacks .............................................................................. 42 6.2 Networked medical devices, health data and patient dossiers ..................... 44 6.3 Speed before security? - even in the future, not everything can be entrusted to mobile communications. ........................................................................... 45 The known problems with the SS7 protocol in the case of 2G and 3G ...................... 45 LTE makes things better, but is still far from perfect ................................................. 46 Will 5G finally close the vulnerabilities? ................................................................... 46 Network security alone does not protect .................................................................. 47 7 Politics, research, policy .................................................................................. 48 7.1 Switzerland: parliamentary procedural requests........................................... 48 7.2 Political cyperspace developments - current status ..................................... 52 7.3 GDPR and Data Protection Act ...................................................................... 53 8 Published MELANI products............................................................................ 54 Page 3 of 61 8.1 GovCERT.ch Blog .......................................................................................... 54 8.2 MELANI newsletter......................................................................................... 54 Data leaks, crimeware and attacks on industrial control systems – topics in the MELANI semi-annual report .................................................................................................. 54 Wieder vermehrt betrügerische Anrufe bei Firmen ................................................... 54 8.3 Checklists and instructions ........................................................................... 54 9 Glossary ............................................................................................................. 55 Page 4 of 61 2 Editorial Dear reader, Historically, Switzerland was born out of trusted relationships between leaders of early Cantons who collaborated to defend against threats they had in common. This original example of trust among communities resulted in the successful long-term development of a safe and secure society. Today trust continues to play a central role in the safety and security of our digital society. The concept of "trust groups" of like-minded people has become important in every industry sector. These are groups of people working together to defend and fight against cyber threats Dr. Bruce Nikkel and cybercriminal activity common to the group. Head of Cybercrime Intelligence & Forensic Investigation, UBS Chairman of the European FI-ISAC Trust groups can be ad-hoc communities of like-minded Professor of Digital Forensics, Berner Fachhochschule individuals who meet to discuss technical threats
Load more

Recommended publications
  • Wdv-Notes Stand: 29.DEZ.1994 (2.) 329 Intel Pentium – Business Must Learn from the Debacle
    wdv-notes Stand: 29.DEZ.1994 (2.) 329 Intel Pentium – Business Must Learn from the Debacle. Wiss.Datenverarbeitung © 1994–1995 Edited by Karl-Heinz Dittberner FREIE UNIVERSITÄT BERLIN Theo Die kanadische Monatszeitschrift The Im folgenden sowie in den wdv-notes verbreitet werden, wenn dabei die folgen- Computer Post, Winnipeg veröffentlicht Nr. 330 werden diese Artikel im Original den Spielregeln beachtet werden. in mehreren Artikeln in ihrer Januar-Aus- nachgedruckt. Der Dank dafür geht an Permission is hereby granted to copy gabe 1995 eine exzellente erste Zusam- Sylvia Douglas von The Computer Post, this article electronically or in any other menfassung des Debakels um den Defekt 301 – 68 Higgins Avenue, Winnipeg, Ma- form, provided it is reproduced without des Pentium-Mikroprozessors [1–2] des nitoba, Canada, Email: SDouglas@post. alteration, and you credit it to The Compu- Computergiganten Intel. mb.ca. Diese Artikel dürfen auch weiter- ter Post. Intel’s top of the line Pentium™ microproc- This particular error in the Pentium was in essor chip has turned out to have a slight flaw the floating-point divide unit. Intel manage- Editorial: The Computer Post – Jan.95 in its character: when dividing certain rare ment was concerned enough about it that pairs of floating point numbers, it gives the they pulled together a special team to assess The Way it Will Be wrong answer. For anyone who owns a Pen- the implications. tium-based computer, or was thinking about This month you’ll find we’re reporting a In the words of Andrew Grove, Intel’s CEO, buying one, or is just feeling curious, here lot of background information on Intel’s posting later to the Internet [3], “We were are..
    [Show full text]
  • Detecting and Removing Malicious Hardware Automatically
    Appears in Proceedings of the 31st IEEE Symposium on Security & Privacy (Oakland), May 2010 Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically Matthew Hicks, Murph Finnicum, Samuel T. King Milo M. K. Martin, Jonathan M. Smith University of Illinois at Urbana-Champaign University of Pennsylvania Abstract hardware-level vulnerabilities would likely require phys- ically replacing the compromised hardware components. The computer systems security arms race between at- A hardware recall similar to Intel’s Pentium FDIV bug tackers and defenders has largely taken place in the do- (which cost 500 million dollars to recall five million main of software systems, but as hardware complexity chips) has been estimated to cost many billions of dollars and design processes have evolved, novel and potent today [7]. Furthermore, the skill required to replace hard- hardware-based security threats are now possible. This ware and the rise of deeply embedded systems ensure paper presents a hybrid hardware/software approach to that vulnerable systems will remain in active use after the defending against malicious hardware. discovery of the vulnerability. Second, hardware is the We propose BlueChip, a defensive strategy that has lowest layer in the computer system, providing malicious both a design-time component and a runtime component. hardware with control over the software running above. During the design verification phase, BlueChip invokes This low-level control enables sophisticated and stealthy a new technique, unused circuit identification (UCI), attacks aimed at evading software-based defenses. to identify suspicious circuitry—those circuits not used Such an attack might use a special, or unlikely, event to or otherwise activated by any of the design verification trigger deeply buried malicious logic which was inserted tests.
    [Show full text]
  • Can the Computer Be Wrong?
    Can the computer be wrong? Wojciech Myszka Department of Mechanics, Materials and Biomedical Engineering January 2021 1 Data 2 Human (operator) 3 Hardware (inevitable) 4 Hardware 5 Manufacturer fault 6 Software 7 Bug free software 8 List of software bugs Data Absolute error I I was talking about this in one of the previous lectures. I One of the main sources of errors are data. I Knowing the range of each value allows us to predict values of the result. I This can be difficult and tricky. I However, in most cases we assume that the data values are correct and believe in computer calculations. Human (operator) Operator I In general, it is difficult to take into account human errors. I These include: I not understanding the problem solved by the program, I errors in preparing input data, I wrong answer to the computer prompt, I ... Hardware (inevitable) Number of bits This is a quite different source of error. 1. Most of todays computers have I 32 or 64 bits processors 2. What does this mean? Number of bits — rangeI 1. The biggest integer value I 32 bits: from −231 to 231 − 1 (−2; 147; 483; 648 to 2; 147; 483; 647) or two billion, one hundred forty-seven million, four hundred eighty-three thousand, six hundred forty-seven I 64 bits: from −263 to 263 − 1 (−9; 223; 372; 036; 854; 775; 808 to 9; 223; 372; 036; 854; 775; 807) nine quintillion two hundred twenty three quadrillion three hundred seventy two trillion thirty six billion eight hundred fifty four million seven hundred seventy five thousand eight hundred and seven 2.
    [Show full text]
  • A Hybrid-Parallel Architecture for Applications in Bioinformatics
    A Hybrid-parallel Architecture for Applications in Bioinformatics M.Sc. Jan Christian Kässens Dissertation zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften (Dr.-Ing.) der Technischen Fakultät der Christian-Albrechts-Universität zu Kiel eingereicht im Jahr 2017 Kiel Computer Science Series (KCSS) 2017/4 dated 2017-11-08 URN:NBN urn:nbn:de:gbv:8:1-zs-00000335-a3 ISSN 2193-6781 (print version) ISSN 2194-6639 (electronic version) Electronic version, updates, errata available via https://www.informatik.uni-kiel.de/kcss The author can be contacted via [email protected] Published by the Department of Computer Science, Kiel University Computer Engineering Group Please cite as: Ź Jan Christian Kässens. A Hybrid-parallel Architecture for Applications in Bioinformatics Num- ber 2017/4 in Kiel Computer Science Series. Department of Computer Science, 2017. Dissertation, Faculty of Engineering, Kiel University. @book{Kaessens17, author = {Jan Christian K\"assens}, title = {A Hybrid-parallel Architecture for Applications in Bioinformatics}, publisher = {Department of Computer Science, CAU Kiel}, year = {2017}, number = {2017/4}, doi = {10.21941/kcss/2017/4}, series = {Kiel Computer Science Series}, note = {Dissertation, Faculty of Engineering, Kiel University.} } © 2017 by Jan Christian Kässens ii About this Series The Kiel Computer Science Series (KCSS) covers dissertations, habilitation theses, lecture notes, textbooks, surveys, collections, handbooks, etc. written at the Department of Computer Science at Kiel University. It was initiated in 2011 to support authors in the dissemination of their work in electronic and printed form, without restricting their rights to their work. The series provides a unified appearance and aims at high-quality typography. The KCSS is an open access series; all series titles are electronically available free of charge at the department’s website.
    [Show full text]
  • État Des Malwares 2019
    État des malwares 2019 Préparé par ÉTAT DES MALWARES EN 2019 Table des matières Résumé ��������������������������������������������������������������������������� 3 Arnaques notables ������������������������������������������������������ 29 Méthodologie �����������������������������������������������������������������3 Pratiques commerciales exploitables ����������������� 29 Les 10 enseignements clés ����������������������������������������� 4 Ciblage d’informations d’identification personnelle ��������29 Palmarès des menaces détectées en 2018 ��������������� 6 Sextorsion �������������������������������������������������������������������� 29 Affaiblir l'ennemi ��������������������������������������������������������� 30 Menaces détectées chez les consommateurs ����6 Pour voir plus loin ������������������������������������������������������ 30 Menaces détectées dans les entreprises �������������7 Prévisions 2019 ������������������������������������������������������������ 31 Menaces régionales �����������������������������������������������������8 Menaces par pays ����������������������������������������������������� 10 Conclusion �������������������������������������������������������������������� 33 Menaces par secteur ������������������������������������������������ 11 Contributeurs ��������������������������������������������������������������� 33 Malwares notables ������������������������������������������������������ 13 Programmes de minage de cryptomonnaies���������������� 13 Chevaux de Troie �������������������������������������������������������
    [Show full text]
  • 2018 Midyear Security Roundup: Unseen Threats, Imminent Losses DATA
    Unseen Threats, Imminent Losses 2018 Midyear Security Roundup TREND MICRO LEGAL DISCLAIMER Contents The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The 04 information contained herein may not be applicable to all situations and may not reflect the most current situation. Serious vulnerabilities discovered in Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the hardware make patching even more particular facts and circumstances presented and nothing challenging herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. 09 Translations of any material into other languages are intended solely as a convenience. Translation accuracy Cryptocurrency mining detections more is not guaranteed nor implied. If any questions arise than doubles while ransomware remains related to the accuracy of a translation, please refer to the original language official version of the document. Any an enterprise threat discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. 14 Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro Mega breaches rise even as GDPR makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree penalties loom that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied.
    [Show full text]
  • Informe De Tendències - 2N Trimestre 2018
    Informe de Tendències - 2n Trimestre 2018 1 Informe de Tendències - 2n Trimestre 2018 El contingut d’aquesta guia és titularitat de la Fundació Centre de Seguretat de la Informació de Catalunya i resta subjecta a la llicència de Creative Commons BY-NC-ND. L’autoria de l’obra es reconeixerà a través de la inclusió de la menció següent: Obra titularitat de la Fundació Centre de Seguretat de la Informació de Catalunya. Llicenciada sota la llicència CC BY-NC-ND. Aquesta guia es publica sense cap garantia específica sobre el contingut. Aquesta llicència té les particularitats següents: Vostè és lliure de: Copiar, distribuir i comunicar públicament l’obra. Sota les condicions següents: Reconeixement: S’ha de reconèixer l’autoria de l’obra de la manera especificada per l’autor o el llicenciador (en tot cas, no de manera que suggereixi que gaudeix del suport o que dóna suport a la seva obra). No comercial: No es pot emprar aquesta obra per a finalitats comercials o promocionals. Sense obres derivades: No es pot alterar, transformar o generar una obra derivada a partir d’aquesta obra. Avís: En reutilitzar o distribuir l’obra, cal que s’esmentin clarament els termes de la llicència d’aquesta obra. El text complet de la llicència es pot consultar a https://creativecommons.org/licenses/by-nc-nd/4.0/deed.ca 2 Informe de Tendències - 2n Trimestre 2018 Índex Introducció ..................................................................................................................... 5 Visió general .................................................................................................................
    [Show full text]
  • P5 (Microarchitecture)
    P5 (microarchitecture) The Intel P5 Pentium family Produced From 1993 to 1999 Common manufacturer(s) • Intel Max. CPU clock rate 60 MHz to 300 MHz FSB speeds 50 MHz to 66 MHz Min. feature size 0.8pm to 0.25pm Instruction set x86 Socket(s) • Socket 4, Socket 5, Socket 7 Core name(s) P5. P54C, P54CS, P55C, Tillamook The original Pentium microprocessor was introduced on March 22, 1993.^^ Its microarchitecture, deemed P5, was Intel's fifth-generation and first superscalar x86 microarchitecture. As a direct extension of the 80486 architecture, it included dual integer pipelines, a faster FPU, wider data bus, separate code and data caches and features for further reduced address calculation latency. In 1996, the Pentium with MMX Technology (often simply referred to as Pentium MMX) was introduced with the same basic microarchitecture complemented with an MMX instruction set, larger caches, and some other enhancements. The P5 Pentium competitors included the Motorola 68060 and the PowerPC 601 as well as the SPARC, MIPS, and Alpha microprocessor families, most of which also used a superscalar in-order dual instruction pipeline configuration at some time. Intel's Larrabee multicore architecture project uses a processor core derived from a P5 core (P54C), augmented by multithreading, 64-bit instructions, and a 16-wide vector processing unit. T31 Intel's low-powered Bonnell [4i microarchitecture employed in Atom processor cores also uses an in-order dual pipeline similar to P5. Development The P5 microarchitecture was designed by the same Santa Clara team which designed the 386 and 486.^ Design work started in 1989;^ the team decided to use a superscalar architecture, with on-chip cache, floating-point, and branch prediction.
    [Show full text]
  • 2019 State of Malware
    2019 State of Malware Provided by 2019 STATE OF MALWARE Table of contents Executive summary........................................................3 Noteworthy attack vectors.........................................23 Methodology ..................................................................3 Malspam.................................................................23 Top 10 takeaways...........................................................4 Website attacks..........................................................24 Top detections of 2018..................................................6 Malicious browser extensions................................25 Exploits......................................................................26 Consumer detections..................................................6 Mass compromises via routers..............................27 Business detections.....................................................7 CMS hacks....................................................................28 Regional threats............................................................8 Noteworthy scams.......................................................29 Threats by country.....................................................10 Threats by vertical.....................................................11 Exploitable business practices..............................29 Noteworthy malware...................................................13 Targeting PII.................................................................29 Sextortion.....................................................................29
    [Show full text]
  • APA Newsletters NEWSLETTER on PHILOSOPHY and COMPUTERS
    APA Newsletters NEWSLETTER ON PHILOSOPHY AND COMPUTERS Volume 11, Number 1 Fall 2011 FROM THE EDITOR, PETER BOLTUC FROM THE CHAIR, DAN KOLAK SPECIAL SESSION DAVID L. ANDERSON “Special Session on ‘Machine Consciousness’” FEATURED ARTICLE JAAKKO HINTIKKA “Logic as a Theory of Computability” ARTICLES DARREN ABRAMSON AND LEE PIKE “When Formal Systems Kill: Computer Ethics and Formal Methods” HECTOR ZENIL “An Algorithmic Approach to Information and Meaning: A Formal Framework for a Philosophical Discussion” PENTTI O A HAIKONEN “Too Much Unity: A Reply to Shanahan” PHILOSOPHY AND ONLINE EDUCATION RON BARNETTE “Reflecting Back Twenty Years” © 2011 by The American Philosophical Association ISSN 2155-9708 FRANK MCCLUSKEY “Reflections from Teaching Philosophy Online” TERRY WELDIN-FRISCH “A Comparison of Four Distance Education Models” KRISTEN ZBIKOWSKI “An Invitation for Reflection: Teaching Philosophy Online” THOMAS URBAN “Distance Learning and Philosophy: The Term-Length Challenge” FEDERICO GOBBO “The Heritage of Gaetano Aurelio Lanzarone” APA NEWSLETTER ON Philosophy and Computers Piotr Bołtuć, Editor Fall 2011 Volume 11, Number 1 Terry Weldin-Frish, in his informative paper, compares the ROM THE DITOR experiences he had with online learning in philosophy first as a F E graduate student, reaching a Ph.D. entirely online, and later as a faculty member, at four different educational institutons in the UK and the US. Kristen Zbikowski presents a spirited defense Peter Boltuc of teaching philosophy online based on her experiences as an University of Illinois at Springfield online student and then a faculty member also teaching online courses. Thomas Urban raises a specific problem of the length I used to share the general enthusiasm about web-only of viable online philosophy courses.
    [Show full text]
  • On Improving Cybersecurity Through Memory Isolation Using Systems Management Mode
    On Improving Cybersecurity Through Memory Isolation Using Systems Management Mode A thesis submitted for the degree of Doctor of Philosophy James Andrew Sutherland School of Design and Informatics University of Abertay Dundee August 2018 i Abstract This thesis describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Man- agement Mode. The essence and challenge of modern computer security is to isolate or contain data and applications in a variety of ways, while still allowing sharing where desir- able. If Alice and Bob share a computer, Alice should not be able to access Bob’s passwords or other data; Alice’s web browser should not be able to be tricked into sending email, and viewing a social networking web page in that browser should not allow that page to interact with her online banking service. The aim of this work is to explore techniques for such isolation and how they can be used usefully on standard PCs. This work focuses on the creation of a small dedicated area to perform cryp- tographic operations, isolated from the rest of the system. This is a sufficiently useful facility that many modern devices such as smartphones incorporate dedic- ated hardware for this purpose, but other approaches have advantages which are discussed. As a case study, this research included the creation of a secure web server whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key. A proof of concept backdoor which captures and exfiltrates encryption keys using a modified processor wasalso demonstrated.
    [Show full text]
  • Harnessing Simulation Acceleration to Solve the Digital Design Verification Challenge
    Harnessing Simulation Acceleration to Solve the Digital Design Verification Challenge by Debapriya Chatterjee A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in The University of Michigan 2013 Doctoral Committee: Associate Professor Valeria M. Bertacco, Chair Professor Todd M. Austin Professor Igor L. Markov Assistant Professor Zhengya Zhang c Debapriya Chatterjee All Rights Reserved 2013 To my parents ii Acknowledgments I would like to thank my advisor Professor Valeria Bertacco, who introduced me to re- search. Her willingness to let me explore new ideas has been a cherished freedom, while our discussions on research directions have enabled me to pursue a fixed direction in an interesting and uncharted research territory. Moreover, my writing and presentation skills have grown significantly as a result of her mentoring and her careful attention. I am also grateful for my committee members. I am appreciative of Professor Igor Markov’s contributions: often pointing me to relevant research articles as well as our friendly interactions in the department and various conferences. Professor Todd Austin has been a consistent source of extremely valuable feedback on various matters throughout my studies. I am grateful to Professor Zhengya Zhang for his kind feedback. Early in my graduate school career, I was very fortunate to work with Ilya Wagner and Andrew DeOrio – they instilled the fundamentals of the role of a graduate student into me. I am especially grateful to Joseph Greathouse, Andrea Pellegrini and Biruk Mammo for the innumerable illuminating discussions we have had in the office, often extending into late hours.
    [Show full text]