1st Global Cybersecurity Observatory – Breaking News
The Cybersecurity Observatory is glad to present our carefully selected Breaking News:
Cybersecurity Observatory Breaking News – Leadership
Cybersecurity Leaders – Thomas Pache, Head of Cyber & Senior Underwriter Tech/Cyber at RiskPoint
We are proud to recognize Thomas Pache, Head of Cyber & Senior Underwriter Tech/Cyber at RiskPoint, for his valuable contribution to the industry!
Thomas Pache is responsible for Cyber Insurance at RiskPoint. RiskPoint is a Danish Underwriting Agency offering selected risk transfer solutions with an underwriting excellence claim in Europe, focusing on Scandinavia and Germany.
Professional background and experiences
- Dipl-Ing. Maschinenbau and Dipl.-Wirtschaftsing. (- 1989);
- Regiment Technical Officer (Captain) at the German Federal Armed Forces (-1994); Casualty/FL Underwriter with focus on technological risks at Gerling (-1998);
- Chief Underwriting Officer Tech (IT-Liability) at Gerling (-2004);
- Head of Corporate Department at Gerling Konzern Allgemeine (-2006); CMT Industry Practice Leader for Germany and Austria at Marsh (-2009);
- Branch Office Manager Northern and Eastern Gemany at Nassau (-2012); PI Manager Germany main focus:
- Tech and Cyber at AIG Insurance (-2016); Chief Underwriting Officer Tech & Cyber – Austria, Germany and Switzerland at AIG Insurance (-09/2017);
- Head of Cyber / Senior Underwriter at RiskPoint.
You can follow Fabien’ thoughts and vision in our exclusive interview:
Congratulations from the Cybersecurity Observatory team.
Cybersecurity Observatory Breaking News – Regulation & Privacy
Lawmakers Weigh Contact Tracing Risks Against Rewards
Companies leading efforts to develop tracking apps pledge that participation would be voluntary and include guardrails to protect confidentiality. But the lack of meaningful data privacy rules heightens risks, experts say.
It is a big promise from Silicon Valley to a nation looking for ways to be freed from home confinement: Smartphones could discreetly detect those who may have COVID-19 and nudge them to quarantine, blunting renewed outbreaks as Americans start to once again venture out.
But as tech firms lay the foundation for a potentially massive digital contact-tracing infrastructure, Washington is grappling with whether such technology can work without becoming a hulking, invasive surveillance system.
Full details here.
Cybersecurity Observatory Breaking News – Vulnerabilities & Malware
Samsung Security Post: Notification on vulnerabilities in Qmage codec library CVE-2020-8899 & SVE-2020-16747
Full details here.
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Given that FPGAs are often part of cyber-physical systems e.g., in aviation, medical, or industrial devices, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise.
In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bitstream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.
Download the paper here.
Cybersecurity Observatory Breaking News – Attacks & Breaches
Elexon – a key player in the UK energy market – experienced a cyber-attack on Thursday 14 May
ELEXON experienced a cyber-attack on Thursday 14 May and is now working to resolve the issue.
What has been impacted
Our internal emails have been affected and we have identified the root cause and are now resolving the issue.
As we do not hold any customer level data, there is no risk to the public.
Our role in the electricity market
ELEXON is not part of the real time physical flow of electricity from power stations to consumer. Therefore there is no impact to power supplies.
Instead, we calculate the volumes of electricity produced by power stations and sold by electricity Suppliers and compare these to what those organisations contracted to produce or to sell, and apply a charge for any differences.
We also calculate, collect and distribute payments to Contract for Difference generators and Capacity Market providers.
Both sets of calculations occur on systems and in environments totally separate from those impacted by this incident and which continue to work as normal.
More details in the Elexon official communicate here.
A group lists more than 160 million user records from 11 companies for sale on dark web
A new individual or group is offering millions of user records for sale on the dark web. These records appear to come from 11 firms, including Tokopedia (91 Million), HomeChef (8 Million), Bhinneka (1.2 Million), Minted (5 Million), StyleShare (6 Million), Ggumim (2 Million), Mindful (2 Million), Star Tribune (1 Million), Chatbooks (15 Million), Chronicle of Education (3 Million), and Zoosk (30 Million).
Although Tokopedia and Chatbooks have confirmed that they had breaches, for the most part, the other entities listed have yet to confirm or dispute any claimed hacks. In the past, hackers had claimed to hack Zoosk, but the firm had denied the claims. The current listing offers no sample records but claims to have 30 million records with no hashes, with the structure of the users table offered as the only proof. Zoosk was not immediately available to respond to this site’s inquiry about the claim. Proof for other listings also generally consisted of structure or fields without actual personal info.
Full details here.
Cyber-attack on Stadler (a Swiss Train Manufacturer) IT network. The unknown perpetrator tries to blackmail the Company.
Stadler’s IT network was attacked with malware. The company promptly took the necessary security measures and the responsible authorities were involved. A detailed investigation of the facts is ongoing.
Stadler’s internal surveillance services have determined that the company’s IT network has been attacked and there is a high probability that the data flow will not be accurately known. A professional attack can be assumed. The unknown perpetrator tries to blackmail Stadler by demanding large amounts of money and is threatening with the possibility of data publication.
Stadler immediately involved external specialist and the responsible authorities. The company’s backup data is fully available and functional. At the moment all affected systems are back booted. Despite the corona pandemic and cyberattack, the production of new trains continues as well as the service provided by Stadler.
Stadler, a rail solutions provider with Head office in Bussnang, eastern Switzerland, has been building trains for over 75 years. Stadler has over 11,000 employees at several production and engineering locations in over 40 work locations. Stadler offers a comprehensive Product range in the field of full-length trains and city traffic: high-speed trains, intercity trains, regional and suburban trains, subways, tram trains and trams. Stadler also provides mainline locomotives, Shunting locomotives and passenger coaches. Among them is Europe’s most powerful diesel-electric Locomotive. Stadler is the world’s leading manufacturer of rack railway vehicles.
Criminal group selling databases with millions of user credentials busted in Poland and Switzerland
Polish and Swiss law enforcement authorities, supported by Europol and Eurojust, dismantled InfinityBlack, a hacking group involved in distributing stolen user credentials, creating and distributing malware and hacking tools, and fraud.
On 29 April 2020, the Polish National Police (Policja) searched six locations in five Polish regions and arrested five individuals believed to be members of the hacking group InfinityBlack. Police seized electronic equipment, external hard drives and hardware cryptocurrency wallets, all worth around €100 000. Two platforms with databases containing over 170 million entries were closed down by the police.
More details here.
Cybersecurity Observatory Breaking News – Innovation
Microsoft to Buy Israeli Cybersecurity Startup CyberX
The U.S. software giant Microsoft is expected to announce in the next few days that it has signed a deal to acquire the Israeli industrial cybersecurity startup CyberX for what sources say will be $165 million.
TheMarker revealed before the coronavirus crisis that the two sides were in negotiations. They are now in the midst of getting signatures on the deal from all of CyberX’s shareholders.
Further details here.
Clear Skye raises $4.95M Series A round to meet growing global demand for SaaS Identity Governance
Clear Skye® Inc., the better way to IGA company, today announced that it has closed a $4.95 million Series A round of funding led by Toba Capital. Round participants included Inner Loop Capital and existing investor ServiceNow Ventures. The company also announced that new Chief Executive Officer John Milburn and Rajan Aggarwal, Partner, Toba Capital, will join the Clear Skye Board of Directors. Luis P. Almeida completes the executive team as new worldwide leader of Sales and Alliances.
More information here.