Every Tuesday, Cybelius will share its weekly news review about the industrial cybersecurity throughout a selection of surveys, tweets, briefs…. Find this new heading on our blog and social medias Linkedin / Twitter . Do not longer miss out the right place to find the latest hot news !
#1 : How to invest your first euro in cybersecurity?
Wanacry and NotPetya achieved what the experts were struggling to do: propel cybersecurity issues on board and raise awareness. Recent cyber-attacks have already cost businesses between $ 100 million and $ 300 million. Figures that encourage top management to invest now their first euros in their ICS cybersecurity. Once companies are ready to invest, the following questions arise: what level of security does my company need? What are the priorities? How to estimate the vulnerabilities of industrial information system? How to get a return on cybersecurity investment? In this article, Cybelius offers a pragmatic approach and answers to protect your assets against the cyber risk.
#2 : Belgium – Gardasil out of stock after MSD production lines were shut down
MSD produces Gardasil 4, a vaccine to prevent cervix cancer. Attacked this summer by the ransomware NotPetya, the laboratory production lines were stopped. Since then, the company has never been able to catch up and at the same time has to deal with the increasing demand. Since September 15, this drug cannot be found in store. Fortunately, the MSD lab produces Gardasil 9, a similar and compatible vaccine that can be taken as a palliative.
#3 : Vulnerabilities in Siemens industrial devices
In October, Google’s security experts revealed seven distinct vulnerabilities in the Dnsmasq software. These flaws allow an attacker to cause remote code execution, information disclosure or denial of service attacks. Siemens confirmed this week that four of the seven vulnerabilities in Dnsmasq are affecting some of its SCALANCE products.
#4 : Cyberattacks – hospitals are potential targets
In just a few years, hospitals have been invaded by digital technology. Medical devices are increasingly connected: incubators, pacemakers, MRIs, etc. Still, raising awareness is not an easy task. According to health professionals, cybersecurity is a major issue in the hospital world that also threatens the patient.
A misconfigured Amazon Web Services server operated by the U.S. Army’s Intelligence and Security Command was publicly available on the open internet. The hard drive’s content, which included classified material belonging to the National Security Agency, was stored on a unprotected, unlisted server, containing information about an outdated Army intelligence sharing project codenamed “Red Disk”. This data leak marks the fifth ‘exposure’ in five years for the NSA.
HADES, a simulated computer network, modifies reality to trick and confuse hackers instead of blocking them. Researchers at the Sandia National Laboratory have developed this program to analyze and observe the techniques used by hackers. The goal is to give the attackers not the information they need, but the information they want to believe.
After being largely ignored for years, cybersecurity has shouted and shoved its way into the national conversation, thanks to significant attacks that affected personal finances, home devices and the political scene. NotPetya or Wanacry have raised awareness and placed cybersecurity in Senior Management’s top priorities. However, what are the security measures and practices actually applied to avoid these cyber risks? Discover the 2017 cyber overview.
#8 : Botnet – 12,5 million emails sent with SCARAB Ransomware!
Security researchers are warning of a major new ransomware campaign using the infamous Necurs botnet to spread via millions of spam emails. First spotted on November 23, the Scarab ransomware is being sent primarily to .com addresses, followed by co.uk inboxes. It was sent to 12.5 million email addresses in the first four hours alone. Necurs has between five and six million hosts and is regularly used to distribute malware.
Major Apple security flaw grants admin access on macOS High Sierra without password. While the security vulnerability was a rather serious one, Apple has promptly responded with a fix less than 24 hours after it became public. The issue did not affect older versions of macOS, although there doesn’t appear to be a fix available for macOS 10.13.2 beta yet as the fix only appears to apply to macOS 10.13.1 for now.