Cyber Defense eMagazine July 2020 Edition

More documents

Recommendations

Info

these systems is called eLoran (Enhanced LOnge-RAnge Navigation) and although it is less accurate, regional, and only two-dimensional, it offers a powerful signal that deters jamming or spoofing.11 The cost and the political inertia thwarted this technology, but this is likely to change given these events. South Korea is currently testing this technology and Russia is developing its own eLoran named eChayka.12 In the U.S., the Director of National Intelligence told a Senate committee that the global threat of electronic warfare attacks against space systems would rise in coming years and the U.S. Navy launched a Hack-Our-Ship event to assess cyber threats at sea, such as hacking a complex system software system simulating the ones used to control the U.S. Navy fleets.13,14 Military and Economic Implications In network-centric warfare, the military relies on information gathering to Observe, Orient, Decide, Act (the OODA loop) and GNSS are part of the tools to collect it. In the battlefield, it is the capacity to make the right decision as quickly as possible, and most specifically quicker than your enemy, that makes the difference between victory/life or defeat/death. Therefore, an army relying too much on one technology could be “blinded” during a conflict and unable to allocate forces efficiently. Following 19th Century American Navy Strategist Alfred T. Mahan, the U.S. developed a great power projection capability after WWII that enables it to rapidly deploy military means to defend any interest whether political, economic, military or humanitarian. Power projection is a mix of hard and soft power, depending on the situation. This approach is materialized by aircraft carriers and the separation of fleets allocated to specific regions of the globe (7 for the U.S. Navy). Aircraft carriers are not travelling the sea alone and an entire structure of ships and submarines escort them, known as a carrier strike group (CSG), with a total crew of more than 7,500.15 The total acquisition cost of a CSG exceeds $25 billion, an air wing (the aircrafts on the aircraft carrier) another $10 billion and estimated annual operating costs are around $1 billion.16 Currently, the U.S. has 10 Nimitz-class nuclearpowered supercarriers. Therefore, a major cyberattack on navigation systems, for example, could paralyze an entire CSG and considerably diminish the U.S. ability to maneuver. On the economic side, the world’s largest container ship and supply vessel company, Moller-Maersk, suffered from the wiper malware attack named NotPetya and the company reported a loss between USD 11 SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017 https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT 12 DUNN John E. “Cyberattacks on GPS leave ships sailing in dangerous waters”, Naked Security, Aug 7, 2017 https://nakedsecurity.sophos.com/2017/08/07/cyberattacks-on-gps-leave-ships-sailing-in-dangerous-waters/ 13 SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017 https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT 14 OWENS Katherine. “Navy conducts ‘Hack-Our-Ship’ cybersecurity event”, Defense Systems, Mar 13, 2017 https://defensesystems.com/articles/2017/03/13/hacknavy.aspx 15 WISE David W. “The U.S. Navy’s Big Mistake – Building Tons of Supercarriers”, War Is Boring, Dec 25, 2016 https://warisboring.com/the-u-s-navys-big-mistake-building-tons-of-supercarriers/ 16 Ibid. Cyber Defense eMagazine –July 2020 Edition 88 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
200-300 million for Q3 2017.17 More specifically, navigation systems such as the Electronic Chart Display (ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia. According to the maritime technical lead at cyber security firm NCC Group, "Ecdis systems pretty much never have anti-virus".18 Pyongyang Hackers are Smart Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are guided missile destroyers equipped with the Aegis Ballistic Missile Defense System (BMDS), which is a system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s atmosphere). The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea, targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony breach. This time, the phishing emails display fake job listings and companies’ internal policies.19 Some jobs listed were for the US (Terminal High Altitude Area Defense) THAAD system, which is a BMDS and intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere). Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could be that the North Korean government is attempting to infiltrate the U.S. military system to be able to collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate tensions. This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside networks, instead of hacking directly the big fish such as the Department of Defense or a big player in weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets. Indeed, their cybersecurity posture will be lower than a critical administration or company with technologies and processes in places regarding cyberdefense, and with aware employees towards phishing campaigns. 17 MIMOSO Michael. “MAERSK Shipping Reports $300M Loss Stemming from NotPetya Attack”, Threatpost, Aug 16, 2017 https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/ 18 BARANIUK Chris. “How hackers are targeting the shipping industry”, BBC, Aug 18, 2017 http://www.bbc.com/news/technology-40685821 19 BARTH Bradley. “Lazarus Group tied to new phishing campaign targeting defense industry workers”, SC Media, Aug 14, 2017 https://www.scmagazine.com/lazarus-group-tied-to-new-phishing-campaign-targeting-defense-industry-workers/article/681701/ Cyber Defense eMagazine –July 2020 Edition 89 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Security, Convenience & Privacy: A
Page 3 and 4:
IOT Security Embedded in Memory Car
Page 5 and 6:
@MILIEFSKY From the Publisher… Ne
Page 7 and 8:
Welcome to CDM’s July 2020 Issue
Page 9 and 10:
Cyber Defense eMagazine -July 2020
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Your website could be vulnerable to
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Industry giants have chosen to appr
Page 27 and 28:
emotely is governed correctly via u
Page 29 and 30:
3 Practices to Avoid Security Risk
Page 31 and 32:
Simplifying personal endpoint devic
Page 33 and 34:
What can you do to protect your wor
Page 35 and 36:
System Updates / Antivirus Security
Page 37 and 38: access to remote employees, and thi
Page 39 and 40: Organizations: It’s Time to Rethi
Page 41 and 42: While newer technologies, such as a
Page 43 and 44: database included 3,000+ email addr
Page 45 and 46: It is impossible to know whether Jo
Page 47 and 48: to prioritize higher-risk employees
Page 49 and 50: About the Author David Sanders is D
Page 51 and 52: On the other hand, buying a SOC sol
Page 53 and 54: In 2020, SOCs Are Understaffed Yet
Page 55 and 56: Figure 2: SOC leaders believe that
Page 57 and 58: it will create a team that is respo
Page 59 and 60: Figure 6: SOC managers drive metric
Page 61 and 62: • By then, our global cities may
Page 63 and 64: Managing Small Business Cybersecuri
Page 65 and 66: There are multiple risks when emplo
Page 67 and 68: Security in memory card format Swis
Page 69 and 70: About the Author Hubertus Grobbel i
Page 71 and 72: More variants: 439,000 new malware
Page 73 and 74: About the Author Lt. Commander (Ret
Page 75 and 76: What Are the Different Types of Thr
Page 77 and 78: Even though DHS recommends using tw
Page 79 and 80: To make matters even more complicat
Page 81 and 82: Should We Be Worried About Vehicle
Page 83 and 84: Still, with these cases attracting
Page 85 and 86: Cyber Attacks at Sea: Blinding Wars
Page 87: North Korean hackers.5 Later this y
Page 91 and 92: About the Author Julien Chesaux is
Page 93 and 94: Why not just keep using a jailbreak
Page 95 and 96: Conclusion Jailbreak-free acquisiti
Page 97 and 98: ut the case is if such a behavior i
Page 99 and 100: How Bad Guys Could Take Advantage o
Page 101 and 102: How it Works Whenever you sign in t
Page 103 and 104: Understanding the Types of Single S
Page 105 and 106: About the Author Ayman is founder o
Page 107 and 108: According to research conducted by
Page 109 and 110: Source: Apple Insider It is also im
Page 111 and 112: Post COVID-19: Cloud, Remote Work a
Page 113 and 114: The Rise of COVID-19 Phishing Attac
Page 115 and 116: Donation Solicitations - The Most D
Page 117 and 118: Post COVID-19: Password Extinction
Page 119 and 120: The Future Of Security - Prediction
Page 121 and 122: Post COVID-19 Cybersecurity and Fut
Page 123 and 124: picture of access in the cloud and
Page 125 and 126: connectivity? To ensure comprehensi
Page 127 and 128: About the Author Stan Lowe,Global C
Page 129 and 130: For many organizations, the Securit
Page 131 and 132: Fig 1: AI Meme This article documen
Page 133 and 134: Fig 3: Screengrab of Crypto’s UI
Page 135 and 136: hon() Fig 4: Screengrab of Honeypot
Page 137 and 138: with high-precision and also send k
Page 139 and 140:
References “Security in Computing
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Meet Our Publisher: Gary S. Miliefs
Page 157 and 158:
Free Monthly Cyber Defense eMagazin
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
show all

Cyber Defense eMagazine July 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?