Posted April 18, 2018
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“Great Western Railway urges online customers to update passwords after cyber-attack. The firm said hackers used an automated system to gain access to 1,000 customer accounts on its website and is taking action. While only a very small number of accounts have been affected by the attack, cybersecurity experts are complimenting the company’s proactive efforts to inform its customers of the best practice in these situations.”
“A cyberattack that U.S. natural gas pipeline owners weren’t required to report has lawmakers taking a closer look at how the industry is handling such threats, raising the prospect of tighter regulation. “In website notices to customers this week, at least seven pipeline operators from Energy Transfer Partners LP to TransCanada Corp. said their third-party electronic communications systems were shut down, with five confirming the service disruptions were caused by hacking. But the companies didn’t have to alert the U.S. Transportation Security Administration, the agency that oversees the nation’s more than 2.6 million miles of oil and gas conduits in addition to providing security at airports.” “Though the cyberattack didn’t disrupt the supply of gas to U.S. homes and businesses, it underscores that energy companies from power providers to pipeline operators and oil drillers are increasingly vulnerable to electronic sabotage. It also showed how even a minor attack can have ripple effects, forcing utilities to warn of billing delays and making it more difficult for analysts and traders to predict a key government report on gas stockpiles.” “At a congressional hearing in March, Maria Cantwell, a Democratic senator from Washington, told Perry that budget cuts could make it more difficult to shield the energy sector from cyber intrusions. “Our energy infrastructure is under attack,”’ Cantwell said. “A year ago, I called for a comprehensive assessment of cyber attacks to our grid by Russians. We don’t need rhetoric at this point – we need action.” The threat appears to be widespread. Two years ago, the Department of Energy’s Pacific Northwest National Laboratory in Richland, Washington, said its firewall system blocks 25,000 cyberattacks a day.””
Information Security Risk
“Several vulnerabilities have been found in the Linux command line tool Beep, including a potentially serious issue introduced by a patch for a privilege escalation flaw. An unnamed researcher discovered recently that Beep versions through 1.3.4 are affected by a race condition that allows a local attacker to escalate privileges to root. The security hole has been assigned CVE-2018-0492 and it has been sarcastically described as “the latest breakthrough in the field of acoustic cyber security research.” Someone created a dedicated website for it (holeybeep.ninja), a logo, and named it “Holey Beep.” The individual or individuals who set up the Holey Beep website have also provided a patch, but someone noticed that this fix actually introduces a potentially more serious vulnerability that allows arbitrary command execution.”
“The UK has conducted a “major offensive cyber-campaign” against the Islamic State group, the director of the intelligence agency GCHQ has revealed. The operation hindered the group’s ability to co-ordinate attacks and suppressed its propaganda, former MI5 agent Jeremy Fleming said. It is the first time the UK has systematically degraded an adversary’s online efforts in a military campaign. Mr Fleming made the remarks in his first public speech as GCHQ director. “The outcomes of these operations are wide-ranging,” he told the Cyber UK conference in Manchester. Mr Fleming said much of the cyber-operation was “too sensitive to talk about”, but had disrupted the group’s online activities and even destroyed equipment and networks. “This campaign shows how targeted and effective offensive cyber can be,” he added. But Mr Fleming said the fight against IS was not over, because the group continued to “seek to carry out or inspire further attacks in the UK” and find new “ungoverned spaces to base their operations”.”