Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Analysis. Show all posts
User Safety
Airports Analysis Cancellations Cyber Security Disruption EasyJet Flights Nats User Data User Safety

Flight Data Issues Trigger UK Air Traffic Control Failure

 

A significant air traffic control malfunction resulted in extensive flight disruptions, leaving numerous passengers stranded both domestically and internationally. The root cause of this disruption was attributed to issues with the reception of flight data.

Martin Rolfe, the CEO of National Air Traffic Services (Nats), disclosed that the primary and backup systems experienced a suspension of automatic processing during the incident. In his statement, Mr. Rolfe clarified that there is no evidence to suggest that the malfunction was the result of a cyber-attack.

Furthermore, Mr. Rolfe sought to provide assurance by emphasizing that all Nats systems have been operating normally since Monday afternoon, effectively supporting the seamless functioning of airlines and airports.

He said: ‘Very occasionally technical issues occur that are complex and take longer to resolve.  In the event of such an issue our systems are designed to isolate the problem and prioritise continued safe air traffic control. This is what happened yesterday. At no point was UK airspace closed but the number of flights was significantly reduced. Initial investigations into the problem show it relates to some of the flight data we received.'

‘Our systems, both primary and the back-ups, responded by suspending automatic processing to ensure that no incorrect safety-related information could be presented to an air traffic controller or impact the rest of the air traffic system.'

The trouble began on Monday when over 25% of flights at UK airports faced cancellations.

Nats encountered what they labeled as a 'technical glitch,' rendering them unable to automatically process flight plans. Consequently, flights to and from UK airports were subject to restrictions while manual checks were conducted on these plans.

Although Nats reported the issue resolved at 3.15 pm on Monday, the disruption persisted into Tuesday due to aircraft and crews being displaced.

An analysis of flight data websites conducted by the PA news agency revealed that on Tuesday, a minimum of 281 flights, encompassing both departures and arrivals, were canceled at the UK's six busiest airports. Specifically, there were 75 cancellations at Gatwick, 74 at Heathrow, 63 at Manchester, 28 at Stansted, 23 at Luton, and 18 at Edinburgh.

In response to the air traffic control malfunction, EasyJet announced its plans to operate five repatriation flights to Gatwick and deploy larger aircraft on crucial routes.

It said: ‘During this traditionally very busy week for travel, options for returning to the UK are more limited on some routes and so easyJet will be operating five repatriation flights to London Gatwick over the coming days from Palma and Faro on August 30, and Tenerife and Enfidha on August 31 and from Rhodes on September 1.

‘We are also operating larger aircraft on key routes including Faro, Ibiza, Dalaman and Tenerife to provide some additional 700 seats this week.’

Read more »
Researchers
Analysis Cyber Attacks Cyber Data Cyber Safety Cyber Security Data Researchers

A Few Cybercriminals Account for All Email Extortion Attacks, New Research Reveals

 

New research conducted by Barracuda Networks, in collaboration with Columbia University, has revealed that a surprisingly small group of cybercriminals is responsible for the majority of email extortion attempts worldwide. The study examined over 300,000 flagged emails, identified as extortion attacks by the company's AI detectors, over a one-year period.

To estimate the findings, the researchers traced the bitcoin wallet addresses provided in the emails, as cybercriminals often prefer this method of payment due to the anonymity and ease of transactions in the cryptocurrency realm.

However, the number of bitcoin addresses doesn't necessarily indicate the exact number of attackers. According to Columbia Master's student Zixi (Claire) Wang, who authored the report, the actual number of attackers is likely even fewer than 100, as attackers often use multiple bitcoin addresses.

The monetary demands in these email attacks were relatively low, with approximately a quarter of the emails requesting less than $1,000 and over 90% asking for less than $2,000. Wang speculates that cybercriminals opt for smaller amounts to avoid raising suspicion with victims' banks or tax authorities, and victims are more likely to comply with lower demands without investigating the legitimacy of the threat.

The researchers also observed that Bitcoin was the sole cryptocurrency used by the attackers in their dataset. Wang suggests this is because Bitcoin offers a high level of anonymity, allowing anyone to generate numerous wallet addresses.

The common scams employed by the attackers involved claims of possessing compromising photos or videos obtained by hacking the target's device camera. These threats aimed to extort money from victims under the threat of releasing the alleged content. However, the research revealed that the majority of attackers were bluffing and had no such incriminating material or infected the target systems with malware.

The silver lining in this research is that the small number of perpetrators worldwide could be advantageous for law enforcement efforts. Wang believes that tracking down even a few of these attackers could significantly disrupt this cyber threat.

Furthermore, given the similarity in tactics and templates used by extortion attackers, Wang suggests that email security vendors could block a substantial portion of these attacks using relatively simple detectors. This could provide an additional layer of protection against such cyber threats.
Read more »
Research
Activity Groups Analysis Cyber Security Cyber Threat Intelligence Dragos Research

Latest Activity in Dragos Tracked Activity Groups

 

This year, Dragos is working on three new Activity Groups, as well as discovering activity in three existing Activity Groups: KAMACITE, WASSONITE, and STIBNITE. As per the sources, the updates on the three AGs mentioned above are as follows:

KAMACITE: KAMACITE, which has been operating since 2014, has been linked to Russian military intelligence operations by many government and third-party groups. GREYENERGY, a modular malware and the successor to BLACKENERGY, is used by KAMACITE. GREYENERGY is linked to two different dropper variants. Dragos discovered two GREYENERGY dropper variations in the wild this year, one in March 2021 and the other in August 2021. Dragos believes that GREYENERGY could add ICS components in the future because of the modular structure, which is comparable to BLACKENERGY. The GREYENERGY dropper completes Stage 1: Install/Modify of the ICS Cyber Kill Chain. 

STIBNITE: In their 2020 campaigns, STIBNITE targeted wind turbine system firms in Azerbaijan. STIBNITE targeted Azerbaijani-speaking industry experts, researchers, and practitioners in the disciplines of environmental science, technology, and engineering in their February 2021 campaigns. With an Oil and Gas spearphishing lure, they continued to attack Azerbaijan government entities in March 2021, notably the Azerbaijan Ministry of Ecology and Natural Resources. Malwarebytes released a report revealing spearphishing activity targeting an Azerbaijan government institution utilising a State Oil Company of the Azerbaijan Republic (SOCAR) spearphishing lure. 

Dragos concluded that STIBNITE is linked to this activity with a high degree of confidence. The recipient of this spearphishing offer may unwittingly execute a macro in the document, resulting in the installation of a new Python version of PoetRAT. Dragos has documented the fifth variant of PoetRAT. The persistence approach used in this version of PoetRAT is identical to that used in earlier versions. This campaign's C2 infrastructure overlaps with previous STIBNITE campaigns. 

WASSONITE: Multiple victims in the Oil and Gas, Electric, and Component Manufacturing industries were detected connecting with a WASSONITE C2 server related to the Appleseed backdoor in June 2021, as per Dragos. Appleseed is a multi-component backdoor that can capture screenshots, log keystrokes, and gather information from removable media and specific victim documents. From the C2 server, it can also upload, download, and perform follow-on tasks. WASSONITE previously used DTRACK to infect the Indian nuclear power plant Kudankulam Nuclear Power Plant (KKNPP). 

Dragos found and evaluated two Appleseed backdoor variants. From the C2 server, it can also upload, download, and perform follow-on tasks. Dragos investigated Appleseed's network connection mechanism and discovered a hardcoded IP address for the C2 domain. Dragos then shifted his focus to network telemetry, discovering many victims in three ICS businesses that were connecting with the WASSONITE C2 server, which was linked to Appleseed infections. 

Dragos assess that the Appleseed backdoor infected five ICS verticals with moderate confidence. Dragos had previously discovered WASSONITE tools and behavior aimed at a variety of ICS institutions, including electric generation, nuclear energy, manufacturing, and space-centric research companies. 

VANADINITE: In July, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an alert about a People's Republic of China (PRC) state-sponsored campaign targeting US oil and natural gas firms between 2011 and 2013. 

The US Department of Justice has issued indictments linking VANADINITE-related operations to operators working for the People's Republic of China (PRC). Dragos hunters have noticed more recent activity in this AG, but no details are available at this moment as investigations into this activity continue.
Read more »
Vulnerabilities and Exploits
AI Analysis Machine learning User Security Vulnerabilities and Exploits

Security Researchers Raise Concerns Over Security Flaws in Machine Learning

 

In today’s age, it is impossible to implement effective cybersecurity technology without depending on innovative technologies like machine learning and artificial intelligence. Machine learning in the field of cybersecurity is a fast-growing trend. But with machine learning and AI there comes a cyber threat. Unlike traditional software, where flaws in design and source code account for most security issues, in AI systems, vulnerabilities can exist in images, audio files, text, and other data used to train and run machine learning models.

 What is machine learning? 

Machine learning, a subset of AI is helping business organizations to analyze the threats and respond to ‘adversarial attack’ and security incidents. It also helps to automate more boring and tedious tasks that were previously carried out by under-skilled security teams. Now, Google is also using machine learning to examine the threats against mobile endpoints running on Android along with detecting and removing malware from the infected handsets. 

What are adversarial attacks? 

Adversarial attacks are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake; they’re like optical illusions for machines. For instance, as web applications with database backends started replacing static websites, SQL injection attacks became prevalent. The widespread adoption of browser-side scripting languages gave rise to cross-site scripting attacks. Buffer overflow attacks overwrite critical variables and execute malicious code on target computers by taking advantage of the way programming languages such as C handle memory allocation. 

Security flaws linked with machine learning and AI 

Security researchers at Adversa, a Tel Aviv-based start-up that focuses on security for artificial intelligence (AI) systems have published their report which says many machine learning systems are vulnerable to adversarial attacks, imperceptible manipulations that cause models to behave erratically. 

According to the researchers at Adversa, machine learning systems that process visual data account for most of the work on adversarial attacks, followed by analytics, language processing, and autonomy. Web developers who are integrating machine learning models into their applications should take note of these security issues, warned Alex Polyakov, co-founder and CEO of Adversa. 

“There is definitely a big difference in so-called digital and physical attacks. Now, it is much easier to perform digital attacks against web applications: sometimes changing only one pixel is enough to cause a misclassification,” Polyakov told The Daily Swig.
Read more »
Subscribe to: Posts (Atom)