CyberSec Watch Report 201707 July

CyberSec Watch Report – July 2017

Co-written by Florian Boudot and Charles Le Reun.

Hello and welcome to the first issue of the monthly cybersec watch report!
You will find every month the main hot subjects and some insights of what is happening in the cyber world!

This issue will focus on three topics: data breach, connected cars and ransomware.
Good reading!

Data breach

Let’s start with the regular data breaches. This month, Lewis Morgan reported that more than 143 millions records leaked online.
Among them, 400,000 UniCredit bank accounts were stolen by hackers using a third-party company account to access IBANs and other personal information.
The bank discovered the breach only this week, and admitted the hackers already had breached their system last September.
Rigurous and regular user access review shall be carried out.

Connected cars

Concerns are growing in the car industry after several examples of hijacking and remote controlling of connected cars.
Two more examples were added to the growing list of vulnerabilities this month, one from Chinese researchers and one from Italian researchers, both affecting the Controller Area Network BUS (CAN BUS) and Electrical Control Unit (ECU) standards.
Attackers were able to remotely control the breaks (on the move!), airbags, doors, trunk and much more.
CAN BUS is widely adopted by automative, healthcare and manufacturing industries, and a vulnerability can widely be used across these industries. Bonus!

Ransomware

We hear about ransomware on a weekly basis. After the NotPetya attack that occured in June, several companies communicated about the impact caused by this attack. For example, it took Saint-Gobain’s security and IT teams almost 2 weeks to recover (only the main activities, some subsidiaries are still impacted) from the attack and cost around 220M€ in sales.
Patching hosts could have greatly decreased the number of infected hosts, especially for WannaCry, which used a SMBv1 exploit (EternalBlue) to infect over 400,000 systems eventhough a patch had been published by Microsoft 3 months before the outbreak.

Wrap-up

These topics will unfortunetly be around this year (and the next..), as the infrastructures are growing more complex and difficult to control. But also because of the new technologies as IoT : once deployed, they escape security controls and are not monitored nor updated, making them more vulnerable over time.

You can find your next monthly Cyber Watch Report here: August 2017September 2017 and October 2017.