At a glance.
- NOTAM outage appears to have been caused by a system error.
- Canadian mining company hit by ransomware.
- Port of Lisbon sustains cyberattack.
- DNV's fleet management software suffers ransomware attack.
- Rail company begins notifying victims of data breach.
- New York legislation seeks to secure power grids.
- NATO study will analyze hybrid warfare.
- Ukrainian hacktivists conduct DDoS against Iranian sites.
- DHS announces SBIR topics.
- CISA releases ICS advisories.
NOTAM outage appears to have been caused by a system error.
The US Federal Aviation Administration (FAA) ordered a nationwide grounding of all flights on January 11th after its NOTAM (Notice to Air Missions) system went offline. While there was initial speculation about a cyberattack, ABC News cites a "senior official briefed on the internal review" as saying that the outage appears to have been caused by a software engineer who mistakenly "replaced one file with another."
According to NPR, the incident caused the cancellation of more than 1,300 flights, and delayed approximately 10,000 flights. NOTAMs are used to inform planes in the air about hazardous conditions. A senior government official told NBC News that affected software was installed in 1993, and isn't scheduled to be updated for another six years.
NPR quotes former FAA safety official Mike McCormick as saying, "The surprising part to me is that after years of upgrade and investment in the next generation aviation system, how one — whatever it may be — problem caused this complete failure in the system. And there should never be a single point of failure."
Canadian mining company hit by ransomware.
The Copper Mountain Mining Corporation was hit by a ransomware attack on December 27th, the Record reports. The Vancouver-based mining company said in a statement on December 29th that the attack impacted its IT systems, forcing it to switch to manual processes. Copper Mountain has also shut down its mill to investigate any possible effects on its control systems. The company stated that “[t]here have been no safety or environmental incidents as a result of the attack.”
Copper Mountain provided an update on January 6th, stating:
"Throughout this downtime, which resulted from the attack on its IT systems, the Company has been shipping copper concentrate to the Port of Vancouver from mine inventory and has maintained its planned shipping schedule.
"On January 1, the Company resumed operations of the primary crusher at its Copper Mountain Mine and shortly thereafter, the Company resumed operations at the mill, which was preventatively shutdown following the attack. On January 4, the mill was at full production and the operation is currently being stabilized as the remaining business systems are fully restored.
"Throughout the outage, all environmental management systems at the Copper Mountain Mine were operational, and there were no environmental incidents or injuries to personnel. The Company's external and internal IT teams, along with external cybersecurity experts, are continuing to actively establish additional safeguards to mitigate any further risks to the Company. The Company's primary objective remains to return to full business functionality in a safe and secure manner."
Port of Lisbon sustains cyberattack.
Portugal’s Port of Lisbon on Christmas Day sustained a cyberattack that took its website offline, CyberNews reports. The extent of the attack is unclear, though port officials stated that operational activity was not compromised. The LockBit gang has claimed responsibility, and also claims to have stolen financial reports, cargo and crew information, customer data, mail correspondence, and contracts. The gang is threatening to publish the stolen data if the ransom isn’t paid by January 18th.
DNV's fleet management software suffers ransomware attack.
Ship classification society DNV has disclosed that its ShipManager fleet management software was hit by a ransomware attack on January 7th. DNV says approximately one thousand vessels belonging to seventy of its customers have been affected:
"DNV experts have shut down ShipManager’s IT servers in response to the incident. All users can still use the onboard, offline functionalities of the ShipManager software."
"There are no indications that any other software or data by DNV is affected. The server outage does not impact any other DNV services. DNV experts are working closely with global IT security partners to investigate the incident and to ensure operations are online as soon as possible. DNV is in dialogue with the Norwegian police about the incident. DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total around 1000 vessels are affected.
"We apologize for the disruption and inconvenience this incident may have caused."
Rail company begins notifying victims of data breach.
International rail and locomotive giant Wabtec has suffered a data breach following a ransomware attack that hit the company in July. The Pittsburgh-headquartered company began notifying affected individuals on December 30th, explaining that the stolen data contained a variety of personal information depending on the individuals’ roles and nationalities. The data included first and last names, dated of birth, Non-US National ID Numbers, Non-US Social Insurance Numbers or Fiscal Codes, passport numbers, Employer Identification Numbers, USCIS or Alien Registration Numbers, UK National Health Service numbers, medical records and health insurance information, photographs, salaries, US Social Security numbers, financial information, account usernames and passwords, biometric information, criminal records, religious beliefs, and union affiliations.
The Record notes that Wabtec’s data were posted to a leak site by the LockBit ransomware gang in August.
New York legislation seeks to secure power grids.
New York Governor Kathy Hochul on December 23rd signed legislation designed to improve cybersecurity for the state’s electric grids. The Governor’s office said in a statement that the law “will require utilities to prepare for cyberattacks in their annual emergency response plans - similar to what utilities do to prepare for storms.” The legislation will also “provide the Public Service Commission enhanced auditing powers to ensure that critical infrastructure and customer data is secured.”
Governor Hochul stated, “We understand that as the financial capital of the world and a leader in clean energy, New York is a target for hackers. This critical legislation will help protect millions of New Yorkers who depend on reliable electric service and ensure a smooth transition to clean energy.”
NATO study will analyze hybrid warfare.
The Atlantic Council’s Arnold C. Dupuy has published an article describing efforts to defend against hybrid warfare, particularly as it relates to Russia’s war against Ukraine. Dupuy will serve as chair of NATO’s Systems Analysis and Studies (SAS)-183, which was formed in October 2022.
Dupuy said of the new study, “Attention will be particularly devoted to the Black Sea, which is at the center of the current military conflict between Russia and Ukraine, and which deserves priority focus. Another area of concentration in SAS-183 is advanced early warning cyber defense, whereby the study’s cyber team will create a prototype to improve maritime security by protecting critical energy infrastructure from cyberattacks.”
Ukrainian hacktivists conduct DDoS against Iranian sites.
Russian hacktivists (Killnet is a prominent representative) have served as auxiliaries in Russia's hybrid war, and they have been particularly active against targets in countries friendly to Ukraine. Russia has far fewer friends and partners internationally, but one of them, Iran, has now apparently been hit by pro-Ukrainian hacktivists. SC Media reports that distributed denial-of-service (DDoS) attacks have affected a number of Iranian websites, including but not limited to sites belonging to the National Iranian Oil Company and Iran's supreme leader Ali Khamenei. The hacktivists who claimed credit, the Record reports, are clear that their operations are a reprisal for Iran's willingness to supply Russia with Shahed drones used in attacks against Ukrainian cities. The group CyberSec's said, in its Telegram channel, "And just to show off what we can, and what we cannot Ayatolah Khamenei personal website went down. Just for one hour. As we adviced, it is a warning. If we act, we will act much more rough, no regrets and no sorries there will be. Night timr, no harm. Just a demo. Next time we will deface it. Iranians, it is not your war, step down and fuck off. Coz next time there will be oil processing scada." Note the explicit threat to industrial control systems implied in the final sentence.
DHS announces SBIR topics.
The US Department of Homeland Security (DHS) in the last week of 2022 announced its latest round of solicitations under the Small Business Innovation Research (SBIR) program. Five of them are relevant to cybersecurity:
- DHS231-001 – Accurate and Real-time Hardware-assisted Detection of Cyber Attacks
- DHS231-004 – Machine Learning Based Integration of Alarm Resolution Sensors
- DHS231-005 – Mission Critical Services Server-to-Server Communication, voice communications, 3GPP-Standards
- DHS231-006 – Reduced Order Modeling of Critical Infrastructure Protect Surfaces
- DHS231-007 – Theoretical Classification Methodologies to Enable Detection with Predicted Signatures
CISA releases ICS advisories.
The US Cybersecurity and Infrastructure Security Agency (CISA) on January 5th released three industrial control system (ICS) advisories. They affect Hitachi systems: Hitachi Energy UNEM, Hitachi Energy FOXMAN-UN, and Hitachi Energy Lumada Asset Performance Management.
On January 10th CISA released two Industrial Control Systems (ICS) Advisories one for Black Box KVM, the other for Delta Electronics InfraSuite Device Master (Update A).
On January 12th CISA released twelve Industrial Control Systems (ICS) advisories. They affect Sewio RTLS Studio, RONDS Equipment Predictive Maintenance Solution, InHand Networks InRouter, Panasonic Sanyo CCTV Network Camera, SAUTER Controls Nova 200 – 220 Series (PLC 6), Johnson Controls Metasys, Hitachi Energy Lumada APM, Siemens S7-1500 CPU devices, Siemens Mendix SAML Module, Siemens Automation License Manager, Siemens Solid Edge before V2023 MP1, and Philips Patient Information Center iX (PIC iX) and Efficia CM Series (Update A).