The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 23 March 2016
Switzerland Hit By Series of Cyber Attacks as Hackers Expose Security Vulnerabilities
From The Media
Hackers recently breached the websites of the Swiss Federal Railways and Swiss People’s Party (SVP). The railway system was hit with a distributed denial-of-service (DDoS) attack, and the attackers stole over 50,000 e-mail addresses from the SVP’s web portal. Hackers also targeted the nation’s largest supermarket chain and the country’s IT and telephone systems. The hacking group “NSHC” claimed responsibility for the attack against the railway and SVP website, noting that the attack was used to exposure security vulnerabilities.
Read the Story: International Business Times
iSIGHT Partners Analyst Comment
While iSiGHT Partners cannot confirm that NSHC is responsible for the attack, the group’s claim to have conducted the attacks and the attack’s methodology fitting general hacktivist activity makes NSHC’s responsibility the likeliest scenario, barring additional information. . The DDoS attacks, though successfully taking several local sites offline, were short-lived. The stolen e-mail addresses may be used for further malicious activity, such as spam targeting lists, but do not pose a significant threat on their own.
Related iSIGHT Partners Reports
15-00003674 (Group Profile: The Syrian Electronic Army (SEA)), 23 Dec. 2015
15-00014110 (SEA Conducts DNS Redirect Against Apester Plugin to Protest Telegraph Article), 9 Dec 2015
15-00011606 (SEA Targeted Syrian Activists and Journalists with Malware), 25 Oct 2015
US Government Charges Three Suspected Members of Infamous Syrian Electronic Army
From the Media
The U.S. Department of Justice revealed computer hacking charges against three men allegedly tied to the Syrian Electronic Army (SEA). Specifically, two of the men are being charged with criminal conspiracy related to engaging in a hoax regarding a terrorist attack, as well as other charges.
Read the Story: Motherboard
iSIGHT Partners Analyst Comment
Prior to the public release of these charges, iSIGHT Partners had noted that the SEA had shifted and become less publicly active in the latter half of 2015. While this charge may encourage the group to remain underground in the near-term, other group members remain at large and could elect to resume their high-profile targeting at any time. Members of the group may also continue to conduct covert financially-motivated crime rather than hacktivist activity seeking notoriety under the SEA banner.
Related iSIGHT Partners Reports
16-00003318 (Tsar Team Adopts New Tactics, Establishes Infrastructure Indicating Suspected Targeting of Geopolitical Hotspots and Defense Industrial Base), 12 March 2016
Intel-983479 (Updates on Typosquatting Campaign Identified in July; Changes to URLs, Infrastructure and Propagation Mechanisms), 24 Jan. 2014
15-00008694 (Domain Registrations Spoofing US Electric Sector Tied to Wire Fraud Scheme), 27 Aug. 2015
First Trump, Now Cruz: Anonymous Voices New Threat
From The Media
After releasing publicly available information about Donald Trump, Anonymous has announced their intent to disclose Ted Cruz’s “disgusting behavior.” The operation, under the name #OpCruz, claims it will reveal information unless Cruz drops out of the race.
Read the Story: SC Magazine
iSIGHT Partners Analyst Comment
We assess with high confidence that this operation presents little threat of releasing sensitive private information about Cruz and is likely instead a stunt designed to garner publicity. The group’s declared deadline for Cruz to drop out has passed, and no released information from the group has been observed. Additionally, as noted above, similar Anonymous threats against Donald Trump were unsuccessful.
Related iSIGHT Partners Reports
ThreatScape Media Highlights (Hacktivist Collective Anonymous Declares Total War on Donald Trump), 16 March 2016
15-00007682 (Donald Trump’s Website Defaced by Hacktivist Group Telecomix Canada), 6 Aug. 2015
Attackers Alter Water Treatment Systems in Utility Hack
From The Media
According to Verizon’s data breach digest for March 2016, hackers breached a water utility, referred to in the report as the Kemuri Water Company (KWC), and manipulated systems tasked to water treatment. The malicious activity was discovered when the company hired Verizon for a proactive security assessment. Verizon found that the utility was using outdated systems full of high-risk vulnerabilities.
Read the Story: Security Week
iSIGHT Partners Analyst Comment
iSIGHT Partners has no reason to doubt the validity of this report. We believe that many operators of water provisioning systems throughout the world lack security awareness and suffer from resource constraints. In particular, the incident highlights a lack of appropriate separation between corporate and industrial control systems (ICS) networks. We believe this report is indicative of other ICS incidents that have not been recognized, investigated or reported.
Related iSIGHT Partners Reports
16-00001174 (Cyber Activity Related to Water Contamination in Flint, Michigan), 3 Feb. 2016
16-00000830 (‘Intranet Framework’ Seeks to Sell Remote Access to SCADA Systems), 20 Jan. 2016
Intel-1214450 (#OpDetroit Hacktivist Campaign Protesting Detroit Water Shutoffs Targets Water and Energy Utility Websites), 21 Aug. 2014
The post ThreatScape Media Highlights Update – Week Of March 23rd appeared first on iSIGHT Partners.
