This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Stephen Harrison, VP Cyber Defense, MGM Resorts
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Ukraine’s cyber chief makes surprise visit to Black Hat
Ukraine’s lead cybersecurity official, Victor Zhora, made an unannounced visit to Black Hat in Las Vegas last week, where he painted a bleak picture of the state of cyberwarfare in the country’s conflict with Russia. Zhora noted that cyber incidents in Ukraine have tripled since February, when Russia invaded. Zhora cited DDoS attacks that took many of Ukraine’s government agencies offline as well as the discovery of Industroyer2 malware, the apparent successor to Industroyer which enabled takeover of electrical substation software, power blackouts, and equipment damage. Additionally, six significant new strains of data-wiping malware have been identified this year. Zhora underscored the significance and severity of Russia’s cyber operations against Ukraine, stating, “This is perhaps the biggest challenge since World War Two for the world, and it continues to be completely new in cyberspace.”
Killnet claims to have hacked Lockheed Martin
The Moscow Times has reported that the Pro-Russia Killnet group is claiming responsibility for a recent cyberattack on aerospace and defense giant Lockheed Martin. Killnet posted a video on Telegram, claiming to have stolen the personal information of Lockheed Martin employees, including names, email addresses, phone numbers, and pictures. Killnet also shared messages in Russian, stating, “If you have nothing to do, you can email Lockheed Martin Terrorists – photos and videos of the consequences of their manufactured weapons! Let them realize what they create and what they contribute to.” Lockheed Martin is aware of Killnet’s claims, but has yet to comment on them.
Starlink successfully hacked using $25 modchip
Belgian researcher Lennert Wouters revealed at Black Hat how he successfully hacked SpaceX’s Starlink satellite-based internet system. Wouters created a custom board (modchip) using a Raspberry Pi microcontroller, flash storage, electronic switches and a voltage regulator which he then attached to a Starlink dish. Using his $25 rig, Wouters leveraged a voltage fault injection attack to gain root access on a Starlink User Terminal (UT) which enabled execution of arbitrary code on the Starlink network. Because the glitch exists on the ROM bootloader that’s burned onto the system chip, an update cannot be deployed to fix the issue. Wouters disclosed the bug to SpaceX through its bug bounty program before disclosing it publicly. SpaceX issued a response commending Wouters’ on his finding and invited security researchers to “bring on the bugs.” SpaceX also assured that Starlink’s defense-in-depth security approach limits the impact of the issue on their network and users.
Access to corporate networks sees a value dip
According to the security firm KELA, dark web markets selling initial access to corporate networks saw a dip in Q2. While the average listing per month remained flat compared to Q1, the average price for initial access fell 50% to $1,500. The median dropping from $400 in Q1 to $300 in Q2. KELA suspects two factors at play in this. One is the significant disruption in the workings of large scale threat actors like DarkSide, Conti, and Lapsus$ shutting down, with LockBit and Hive reducing overall volume of activity. This is paired with a new trend in threat groups increasingly targeting mid-sized companies. These offer a balance of lower risk while still offering significant financial reward.
Thanks to today’s episode sponsor, 6clicks
Researcher roots tractors
At the DefCon security conference, a security researcher known as Sick Codes presented a new jailbreak for John Deere tractors, providing root access to the widely deployed 2630 and 4240 tractors. This jailbreak requires physical access to the tractor. Sick Codes said he’s unsure John Deere can patch this approach without implementing full disk encryption, which likely cannot be done on existing tractors. Tractor software access has been a persistent issue, with these essential pieces of farming equipment often ground-zero for right-to-repair issues.
Microsoft Office Mail Scam
Cybersecurity consultant Martin Pitman received a call from his mother, letting him know that a neighbor had received what appeared to be an Office 365 product in the mail, with a USB stick to install the productivity suite. The retired man didn’t seem to be a high value target. The stick included fairly high quality packaging. Plugging in the stick immediately showed a message that the computer had a virus, providing a toll-free number to call for supposed technical help. Once on the phone, the phony support person directed the victim to install TeamViewer. Microsoft told Sky News it launched an investigation into the package. While these types of support schemes are extremely common, it’s more than a little unusual for an attacker to go to the expense of mailing out USB sticks.
Pentagon put microgrid technology to the test at DEF CON
The Pentagon is planning to deploy local, self-contained electric grids, or microgrids, to 134 Army bases, beginning this fall. But first they tested the technology at DEF CON, looking for hackers’ help finding potentially crippling vulnerabilities so they can better preempt cyberattacks. More than 1,700 DEF CON attendees participated in Pentagon’s microgrid hacking challenge, with many of them successfully shutting down the mock grid in minutes. The Army is pushing the microgrid effort because the systems are energy efficient, cost-effective and can keep bases up and running even if a cyberattack or natural disaster takes out the larger power grid.