Jeong Yang,Young Lee,Arlen P. McDonald

DOI: https://doi.org/10.1007/978-3-030-92317-4_4

2022-01-01

Abstract:A recent cybersecurity attack took place on US governments and companies utilizing a popular network performance monitoring tool, SolarWinds. The attack appears to be not only extensive but also comprehensive in the scope of the common security tools that have been breached. This attack targeted the complex software supply chain. The wave of those attacks was mainly focused on the critical departments of the U.S. government and of many other leading corporations. Even if the attackers did not actively exploit their systems, the comprehensive nature of these breaches seems to indicate that there are fundamental flaws with existing security infrastructure. This paper investigates what caused this significant attack and what solutions we might have to prevent similar attacks in the future. The paper concludes that a combined set of actions of the government and industries on better policies and technologies is needed to develop a unified strategy in each organization.

Lindsay Sterle,S. Bhunia

DOI: https://doi.org/10.1109/SWC50871.2021.00094

2021-10-01

Abstract:Persistent Threat agents from across the world are ever evolving their technological techniques to gain access to these systems and the information within. The potential for harm that can be exploited through cybersecurity attacks has no bounds. We must analyze and learn from our experiences to further our exploration in solutions preventing, detecting and remediating these attacks. This article is designed to analyze the security incident regarding SolarWinds’ Orion Platform, the details of its occurrence, the influence on the individuals involved, the industry as a whole, the financial sector, and elements of SolarWinds’ incident response as well as potential contingency plans. This paper serves as a tool in the exploration of cybersecurity solutions by providing a case study on an unprecedented security incident.

Engineering,Computer Science

Antigoni Kruti,Usman Butt,Rejwan Bin Sulaiman

2023-09-05

Abstract:This paper of work examines the SolarWinds attack, designed on Orion Platform security incident. It analyses the persistent threats agents and potential technical attack techniques to gain unauthorized access. In 2020 SolarWinds attack indicates an initial breach disclosure on Orion Platform software by malware distribution on IT and government organizations such as Homeland Security, Microsoft and Intel associated with supply chains leaks consequences from small loopholes in security systems. Hackers increased the number of infected company and businesses networks during the supply-chain attack, hackers were capable to propagate the attack by using a VMware exploit. On the special way they started to target command injections, privilege escalations, and use after free platforms of VMware. In this way, they gained access to Virtual Machines and in the east way pivot other servers. This literature review aim to analyze the security gap regarding to SolarWinds incident on Orion Platform, the impact on industry and financial sectors involving the elements of incident response plan. Therefore, this research paper ensures specifications of proper solutions for possible defense security systems by analyzing a SolarWinds attack case study via system evaluation and monitoring. It concludes with necessary remediation actions on cyber hygiene countermeasures, common vulnerabilities and exposure analysis and solutions.

Computational Engineering, Finance, and Science,Cryptography and Security

Jeferson Martínez,Javier M. Durán

DOI: https://doi.org/10.18280/ijsse.110505

2021-10-31

International Journal of Safety and Security Engineering

Abstract:Exploitation of a vulnerability that compromised the source code of the Solar Winds’ Orion system, a software that is used widely by different government and industry actors in the world for the administration and monitoring of networks; brought to the fore a type of stealth attack that has been gaining momentum: supply chain attacks. The main problem in the violation of the software supply chain is that, from 85% to 97% of the code currently used in the software development industry comes from the reuse of open source code frameworks, repositories of third-party software and APIs, creating potential vulnerabilities in the development cycle of a software product. This research analyzes the SolarWinds case study from an exploratory review of academic literature, government information, but also from the articles and reports that are published by different cybersecurity consulting firms and software providers. Then, a set of good practices is proposed such as: Zero trust, Multi-Factor authentication mechanisms (MFA), strategies such as SBOM and the recommendations of the CISA guide to defend against this type of attack. Finally, the research discusses about how to improve response times and prevention against this type of attacks, also future research related to the subject is suggested, such as the application of Machine Learning and Blockchain technologies. Additionally for risk reduction, in addition to the management and articulation of IT teams that participate in all the actors that are part of the software life cycle under a DevSecOps approach.

F. Massacci,S. Peisert,T. Jaeger

DOI: https://doi.org/10.1109/MSEC.2021.3050433

Abstract:Fabio Massacci T he SolarWinds hack is an eye-opener to the current practices of the software industry. In the “Perspectives” department in this issue, the article “The SolarWinds Incident: Perspectives From IEEE Security & Privacy’s Editorial Board Members” discusses the issue of software supply chain security. Here, I would like to discuss a point that seems to be missing, including the following observations and question:

Computer Science

Nusrat Zahan,Yasemin Acar,Michel Cukier,William Enck,Christian Kästner,Alexandros Kapravelos,Dominik Wermke,Laurie Williams

2024-08-29

Abstract:Cyber attacks leveraging or targeting the software supply chain, such as the SolarWinds and the Log4j incidents, affected thousands of businesses and their customers, drawing attention from both industry and government stakeholders. To foster open dialogue, facilitate mutual sharing, and discuss shared challenges encountered by stakeholders in securing their software supply chain, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) organize Secure Supply Chain Summits with stakeholders. This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023, which consisted of \panels{} panel discussions with a diverse set of \participants{} practitioners from the industry. The individual panels were framed with open-ended questions and included the topics of Software Bills of Materials (SBOMs), vulnerable dependencies, malicious commits, build and deploy infrastructure, reducing entire classes of vulnerabilities at scale, and supporting a company culture conductive to securing the software supply chain. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.

Cryptography and Security

Can Ozkan,Xinhai Zhou,Dave Singelee

2024-12-06

Abstract:The SolarWinds attack that exploited weaknesses in the software update mechanism highlights the critical need for organizations to have better visibility into their software dependencies and potential vulnerabilities associated with them, and the Software Bill of Materials (SBOM) is paramount in ensuring software supply chain security. Under the Executive Order issued by President Biden, the adoption of the SBOM has become obligatory within the United States. The executive order mandates that an SBOM should be provided for all software purchased by federal agencies. The main applications of SBOMs are vulnerability management and license management. This work presents an in-depth and systematic investigation into the integrity of SBOMs. We explore different attack vectors that can be exploited to manipulate SBOM data, including flaws in the SBOM generation and consumption phases in the SBOM life cycle. We thoroughly investigated four SBOM consumption tools and the generation process of SBOMs for seven prominent programming languages. Our systematic investigation reveals that the tools used for consumption lack integrity control mechanisms for dependencies. Similarly, the generation process is susceptible to integrity attacks as well, by manipulating dependency version numbers in package managers and additional files, resulting in incorrect SBOM data. This could lead to incorrect views on software dependencies and vulnerabilities being overlooked during SBOM consumption. To mitigate these issues, we propose a solution incorporating the decentralized storage of hash values of software libraries.

Cryptography and Security

Tawfiq M. Aljohani

DOI: https://doi.org/10.48550/arXiv.2208.14225

2022-08-28

Cryptography and Security

Abstract:Recent high-profile cyberattacks on energy infrastructures, such as the security breach of the Colonial Pipeline in 2021 and attacks that have disrupted Ukraine's power grid from the mid-2010s till date, have pushed cybersecurity as a top priority. As political tensions have escalated in Europe this year, concerns about critical infrastructure security have increased. Operators in the industrial sector face new cybersecurity threats that increase the risk of disruptions in services, property damages, and environmental harm. Amid rising geopolitical tensions, industrial companies, with their network-connected systems, are now considered major targets for adversaries to advance political, social, or military agendas. Moreover, the recent Russian-Ukrainian conflict has set the alarm worldwide about the danger of targeting energy grids via cyberattacks. Attack methodologies, techniques, and procedures used successfully to hack energy grids in Ukraine can be used elsewhere. This work aims to present a thorough analysis of the cybersecurity of the energy infrastructure amid the increased rise of cyberwars. The article navigates through the recent history of energy-related cyberattacks and their reasoning, discusses the grid's vulnerability, and makes a precautionary argument for securing the grids against them.

Puya Pakshad

DOI: https://doi.org/10.4018/979-8-3373-0588-2.ch013

2024-12-10

Abstract:Nation-sponsored cyberattacks pose a significant threat to national security by targeting critical infrastructure and disrupting essential services. One of the most impactful cyber threats affecting South Korea's banking sector and infrastructure was the DarkSeoul cyberattack, which occurred several years ago. Believed to have been orchestrated by North Korean state-sponsored hackers, the attack employed spear phishing, DNS poisoning, and malware to compromise systems, causing widespread disruption. In this paper, we conduct an in-depth analysis of the DarkSeoul attack, examining the techniques used and providing insights and defense recommendations for the global cybersecurity community. The motivations behind the attack are explored, along with an assessment of South Korea's response and the broader implications for cybersecurity policy. Our analysis highlights the vulnerabilities exploited and underscores the need for more proactive defenses against state-sponsored cyber threats. This paper emphasizes the critical need for stronger national cybersecurity defenses in the face of such threats.

Cryptography and Security,Software Engineering

Bentsi Ben-Atar

DOI: https://doi.org/10.69554/spjk7321

2018-07-01

Abstract:Since the early 1990s, the State of Israel, ‘The Start-Up Nation’, has maintained its position as a leading powerhouse for cyber security innovation. It has been providing novel solutions, which have enhanced the robustness, resilience and security of other nations and organisations around the world, making a global impact that is non-proportional to Israel’s material size. As of today, Israeli solutions are more prevalent than ever before, protecting billions of people, sustaining the continuous supply of vital services, safeguarding governments and economic infrastructure, and ensuring the security and safety of business and individuals across the globe. The Israeli cyber security industry — relying on its skilled and creative human capital and empowered by long-standing government support and a unique synergy with the world-renowned Israeli academia — has been a key component of the local vibrant security-oriented ‘ecosystem’. It is a prosperous ground where cyber security exceptionalism and excellence can flow and thrive. As such, Israel serves as a global incubator for corporations and individual entrepreneurs alike; those that seek to tap into and embrace Israel’s unique culture, which cultivates entrepreneurship, fosters ingenuity and celebrates the audacity to undermine conventional thinking. When one reviews the ‘Six cyber threats to really worry about’ in the MIT Technology Review and focusing on the ‘ransomware in the cloud’ and the ‘cyber-physical attacks’ options, something is missing — the attacks are sure to happen, but how will they spread out? What is the most likely attack vehicle? As cyber security products are becoming better and more sophisticated, a potential attacker needs to take into account the multiple barriers that they will encounter when trying to launch a cyberattack on a certain enterprise. The attacker, though, has one great advantage; in most cases, they can run a full model of the cyber-security scheme that they will be facing. The cyber specialists that work for a cybercrime organisation live among us; they dig into the same WikiLeaks information, and take part in various conferences and expos. A resourceful cybercrime organisation can set up a complete model of their targeted victim and sandbox their attack. A resourceful attacker will not use ‘plain’ statistical attacks such as a ransomware campaign, knowing that if they target a bank or insurance company, it is most likely that they are well protected against those ‘standard’ attacks (assuming that they follow best practices for cyber security). The attacker may decide to attack an enterprise by using a counter-artificial intelligence (AI) methodology that can outwit existing AI detection algorithms. Another great attack vehicle would be through the use of manipulated hardware or firmware introduced into the organisation through an internal abuser or supply chain. As some cybercrime organisations still ‘support’ legacy crime activities, such as a silent penetration into a facility, obtaining employee extortion and basic human manipulation, ‘qualifications’ that resonate well with their goal of physical penetration into the organisation. In addition, as the use of cloud-based services becomes even more frequent, the cloud vendors themselves become the ultimate prize — the Holy Grail — if you can gain access to a regional data centre and access the data running in it, substantial gain awaits you. The cloud vendors are considered state-level targets as well, owing to fact that cloud vendors heavily guard their data; a ‘promising’ attack would be to tape-out a manipulated chip (ie, a serial peripheral interface [SPI] bus controller) that will ‘find’ its way to the motherboard later when assembled in a server supplied to a cloud vendor. This paper will familiarise the reader with Israel’s cyber security scene and its specific strong points. An analysis of 2017’s cyber security incidents will be conducted, upon which an analysis of the forecast for 2018 will try to predict what to expect in 2018. Various startup companies in Israel can shed some light of what are perceived to be the next threats.

Guerrino Mazzarolo,Anca Delia Jurcut

DOI: https://doi.org/10.48550/arXiv.1911.09575

2019-11-22

Abstract:Insider threats have become reality for civilian firms such as Tesla, which experienced sabotage and intellectual property theft, and Capital One, which suffered from fraud. Even greater social impact was caused by the data breach at the US Department of Defense, perpetrated by well-known attackers Chelsea Manning and Edward Snowden, whose espionage and hacktivist activities are widely known. The dramatic increase of such incidents in recent years and the incalculable damage committed by insiders must serve as a warning for all members of the cyber security community. It is no longer acceptable to continue to underestimate the problem of insider threats. Firms, organizations, institutions and governments need to lead and embrace a cultural change in their security posture. Through the adoption of an Insider Threat Program that engages all the strategic branches (including HR, Legal, Information Assurance, Cyber Security and Intelligence), coordinated by the chief information security officer and supported by c-level executive, it is possible to implement a framework that can prevent, detect, and respond to disloyal and/or unintentional insider threats. Hence, defending your enterprise from insider threats is a vital part of information security best practices. It is essential that your company highly valuable classified data and assets are protected from its greatest threat: the enemy within the gates.

Cryptography and Security,Computers and Society

Diana Kwon

DOI: https://doi.org/10.1038/d41586-024-01711-3

IF: 64.8

2024-06-13

Nature

Abstract:Hackers are targeting universities and research institutes with ransomware, leaving staff and students without the ability to work. Hackers are targeting universities and research institutes with ransomware, leaving staff and students without the ability to work.

multidisciplinary sciences

DOI: https://doi.org/10.33140/aurdp.01.01.02

2024-02-27

Abstract:Background: Cyber Security is to protect online data and software from cyber threats. These cyberattacks are typically intended to gain access to, change, or delete sensitive information; extort money from users; or disrupt regular corporate activities. It is difficult to keep up a regular follow up with new technologies, so it is necessary to keep the important data safe from cyber threats. There are many types of cyber threats, malware, ransomware, social engineering, phishing etc. To prevent cyber-attacks one can, use password manager tools like LastPass and others. People also use two factor authentication for double security on their accounts. Methods: Boards such as the National Institute of Standards and Technology (NIST) are developing frameworks to assist firms in understanding their security risks, improving cybersecurity procedures, and preventing cyber assaults. The fight against cybercrimes and attack, organizations needed a strong base there are 5 types of cyber securities: Critical Infrastructure Security, application security, network security, cloud security and (IoT) Security. In the modern time the US is highly based on computers and on different software, so it is really important for the US to be more conscious about the security as they get many threats almost every day for hacking their data and accounts. Results and Conclusion: Nowadays, even small businesses rarely recover their loss from the cyber-attacks and many back-off from continuing their businesses after being target of hackers. The first cybercrime attack was recorded in 1988 by a graduate student. Now that large companies and even small businesses are aware of cyber-attacks, they try their best to take every precaution to prevent hacking with double security and password manager tools.

Thomas Miller,Alexander Staves,Sam Maesschalck,Miriam Sturdee,Benjamin Green

DOI: https://doi.org/10.1016/j.ijcip.2021.100464

IF: 3.683

2021-12-01

International Journal of Critical Infrastructure Protection

Abstract:<p>Since the 1980s, we have observed a range of cyberattacks targeting Industrial Control Systems (ICS), some of which have impacted elements of critical national infrastructure (CNI). While there are access limitations on information surrounding ICS focused cyberattacks, particularly within a CNI context, this paper provides an extensive summary of those publicly reported. By identifying and analysing previous ICS focused cyberattacks, we document their evolution, affording cyber-security practitioners with a greater understanding of attack vectors, threat actors, impact, and targeted sectors and locations, critical to the continued development of holistic risk management strategies.</p>

engineering, multidisciplinary,computer science, information systems

William Enck,Yasemin Acar,Michel Cukier,Alexandros Kapravelos,Christian Kästner,Laurie Williams

DOI: https://doi.org/10.48550/arXiv.2308.06850

2023-08-13

Cryptography and Security

Abstract:Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. On June 7, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 17 practitioners from 13 government agencies. The goal of the Summit was two-fold: (1) to share our observations from our previous two summits with industry, and (2) to enable sharing between individuals at the government agencies regarding practical experiences and challenges with software supply chain security. For each discussion topic, we presented our observations and take-aways from the industry summits to spur conversation. We specifically focused on the Executive Order 14028, software bill of materials (SBOMs), choosing new dependencies, provenance and self-attestation, and large language models. The open discussions enabled mutual sharing and shed light on common challenges that government agencies see as impacting government and industry practitioners when securing their software supply chain. In this paper, we provide a summary of the Summit.

Lennart Bader,Martin Serror,Olav Lamberts,Ömer Sen,Dennis van der Velde,Immanuel Hacker,Julian Filter,Elmar Padilla,Martin Henze

DOI: https://doi.org/10.1109/EuroSP57164.2023.00066

2023-05-16

Abstract:The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures.

Cryptography and Security,Systems and Control

Tavish Vaidya

DOI: https://doi.org/10.48550/arXiv.1507.06673

2015-09-02

Abstract:Widespread and extensive use of computers and their interconnections in almost all sectors like communications, finance, transportation, military, governance, education, energy etc., have made them attractive targets for adversaries to spy, disrupt or steal information by pressing of few keystrokes from any part of the world. This paper presents a survey of major cyberattacks from 2001 to 2013 and analyzes these attacks to understand the motivation, targets and technique(s) employed by the attackers. Observed trends in cyberattacks have also been discussed in the paper.

Computers and Society,Cryptography and Security

Tawfiq M. Aljohani

DOI: https://doi.org/10.1109/mts.2024.3395688

2024-06-25

IEEE Technology and Society Magazine

Abstract:For Years, Experts have expressed growing concerns that critical infrastructures are vulnerable to cyberattacks. Remotely transmitted malware and viruses can compromise interconnected power systems, airports, hospitals, military systems, and any Internet-connected computers used to manage critical functions. As the world becomes more digitalized, integrating new communication technologies offers unlimited possibilities for the accumulation of information, creating a fundamental dependence on proper functioning in all areas of society. As such reliance could offer great opportunities for a smart and efficient world, it also poses significant threats to the operation of critical infrastructures and vital facilities. Specifically, safety issues from illegal acts that violate the integrity, availability, and confidentiality of information in cyberspace are expected to be the central theme in the digitalized world. Exploitation of cyberspace to advance political, social, and military agendas is of particular concern.

engineering, electrical & electronic

Cui-Hong Cai,Diego Dati

DOI: https://doi.org/10.1353/apr.2015.0023

2015-01-01

Asian Perspective

Abstract:Asian Perspective 39 (2015), 541-553 COMMENTARY Words Mightier Than Hacks: Narratives of Cyberwar in the United States and China Cuihong Cai and Diego Dati In recent years cyberwar has been a regular topic in both official and unofficial commentaries in China and the United States. As there is not yet a universally accepted definition of cyberwar, use of the term has become very broad and sometimes confusing in both countries. Charges of crime and espionage have been raised to the level of war, amplifying existing conflicts among countries, in particular between the United States and China. Nar­ ratives of cyberwar have also provided justification for policies supporting the development of offensive capabilities in cyber­ space and the implementation of intrusive surveillance systems. Such narratives, combined with several incidents between the United States and China, have led the two governments to under­ take protectionist measures to reduce possible vulnerabilities in cyberspace, creating repercussions for both countries’ economies and societies. Our commentary aims at raising awareness about the differ­ ences and similarities between US and Chinese narratives of cyberwar and explaining some of the reasons underlying them. We might be able to shed light on how the two countries understand these issues and suggest ways to improve mutual understanding. Media, experts, and government officials are among the most influential contributors to the proliferation of cyberwar narratives. Although the narratives produced by media and experts in the United States and China are slightly different in their tone, emphasis, and content, they are very similar in some respects, especially their tendency to excessively broaden the definition of cyberwar. US and Chinese government narratives, on the other hand, tend to differ in their terminology, priorities, 541 542 Words Mightier Than Hacks and identification with the unofficial narratives produced by the media and experts. Narratives of Cyberwar Produced by the Media In both China and the United States, media often use narratives of cyberwar to warn of a foreign threat. Cyberwar has been making the headlines during the last several years not only for events related to armed conflicts but also for malicious cyber activities such as theft of intellectual property rights, the operations of the hacker group Anonymous, Internet censorship, and espionage. In both countries these narratives have been exploited in the same way, but the threats highlighted are different. Generally, media produce three kinds of narratives about cyberwar. The first kind stresses the threat of foreign actors. In the US narrative these are Russia, China, and a few others, while in China it has recently become the United States. The second kind of narrative focuses on cyberweapons such as Stuxnet1 that act as proof of the existence of new and terrible cyberthreats endangering the regular functioning ofboth civil and military sys­ tems. These first two narratives are often combined with stories concerning cyber espionage and cyber crime to create a height­ ened sense of danger, encompassing a wide array of cybersecurity issues. The third narrative, which is probably the least popular and is most common in the West, claims that cyberwar has not happened yet and that it still does not represent as much of a threat as many believe. Narratives stressing the threat of cyberattacks by foreign actors were first produced by the US media and were responsi­ ble for popularizing cyberwar narratives more broadly. Russian hackers were the source, causing a disturbance in Estonia and later supporting Russian government military operations in Georgia. US media pointed to Russia as being the first cyberthreat to US national security, but since then China has increasingly been depicted as the main threat because of alleged cyber operations conducted against US industries and military suppliers. Cuihong Cai and Diego Dati 543 In China the same kind of narrative exists, but the threat is said to come primarily from the United States because of its advanced military capabilities in cyberspace and also because of the National Security Agency operations against Chinese net­ works revealed by Edward Snowden. Nevertheless, until now Chinese media have been mainly using reports produced in the West instead of investing their own resources to prove their point and argue against the choices of the US government. China still relies on foreign research...

Nigel Hawkes

DOI: https://doi.org/10.1136/bmj.j2464

2017-01-01

Abstract:Protecting against a cyberattack of the sort that paralysed at least 47 NHS trusts on 12 May123 will not be simple, experts have warned. Vulnerability is likely to increase rather than diminish as more and more IT systems are linked and patients’ access to them is made easier.Bryan Hurcombe, of the accountancy and consulting company Deloitte, told a Westminster Forum meeting in London on 18 May that the problem was both human and technical. “Many NHS organisations have legacy IT systems that were never designed with cyber-risks in mind,” he said. “It’s very hard to get rid of these systems—they’re engrained in the DNA of organisations. It’s not just a case of lifting and shifting them.“Today they would be built to be ‘secure by design,’ but that’s very challenging to do. Hundreds of articles have appeared asking, ‘Why haven’t we …