ClearSky Cyberdefense Forum

A malware was created to infect AutoCAD software systems and send stolen data to email addresses running on the Chinese-operated Internet provider 163.com. According to an article on eWeek, the purpose of these cyber attacks is to gain information on designs and business proposals and possibly bid on the same contracts at a lower price. The impact of these types of attacks can include potential losses of lucrative contracts to other firms who gain access to this information as well as the compromise of important company data.

http://www.eset.com/fileadmin/Images/US/Docs/Business/white_Papers/ESET_ACAD_Medre_A_whitepaper.pdf

http://midsizeinsider.com/en-us/article/cyber-attack-threatens-autocad-software

Smart grids, upgraded versions of electricity networks with two-way digital communication, should make the European energy system more efficient. But their dependency on computer networks, applications and the Internet makes society more vulnerable to malicious cyber attacks with potentially devastating results, European Network and Information Security Agency said in a report published on Tuesday.

http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations/at_download/fullReport

http://www.pcworld.com/businesscenter/article/259006/smart_energy_grids_need_protection_from_cyber_attacks_enisa_says.html

he University of Texas at Austin’s Radionavigation Laboratorydemonstrated hacking a civilian drone, forcing it to change course by sending fake GPS signals, and then, “as if some phantom has given the drone a self-destruct order, it hurtles toward the ground.” At the last second, the drone was spared but Professor Todd Humphreys and his team were pleased. They had successfully proved “a gaping hole in the government’s plan to open US airspace to thousands of drones. They could be turned into weapons.” Humphreys told Fox News, “Spoofing a GPS receiver on a UAV is just another way of hijacking a plane.”

http://www.youtube.com/watch?v=jkbABvNUNw0

http://blogs.computerworld.com/security/20593/civilian-drones-vulnerable-hackers-can-be-hijacked-used-missiles

A recent fraud ring through which attackers raided high-value bank accounts, nicknamed Operation High Roller (.PDF), employed attacks that were quick, required no human interaction and have already affected several tiers of credit unions, regional banks and large global banks, over the last several months.

In the ring, analyzed in a report by McAfee and Guardian Analytics, groups of attackers have used 60 servers to exploit 60 banks, focusing on “high-value commercial accounts” and “high net worth individuals” in Europe, Latin America and the United States.

http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf

http://threatpost.com/en_us/blogs/new-fraud-ring-operation-high-roller-targets-rich-062612

Cyber attacks by a foreign state resulted in a British company losing £800m in revenue, the head of MI5 revealed yesterday.

http://www.independent.co.uk/news/uk/home-news/uk-firm-lost-800m-to-cyber-attack-7881204.html

Henry and other top U.S. officials have underscored the severity of cyber threats by citing a case in which one publicly traded company lost $1 billion of intellectual property in a single intrusion over a weekend.

Henry declined to identify the company, but said many corporations were unaware that their networks had been breached until FBI agents notified them that they discovered proprietary, company-specific data outside their networks.

http://www.chicagotribune.com/business/sns-rt-us-media-tech-summit-cyber-disclosurebre85c1e3-20120613,0,4353697.story

North Korea was caught attempting cyberattacks on Incheon International Airport using viruses planted in game programs, according to the Seoul Metropolitan Police Agency.

http://koreajoongangdaily.joinsmsn.com/news/article/article.aspx?aid=2953940

Eric Grosse, VP Security Engineering: We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized. When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs and put in place extra roadblocks to thwart these bad actors.

http://googleonlinesecurity.blogspot.co.il/2012/06/security-warnings-for-suspected-state.html

In a paper that has been published in draft form online and seen by the Guardian, researchers Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs say that they have discovered a method that a hacker can use to connect to the internals of a chip made by Actel, a US manufacturer.

“An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device,” they noted.

To the research draft :

http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf

To the article :

http://www.guardian.co.uk/technology/2012/may/29/cyber-attack-concerns-boeing-chip?newsfeed=true