Here is our cyber security news round-up of the week:
Microsoft creates alliance for machine learning system threats
Microsoft and MITRE, in collaboration with a dozen other organisations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning (ML) systems. Such attacks have increased significantly over the past four years and are expected to continue evolving. Despite that, organisations have yet to come to terms with adversarial ML. In fact, a recent survey conducted by the tech giant among 28 organisations has revealed that most of them don’t have the necessary tools to secure machine learning systems.
The Adversarial ML Threat Matrix framework provides information on the techniques employed by adversaries when targeting ML systems and is primarily aimed at security analysts. The newly released framework is a first attempt at creating a knowledge base on the manner in which ML systems can be attacked and the partnering companies will modify it with input received from the security and machine learning community. The industry is encouraged to help fill the gaps, and to participate in discussions in this Google Group.
Steelmaker Stelco suspends production due to cyber attack
Canadian steel making giant Stelco reported a cyber breach and has called in cybersecurity specialists to investigate the attack and the extent of its impact on the company’s systems.
Stelco immediately implemented countermeasures in accordance with established cybersecurity procedures and policies that have been developed in collaboration with expert external advisors. The countermeasures taken were effective and limited the scope of the attack. Certain operations, including steel production, were temporarily suspended as a precautionary measure but have since resumed operations.
Stelco's team, in conjunction with industry-leading cybersecurity specialists and other advisors, continue to investigate the incident and extent of the impact on its systems. Stelco is implementing its back-up and recovery plans to fully re-establish its systems as quickly as possible and some business functions may be adversely affected during this recovery process. It will also cooperate with law enforcement authorities to investigate the crime.
Mobile browsers vulnerable to address-bar spoofing
Security flaws allow attackers to manipulate the URLs users see on their mobile devices. Security vendor Rapid7, in collaboration with independent researcher Rafay Baloch, this week disclosed details on new vulnerabilities in seven mobile browsers – including Safari and Opera – that allow attackers to spoof information showed in the browser's address bar. The vulnerabilities are the latest examples of a common security weakness in software where the user interface can be tricked into displaying erroneous information or to make it appear as if the information comes from a trusted source. Phishers have routinely taken advantage of the user interface misrepresentation issue to trick users into navigating to malicious sites or to fool them into thinking they are on a trusted site when, in fact, they are not.
Such vulnerabilities allow an attacker to control both the content of a website and the apparent source of the website, which can lead to very convincing-looking but malicious web pages. So far only Apple and Opera have addressed the vulnerabilities in their browsers after being notified of the problem in August. Because of the relatively limited screen sizes available on most modern smartphones, browser makers have little real estate for introducing security indicators that warn users when something might be wrong. As a result, the address bar on a mobile browser is often the main way to validate the source of a web page or a particular piece of content.
Norway scales up security infrastructure
Norway is to implement a more robust plan to scale up its IT security infrastructure against the backdrop of increasingly malicious attacks from cyber space. This follows a high-profile cyber attack that targeted the email system at the Norwegian parliament. In the immediate aftermath of the attack, the Norwegian government called an emergency meeting with the heads of the country’s top security agencies. The meeting resulted in a plan to accelerate the development of an enhanced national IT infrastructure, incorporating an embedded early warning system and defence shield to protect the IT systems of public and private organisations.
The Norwegian government’s strengthened cyber protection plan involves fast-tracking collaboration between national security agencies tasked with cyber defence and the private sector. The objective is to create a collaborative platform to develop improved early warning systems, deterrents and defences against a wide range of common and unconventional cyber threats and attacks on critical IT infrastructure. A central feature of the new plan is closer cooperation between the Norwegian Intelligence Service, the Norwegian Armed Forces’ military intelligence wing and the National Cyber Security Centre to develop a broad range of defensive and offensive options.
Sopra Steria falls victim to a cyber attack
European IT services group Sopra Steria has announced that it fell victim to a cyber attack on 20 October. The company did not provide detailed information about the incident but said that it has taken appropriate security measures to contain the risks. In a statement on its website, the company said that its cyber security teams were working to ensure that business operations return to normal as quickly as possible. Cyber security experts are investigating the attack, and appropriate law enforcement authorities have also been informed about the incident.
Sopra Steria has been tight-lipped about the precise nature of the hack, but French media reports that Sopra Steria was attacked with Ryuk, a type of ransomware used to coordinate targeted attacks on enterprises that is capable of encrypting hundreds of PCs, storage and datacentres, according to research by Check Point.
Edited and compiled by QA's Director of Cyber, Richard Beck.
Subscribe to our weekly Cyber Pulse newsletter below.
Stay in the know
Subscribe to our monthly Learning Matters newsletter and stay up to date with QA's latest news, views, offers, must-go-to events and more.
And if you want to keep up with the latest cyber news, why not subscribe to our weekly Cyber Pulse newsletter.
Richard Beck is Director of Cyber at QA. He works with customers to build effective and successful learning solutions tailored for business needs, helping to solve business problems. Richard has designed and architected numerous enterprise and nationwide cyber programmes for QA customers. Responsible for the QA cyber portfolio, products, proposition and cyber partner community. He has over 15 years' experience in senior Information Security roles.
Prior to QA, Richard was Head of Information Security for an organisation who underpin 20% of the UK's Critical National Infrastructure. Richard also held Security and Technical Management posts in Defence, Financial Services and HMG. He holds a number of leading cyber professional certifications, including CISSP, CISM, CISA.
Richard sits on a number of industry boards and security advisory panels, and previously chaired the Communication Industry Personnel Security Information Exchange (CPNI). He is the work stream lead for Cyber Skills & Diversity on the techUK Cyber Management Committee, in addition Richard is also supporting a work stream for the UK Cyber Security Council Formation project. Richard is a regular contributor for cyber insights and industry collaboration including speaker engagements.
He is also a STEM Ambassador working to engage and enthuse young people in the area of cyber security. Providing a unique perspective on the world of cyber security to teachers and encourage young people to consider a career in cyber security.
More articles by Richard
Cyber Pulse: Edition 145 | 19 February 2021
Cyber Pulse: Edition 144 | 5 February 2021
Cyber Pulse: Edition 143 | 27 January 2021
Cyber Pulse: Edition 142 | 18 January 2021
CISOs should prioritise the “human firewall” during Covid-19
Cyber Pulse: Edition 141 | 11 January 2021
Cyber Pulse: Edition 140 | 4 January 2021
Cyber Pulse: Edition 139 | 18 December 2020
Cyber Pulse: Edition 138 | 8 December 2020
Cyber Pulse: Edition 137 | 13 November 2020