Cyber Pulse: Edition 135 | 27 October 2020

Here is our cyber security news round-up of the week:

Microsoft creates alliance for machine learning system threats

Microsoft and MITRE, in collaboration with a dozen other organisations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning (ML) systems. Such attacks have increased significantly over the past four years and are expected to continue evolving. Despite that, organisations have yet to come to terms with adversarial ML. In fact, a recent survey conducted by the tech giant among 28 organisations has revealed that most of them don’t have the necessary tools to secure machine learning systems.

The Adversarial ML Threat Matrix framework provides information on the techniques employed by adversaries when targeting ML systems and is primarily aimed at security analysts. The newly released framework is a first attempt at creating a knowledge base on the manner in which ML systems can be attacked and the partnering companies will modify it with input received from the security and machine learning community. The industry is encouraged to help fill the gaps, and to participate in discussions in this Google Group.

Steelmaker Stelco suspends production due to cyber attack

Canadian steel making giant Stelco reported a cyber breach and has called in cybersecurity specialists to investigate the attack and the extent of its impact on the company’s systems.

Stelco immediately implemented countermeasures in accordance with established cybersecurity procedures and policies that have been developed in collaboration with expert external advisors. The countermeasures taken were effective and limited the scope of the attack. Certain operations, including steel production, were temporarily suspended as a precautionary measure but have since resumed operations. 

Stelco's team, in conjunction with industry-leading cybersecurity specialists and other advisors, continue to investigate the incident and extent of the impact on its systems. Stelco is implementing its back-up and recovery plans to fully re-establish its systems as quickly as possible and some business functions may be adversely affected during this recovery process. It will also cooperate with law enforcement authorities to investigate the crime.

Mobile browsers vulnerable to address-bar spoofing

Security flaws allow attackers to manipulate the URLs users see on their mobile devices. Security vendor Rapid7, in collaboration with independent researcher Rafay Baloch, this week disclosed details on new vulnerabilities in seven mobile browsers – including Safari and Opera – that allow attackers to spoof information showed in the browser's address bar. The vulnerabilities are the latest examples of a common security weakness in software where the user interface can be tricked into displaying erroneous information or to make it appear as if the information comes from a trusted source. Phishers have routinely taken advantage of the user interface misrepresentation issue to trick users into navigating to malicious sites or to fool them into thinking they are on a trusted site when, in fact, they are not.

Such vulnerabilities allow an attacker to control both the content of a website and the apparent source of the website, which can lead to very convincing-looking but malicious web pages. So far only Apple and Opera have addressed the vulnerabilities in their browsers after being notified of the problem in August. Because of the relatively limited screen sizes available on most modern smartphones, browser makers have little real estate for introducing security indicators that warn users when something might be wrong. As a result, the address bar on a mobile browser is often the main way to validate the source of a web page or a particular piece of content.

Norway scales up security infrastructure

Norway is to implement a more robust plan to scale up its IT security infrastructure against the backdrop of increasingly malicious attacks from cyber space. This follows a high-profile cyber attack that targeted the email system at the Norwegian parliament. In the immediate aftermath of the attack, the Norwegian government called an emergency meeting with the heads of the country’s top security agencies. The meeting resulted in a plan to accelerate the development of an enhanced national IT infrastructure, incorporating an embedded early warning system and defence shield to protect the IT systems of public and private organisations.

The Norwegian government’s strengthened cyber protection plan involves fast-tracking collaboration between national security agencies tasked with cyber defence and the private sector. The objective is to create a collaborative platform to develop improved early warning systems, deterrents and defences against a wide range of common and unconventional cyber threats and attacks on critical IT infrastructure. A central feature of the new plan is closer cooperation between the Norwegian Intelligence Service, the Norwegian Armed Forces’ military intelligence wing and the National Cyber Security Centre to develop a broad range of defensive and offensive options.

Sopra Steria falls victim to a cyber attack

European IT services group Sopra Steria has announced that it fell victim to a cyber attack on 20 October. The company did not provide detailed information about the incident but said that it has taken appropriate security measures to contain the risks. In a statement on its website, the company said that its cyber security teams were working to ensure that business operations return to normal as quickly as possible. Cyber security experts are investigating the attack, and appropriate law enforcement authorities have also been informed about the incident.

Sopra Steria has been tight-lipped about the precise nature of the hack, but French media reports that Sopra Steria was attacked with Ryuk, a type of ransomware used to coordinate targeted attacks on enterprises that is capable of encrypting hundreds of PCs, storage and datacentres, according to research by Check Point.

Edited and compiled by QA's Director of Cyber, Richard Beck.

Subscribe to our weekly Cyber Pulse newsletter below.

Click here to find out about QA's extensive cyber-security courses.