Cyber Security News Update 3/2/2018

IOActive, a cyber research firm, has successfully deployed malware that turns robots into bitcoin ransomers. This malware would allow attackers to hold factories ransom, which is exactly how ransomware works on a computer’s files. The advanced malware has several features that make it robust enough to work, such as the ability to survive being factory reset and being able to grant itself admin privileges. Currently this malware has no known fix, and IOActive is working with manufactureres to fix the vulnerabilities that allowed the malware to successfully attack the robot. This sort of attack is concerning, the manufacturing industry has been heavily automated and a virus that’s capabale of disabling it is disturbing. The implications for economic terrorism are massive, especially if cyber defense companies can’t get ahead of attackers. Even a few hours of stop time would result in millions of dollars lost; worse than that is the worry about robotics in dangerous conditions being taken over or infected with malware. Nuclear power plants can use automated workers, what if one them gets hacked? How much is the control of a robot carrying around a uranium fuel rod worth? IOActive also managed to insert code that allowed them control of the robot’s audio; the infected devices would ask those near it for bitcoins. Currently its thought that it would take a trained technician a week to repair a single infected device, which is a deeply concerning implication.
Source: Proof-of-concept ransomware attack transforms robots into extortionists

Ronald L. Wheeler III has plead guilty to the charges of Conspiracy to Commit Access Device Fraud; as part of his role in the now defunct AlphaBay he instructed users on how to avoid law enforcement when purchasing illegal products. These charges are being used to prove a point the anonymity people think they have can be torn apart when law enforcement deems it necessary; Wheeler and the other AlphaBay employees will probably find themselves being made into examples for anyone else. Law enforcement usually comes down quite hard on cyber-criminals, but cyber crime is still a lucrative business.
Source: AlphaBay PR flack pleads guilty to conspiracy charge

Russian cyber-infiltrators have been impersonating people in order to extract personal information from unsuspecting victims. These Russian actors specifically targeted black businesses and their owners; they used acounts and names meant to illicit trust from their marks. This is an issue in that the reach of their deception is currently unknown, while Facebook has made a tool that allows you to check if you were exposed to Russian propaganda during the election, it doesn’t allow you track whether or not a Russian masquerading as an American contacted your or attempted to influence your vote. These attempts to influence the elections aren’t seen as Russia attempting to get a certain candidate elected, they’re used as tools to spread discontent instead. Their aim is to weaken the American people’s faith in the elections and the government by making it seem illegitimate. What we’re seeing is an incredibly sophisticated and long-running attack against the concept of the United States being a country where people should be involved with their governance. A massive smear campaign designed to set citizens against the government is ongoing, and will continue to do so as long as it remains simple to cause mistrust and fear with some keystrokes.
Source: Russians Pose as Americans to Steal Data on Social Media

Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.