4/28/16 Weekly News: Empty DDoS Threats, Automotive Cyber-Security, and Malware in a Nuclear Power Plant

This week saw some very interesting bits of news, including scams with threats of DDoS, the difficulties involved in making vehicles cyber-secure, and even malware being found on a nuclear power plant.


1. CSO Online, "Empty DDoS threats earn extortion group over $100,000."

Not all threats online have an actual bite. Sometimes cyber-criminals try and simply scare their victims into paying them, essentially just scamming them out of their money. CSO Online reported that for the last two months, many businesses have been receiving email threats of a DDoS attack from a group calling itself the Armada Collective. The messages demand that the victims pay "protection" fees or the group will begin DDoS attacks on the victims.

However, none of those that refused to pay have experienced any attacks at all. It seems the threats are entirely empty, and those sending the emails may not even be a part of the actual Armada Collective, but may simply be using their name in an attempt to add credibility to their scam. The scammers in fact have no way of telling who has paid and who hasn't, and therefor would be hard pressed to know who to even attack. Unfortunately it seems to be working, as collectively the threats have earned them over $100,000. Remember, it is always best not to pay such demands, as there is no way to be sure they won't attack again, or inform other criminals that your business pays when threatened.

2. Network World, "Headaches likely to grow over auto cybersecurity concerns."

As we discussed briefly last month, cyber-security in automobiles is becoming a growing concern. With vehicles to often connected to the internet, flash drives, or even USB music players, the risk of infection by malware is increasingly a concern. Researchers have found numerous vulnerabilities, even being able to completely stop a vehicle remotely, but patches to security may prove more difficult than expected.

According to this article by Network World, current vehicles may never be possible to secure, and even vehicles in production now will not be able to implement the encryption and secure communication processes that are necessary to properly secure the vehicle. In fact it is estimated that it will take an additional 5 years before proper encryption is developed and implemented into vehicles with wireless functions, leaving a multitude of new vehicles unfortunately vulnerable to cyber-attacks.

3. Security Week, "Concerns Raised Over Malware in German Nuclear Plant."

A nuclear power plant located in Gundremmingen, Germany, made the news this week after it was revealed that it's systems were infected with various types of malware. Fortunately, none of the malware infections were particularly vicious, and many were even old and quite outdated. In fact, none of the malware posed any real threat to the reactor, nor did it appear to be targeted towards hindering its systems.

The malware likely was accidentally put on the reactor's computers, which did raise some concerns. How exactly did it get on the system? Could this be exploited by others to put something worse on the reactor? Again it was likely down to carelessness, which just shows how important it is to teach employees about proper security practices.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com