Posts Tagged ‘Germany’
Friday, May 8, 2015 @ 05:05 PM gHale
There is a new push in Europe to fight off increasingly sophisticated cyber attacks.
A new project called SAFEcrypto will draw together cryptographers and other IT experts from Germany, France, Switzerland, Britain and Ireland to devise urgent security solutions capable of withstanding attack from the next generation of hackers.
The project, led by Queen’s University Belfast, will focus on an acute threat from emerging technologies including ‘quantum computers’ – capable of processing information much faster than silicon-based computers used today.
The project, which will run for four years at a cost of €3.8 million ($4.3 million), will concentrate on three main areas:
• Protecting information passed via satellites
• Protecting public-safety communications systems, eg those used by police, fire and ambulance services
• Safeguarding the privacy of data collected by municipal authorities
“(Centre for Secure Information Technologies) CSIT was among the first centers in the UK to be recognized as a center of academic excellence in cyber security research in 2012, and it is a natural progression for us to start working on a larger, pan-European stage,” said project lead professor Máire O’Neill from the CSIT at Queen’s. “Horizon 2020 has given us the opportunity to form a project consortium which is a true partnership between industry and academia.”
“Organizations are steadily increasing the level of spending on encryption products to protect their intellectual property and to maintain the privacy of customer details and personal information,” said O’Neill, who earned a UK Royal Academy of Engineering Silver Medal in 2014 and who is a former British Female Inventor of the Year (2007). “It is estimated that 25 percent of enterprises globally operate an internal public key encryption infrastructure (PKI). We believe these present day PKI systems will become vulnerable to attack by a new form of very powerful quantum computers in the near future.”
SAFEcrypto represents the first major project in Northern Ireland using funding from Horizon 2020, the biggest EU research and innovation program ever developed.
Tuesday, May 5, 2015 @ 02:05 PM gHale
German automaker, Audi, created its first batch of liquid “e-diesel” at a research facility in Dresden, Germany.
This e-diesel is the result of a “power to liquid” process, created by German clean tech company Sunfire, which is a partner of Audi.
The process uses carbon dioxide, a common greenhouse gas, which can end up captured directly from air. Carbon dioxide is the result of burning fossil fuels and contributes to global warming. Sunfire said it can recycle the gas to make a more efficient, carbon-neutral fuel, according to a published report.
Unlike conventional fossil fuels, the “e-diesel” doesn’t contain sulphur and other contaminants. “The engine runs quieter and fewer pollutants are being created,” Sunfire’s Christian von Olshausen said.
They can make the fuel in three steps. First, the researchers heat up steam to very high temperatures to break it down into hydrogen and oxygen. This process requires temperatures over 1,470 degrees Fahrenheit and can end up powered by green energy such as solar or wind power.
Second, they mix the hydrogen with carbon dioxide under pressure and at high temperature to create what they call blue crude. The final step calls for the blue crude to end up refined into fuels in a similar way fossil crude oil is refined into gasoline.
Audi said lab tests shown the “e-diesel” can end up mixed with fossil fuels or used as a fuel on its own.
The new fuel underwent testing by German Education and Research minister Johanna Wanka last week. She put the first five liters into her official car, and declared the project a success.
“If we can make widespread use of CO2 as a raw material, we will make a crucial contribution to climate protection and the efficient use of resources, and put the fundamentals of the green economy in place,” she said.
Sunfire said its plant is set to produce more than 3,000 liters of “e-diesel” over the coming months. The company said it was aiming for a pre-tax price of between 1 and 1.20 euros per liter ($1.10 to $1.30), compared to the current German pre-tax price of around 0.6 euros per liter of gasoline.
Wednesday, September 3, 2014 @ 03:09 PM gHale
In a continuing effort to combat growing and more sophisticated attacks, Europol will launch a new taskforce with the mission of tackling cybercrime in the European Union and beyond.
The new Joint Cybercrime Action Taskforce (J-CAT) has its headquarters at the Europol’s European Cybercrime Center (EC3) and Andy Archibald, the deputy director of the National Cyber Crime Unit at the United Kingdom’s National Crime Agency (NCA), will lead the unit.
The United States, the United Kingdom, Canada, Austria, Germany, France, Italy, the Netherlands and Spain are part of the J-CAT in the six-month pilot during which the taskforce will coordinate international investigations targeting malware, underground forums and other cyber threats, Europol said. Colombia and Australia have also committed to the project.
The initiative is the result of collaboration between the EC3, the FBI, the NCA and the EU Cybercrime Taskforce. Cyber liaison officers from the EC3, European Union member states, and non-EU law enforcement partners are part of the J-CAT.
“Today is a good day for those fighting cybercrime in Europe and beyond. For the first time in modern police history a multi-lateral permanent cybercrime taskforce has been established in Europe to coordinate investigations against top cybercriminal networks. The Joint Cybercrime Action Taskforce will operate from secure offices in Europol’s HQ assisted by experts and analysts from the European Cybercrime Centre,” said Troels Oerting, head of the EC3. “The aim is not purely strategic, but also very operational. The goal is to prevent cybercrime, to disrupt it, catch crooks and seize their illegal profits”
The EC3 has worked in numerous international operations, including the one against the banking Trojan Shylock, and a recently disrupted global scheme targeting money transfer services in Europe. With the launch of the J-CAT, law enforcement agencies want to further strengthen anti-cybercrime efforts and make joint investigations as efficient as possible.
The new taskforce will collect data on malware development and distribution, botnets, online fraud, and cyber intrusions from national repositories, government agencies and private sector partners. The data will end up converted into actionable intelligence used in investigations. The J-CAT will also organize meetings to obtain input on online threats from computer emergency response teams (CERTs) and private companies.
“There are many challenges faced by law enforcement agencies with regards to cyber criminals and cyber attacks. This is why there needs to be a truly holistic and collaborative approach taken when tackling them,” Archibald said. “The J-CAT will, for the first time, bring together a coalition of countries across Europe and beyond to coordinate the operational response to the common current and emerging global cyber threats faced by J-CAT members.”
In June, Europol signed an agreement with the European Union Agency for Network and Information Security (ENISA) to help EU member states with combating and preventing cybercrime.
Tuesday, July 1, 2014 @ 11:07 AM gHale
Attackers mainly targeting the energy sector were able to get in and surreptitiously cull strategic information.
As more reports become public, it is apparent the attack, labeled Dragonfly, is a cyber espionage program mainly targeting energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers, according to a report from Symantec. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.
The attacker’s approach is very strategic and almost surgical in how they are able to get into various systems. The Dragonfly group has a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment, Symantec report said. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.
As more information is releasing, ICS-CERT is continually issuing new reports on its public portal.
Dragonfly appears to have a broad focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.
In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.
The Dragonfly group, also known by other vendors as Energetic Bear, appears to have been in operation since at least 2011 and may have been active even longer than that, according to the report. Dragonfly initially targeted defense and aviation companies in the U.S. and Canada before shifting its focus mainly to U.S. and European energy firms in early 2013.
The campaign against the European and American energy sector quickly expanded in scope. The group initially began sending malware in phishing emails to personnel in target firms, according to the report. Later, the group added watering hole attacks to its offensive, compromising websites visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.
Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyber espionage. But that also has the potential for sabotage.
Analysis of the compilation timestamps on the malware used by the attackers indicates the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9 am to 6 pm working day in the UTC +4 time zone. Based on this information, it is likely the attackers are in Eastern Europe.
Dragonfly uses two main pieces of malware in its attacks. Both are remote access tool (RAT) type malware which provide the attackers with access and control of compromised computers. Dragonfly’s favored malware tool is Backdoor.Oldrea, also known as Havex or the Energetic Bear RAT. Oldrea acts as a back door for the attackers on to the victim’s computer, allowing them to extract data and install further malware.
Oldrea appears to be custom malware, either written by the group itself or created for it. This provides some indication of the capabilities and resources behind the Dragonfly group.
Once installed on a victim’s computer, Oldrea gathers system information, along with lists of files, programs installed, and root of available drives. It will also extract data from the computer’s Outlook address book and VPN configuration files. This data then writes to a temporary file in an encrypted format before sending to a remote command-and-control (C&C) server controlled by the attackers.
The majority of C&C servers appear to be on compromised servers running content management systems, indicating the attackers may have used the same exploit to gain control of each server. Oldrea has a basic control panel which allows an authenticated user to download a compressed version of the stolen data for each particular victim.
The second main tool used is Trojan.Karagany. Unlike Oldrea, Karagany was available on the underground market. The source code for version 1 of Karagany leaked in 2010. Symantec believes Dragonfly may have taken this source code and modified it for its own use. Symantec detected this version as Trojan.Karagany!gen1.
Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.
Symantec found the majority of computers compromised by the attackers suffered infection with Oldrea. Karagany saw use in 5 percent of infections. The two pieces of malware are similar in functionality and what prompts the attackers to choose one tool over another remains unknown.
The Dragonfly group used at least three infection tactics against targets in the energy sector. The earliest method was an email campaign, which saw selected executives and senior employees in target companies receive emails containing a malicious PDF attachment. Infected emails had one of two subject lines: “The account” or “Settlement of delivery problem.” All of the emails were from a single Gmail address.
The spam campaign began in February 2013 and continued into June 2013. Symantec identified seven different organizations targeted in this campaign. The number of emails sent to each organization ranged from one to 84.
The attackers then shifted their focus to watering hole attacks, comprising a number of energy-related websites and injecting an iframe into each which redirected visitors to another compromised legitimate website hosting the Lightsout exploit kit. Lightsout exploits either Java or Internet Explorer in order to drop Oldrea or Karagany on the victim’s computer. The fact the attackers compromised multiple legitimate websites for each stage of the operation is further evidence that the group has strong technical capabilities.
Going After ICS Vendors
The most ambitious attack vector used by Dragonfly was the compromise of a number of legitimate software packages. Three different ICS equipment providers ended up targeted and malware inserted into the software bundles they had made available for download on their websites. All three companies made equipment used in a number of industrial sectors, including energy.
The first identified Trojanized software was a product used to provide VPN access to programmable logic controller (PLC) type devices. The vendor discovered the attack shortly after it was mounted, but there had already been 250 unique downloads of the compromised software.
The second company to suffer compromise was a European manufacturer of specialist PLC type devices. In this instance, a software package containing a driver for one of its devices ended up compromised. Symantec estimated the Trojanized software was available for download for at least six weeks in June and July 2013.
The third firm attacked was a European company which develops systems to manage wind turbines, biogas plants, and other energy infrastructure. Symantec believes that compromised software may have been available for download for approximately ten days in April 2014.
The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies.
Click here for more information on the Dragonfly attacks.
Tuesday, June 10, 2014 @ 03:06 PM gHale
By connecting dead ends, it is possible to significantly increase power grid stability.
As the input from renewable sources is volatile because of the uncertainty of things like how much and how hard the wind blows or if the sun is shining, there’s a higher risk of local power instabilities and potential blackouts.
In an effort to curb those issues, scientists from the Potsdam Institute for Climate Impact Research (PIK) in Potsdam, Germany, created a novel concept from nonlinear systems analysis called basin stability. They found by connecting dead ends can significantly increase power grid stability. The findings ended up confirmed via a case study of the Scandinavian power system.
“The cheapest and thus widespread way to implement new generators into a high-voltage power grid is by simply adding single connections, like creating dead-end streets in a road network,” said Peter J. Menck, lead author of a study on the subject.
To test the resulting system’s stability, the scientists simulated large perturbations in a standard electrical engineering model. “We found that in the power grid nodes close to the dead-end connections, the ability to withstand perturbations is largely reduced,” Menck said.
“Yet it turned out that this can be easily repaired by judiciously adding just a few transmission lines,” Menck said. Apparently, the provision of alternative routes in the network should allow for a dispersion of perturbation effects. Thereby, technical protection mechanisms at the different nodes of the grid can deal with problems, while dead ends make the effects culminate at single points of the network.
These new insights are the result of applying for the first time the novel mathematical concept of basin stability developed at PIK.
“From energy grids to the Amazon jungle or human body cells, systems possess multiple stable states,” said co-author Jürgen Kurths who leads the institute’s research domain “Transdisciplinary Methods and Concepts.”
“To understand blackouts, forest dieback, or cancer, it is crucial to quantify the stability of a system – and that’s precisely what we’re now able to do,” he said.
The concept conceives a system’s alternative states as points in a mountainous landscape with steep rocks and deep valleys. The likelihood that a system returns to a specific sink after suffering a severe blow depends on how big this basin is.
“Compared to the potential costs of a blackout, adding a few transmission lines would definitely be affordable,” said co-author Hans Joachim Schellnhuber, director of PIK. “The new study gives just one example that innovative solutions, in our case even based on already existing technology, can indeed help master the transformation of our energy system, for many good reasons such as climate stabilization.”
Wednesday, May 21, 2014 @ 07:05 PM gHale
Cyber crime and investigations know no boundaries and last week 300 houses ended up raided and over 100 people arrested as part of an international law enforcement operation targeting people believed to be responsible for selling, creating and using the BlackShades Remote Access Trojan (RAT).
News of the operation came out last week, when the members of hacker forums said police raided them. On Monday, Europol confirmed the operation and provided more details.
Raids took place in over 10 countries, including Belgium, France, the Netherlands, Germany, UK, Estonia, Austria, Canada, U.S., Denmark, Chile, Italy and Croatia.
Investigators seized over 1,000 computers, laptops, mobile phones, USB sticks, external hard drives and routers.
“This case is yet another example of the critical need for coordinated law enforcement operations against the growing number of cyber criminals operating on an EU and global level,” said Troels Oerting, head of the European Cybercrime Centre (EC3).
“EC3 will continue — together with Eurojust and other partners — to work tirelessly to support our partners in the fight against fraudsters and other cyber criminals who take advantage of the Internet to commit crime. The work is far from over, but our cooperation to work together across borders has increased and we are dealing with cases on an ongoing basis.”
The BlackShades RAT, which sells for between $40 and $100, is a popular tool among cybercriminals. The malware can hijack webcams, steal files, log keystrokes, and launch denial-of-service attacks against a designated target.
In a recent case in the Netherlands, an 18-year-old used it to infect over 2,000 computers. The teen hijacked the webcams of infected devices in an effort to capture intimate pictures of women.
The FBI arrested Michael Hogue, one of the creators of BlackShades, back in 2012. However, others continued to improve the RAT even after Hogue’s arrest. In November 2013, Symantec said the use of BlackShades had increased in the previous five months.
“This case is a strong reminder that no one is safe while using the Internet, and should serve as a warning and deterrent to those involved in the manufacture and use of this software,” said Koen Hermans, assistant to the National Member for the Netherlands.
“This applies not only to victims, but also to the perpetrators of criminal and malicious acts. The number of countries involved in this operation has shown the inherent value in Eurojust’s coordination meetings and coordination centers.”
Tuesday, May 6, 2014 @ 06:05 AM gHale
The average consolidated total cost of a data breach increased 15 percent in the last year to $3.5 million, new research found.
The cost incurred for each lost or stolen record containing sensitive and confidential information increased more than nine percent to a consolidated average of $145, according to the research from Ponemon Institute’s ninth annual “Cost of Data Breach Study: Global Analysis” report.
The research involved the collection of detailed information about the financial consequences of a data breach. For purposes of this research, a data breach occurs when sensitive, protected or confidential data ends up lost or stolen and put at risk. Ponemon Institute conducted 1,690 interviews with IT, compliance and information security practitioners representing 314 organizations in 10 countries: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India and the Arabian region (a consolidation of organizations in the United Arab Emirates and Saudi Arabia).
“The goal of this research is to not just help companies understand the types of data breaches that could impact their business, but also the potential costs and how best to allocate resources to the prevention, detection and resolution of such an incident,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. This year’s Cost of Data Breach Study also provides guidance on the likelihood an organization will have a data breach.
• The most costly breaches occurred in the U.S. and Germany at $201 and $195 per compromised record, respectively. The least expensive data breaches were in India and Brazil at $51 and $70, respectively.
• Root causes of data breaches differ among countries. Countries in the Arabian region and Germany had more data breaches caused by malicious or criminal attacks. India had the most data breaches caused by a system glitch or business process failure. Human error was most often the cause in the UK and Brazil.
• The most costly data breaches were those caused by malicious and criminal attacks. The U.S. and Germany paid the most at $246 and $215 per compromised record, respectively. These types of data breaches were least costly for companies in India and Brazil at $60 and $77 per compromised record, respectively.
• A security posture was critical to decreasing the cost of data breach. On average, companies that self-reported they had a strong security posture were able to reduce the cost by as much as $14 per record.
• The involvement of business continuity management reduced the cost of data breach by an average of almost $9 per record.
• The appointment of a Chief Information Security Officer (CISO) to lead the data breach incident response team reduced the cost of a breach by more than $6.
• Countries that lost the most customers following a data breach were France and Italy. Companies in the Arabian region and Brazil experienced the lowest loss of customers.
• The probability of a company having a data breach involving 10,000 or more confidential records is 22 percent over a two-year period. Countries most likely to experience a data breach include India, Brazil and France.
Consistent with previous Cost of Data Breach studies, most often the common cause of a data breach is a malicious insider or criminal attack. The survey asked what worries companies most about security incidents:
• The greatest threats to the companies in this study are malicious code and sustained probes. According to threats increased.
• Only 38 percent of companies have a security strategy to protect its IT infrastructure. A higher percentage (45 percent) has a strategy to protect their information assets.
• Malicious code and sustained probes have increased the most. Companies estimate they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month. Unauthorized access incidents have mainly stayed the same and companies estimate they will be dealing with an average of 10 such incidents each month.
Click here to register for the report.
Tuesday, April 22, 2014 @ 11:04 AM gHale
German specialty chemical company CABB International just switched owners from Bridgepoint to Permira, as the European equity firm purchased the pesticides, cosmetics and food maker.
European private equity house Bridgepoint earned an internal rate of return (IRR) of 2.4 times its original investment, and CABB had an enterprise value of over $1.1 billion, one industry official said.
In an effort to bulk up is portfolio, Permira seized the opportunity to add Sulzbach, Germany-based CABB. Permira already owns Arysta LifeScience, a developer of additives to enhance crop growth and combat diseases and bugs. Permira’s prior investments include cosmetic-additive maker Cognis, sold to BASF SE for $3.8 billion in 2010.
“CABB is perfectly positioned as a leading global supplier of fine chemicals, specialty chemicals and intermediates to a variety of growing global industries including the agrochemicals industry, which we know well,” said Torsten Vogt, co-head of Permira’s industrial team.
“In the past three years — under the ownership of Bridgepoint — CABB has made tremendous headway,” said Dr. Martin Wienkenhöver, CABB Group chief executive. “Today CABB is a well-known and trusted partner for a large number of blue chip companies in the agrochemical, chemical and pharmaceutical industry. Together with Bridgepoint, the management of CABB established a sustainable growth strategy and we are looking forward to continue with and accelerate our successful growth path with the support of Permira.”
CABB started up in 2003 through the reorganization of Clariant’s acetyls operations. The transaction should close in June.
Monday, April 7, 2014 @ 04:04 PM gHale
Siemens and security provider McAfee expanded their security partnership which started in 2011.
Industrial users face new challenges including a wider range of cyber threats than ever before. They often lack the resources necessary to respond efficiently to security incidents and do not have access to the global threat intelligence that would allow proactive defensive measures.
This critical information is vital to keep up with evolving government regulations, industry standards, sector specific best practices, and other risk information necessary for making informed business decisions.
The extended alliance with McAfee will complement Siemens’ service offerings by leveraging security solutions such as next generation firewall, security information and event management (SIEM), endpoint security, and global threat intelligence as part of its Managed Security Service as well as offering professional services. These offerings provide greater visibility and control at the factory level while reducing the risk of IP theft.
“McAfee’s broad portfolio of security technologies can serve as a great enabler of Siemens Industrial Security service offerings,” said Siegfried Russwurm, member of the managing board of Siemens AG and chief executive of Siemens’ Industry Sector speaking at the Hannover Fair in Hannover, Germany. “This will further strengthen our leading position in automation and drive technologies by providing additional security solutions and services to our industrial customer base. Industrial security is one of the building blocks for strong demand of connected manufacturing environments, and for the continued resurgence of the manufacturing sector globally. This partnership will be an important foundation for the future of manufacturing and Industry 4.0.”
“Siemens provides a deep experience in automation across numerous industries,” said Michael Fey, worldwide chief technology officer at McAfee. “By combining forces, McAfee, Intel and Siemens will drive the adoption of connected, managed and secured solutions at the plant level in order to help industrial customers to manage their security while bringing the uptime and reliability of the plant operations to a higher level. This collaboration should allow us to address the unique requirements of Industrial Control System customers for the operations technology market thus providing a complete security view across the entire company.”
The companies will continue to cooperate on the development of security products and solutions, specifically based on industrial protocols, that will enhance managed security service offerings for the process and factory automation industry.