Get Involved! Learn more about the NCC Student Alliance

https://s-isac.org/

Welcome to Space ISAC

An Information Sharing and Analysis Center Focused on Space Industry Threats

Space ISAC collaborates across the global space industrial base to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats. Members receive timely and actionable information and serves as the primary communications channel for the sector.

Navigate to https://s-isac.org/ to subscribe and receive more information. 

 

Register Now! 2019 Cyber Symposium Sept 19-20

The 2018 NCC Cyber Symposium was an amazing success, with attendees coming from all across the US and abroad. Our team of ace speakers included Gen Michael Hayden, NIST guru Ron Ross, former FBI agent Don Freese and many others. So many of you have already been asking about the 2019 symposium and we’re excited to announce that we’ve selected the dates and tickets are available now at early bird and HUGE member discounts! So, reserve your calendars for Sept 19-20, 2019 and click here for more information and to reserve your place today!

Blockchain to the Rescue?

Remember those pictures of hundreds of pallets of unused water sitting on a runway in Puerto Rico? It’s a tough picture of waste that’s repeated all too often when it comes to disaster relief. Well, there’s hope that new blockchain technology could help reduce waste, improve communications and enhance overall effectiveness of relief efforts. We think that’s pretty cool! According to the Defense Logistics Agency (DLA), blockchain technology has “enormous” potentialin helping to improve disaster relief efforts.

Historically, DLA tracks logistics via a centrally managed system, which can be cumbersome and hard to synchronize across all stakeholders. Whereas blockchain could allow the agency (and its partners) to better track data, improving supply chain transactions and in-transit visibility of shipments. Turn out DHS is so excited about the possibility of blockchain solutions that they are offering grants up to $800K for blockchain technology startups. Go blockchain!

Talk About Getting Shanghai-ed

Where’s Jackie Chan when you need him? Last week, a vulnerability on a high performance database known as MongoDB exposed the records of more than 202 million Chinese job-seekers. The records – accessible without authentication to anyone on the Internet – were discovered by one of the wonks at Hacken.io and HackenProof, a bug bounty platform. Though financial information apparently wasn’t at risk, the vulnerability did expose personal data such as name, birthdate, email addresses and driver’s license info. If only Jackie Chan was a trained cybersecurity expert. The bad guys wouldn’t have a chance.

Google Takes Down 80+ Fake Apps

A few months ago, we reported on a series of iPhone apps that had been created as fronts for advertising malware. Well, it happened again, only this time to Google. Last week, Google removed 85 apps from Google Play after discovering that they were pushing aggressive, full-screen ads to Android users. While ads during apps isn’t new or illegal (you know that since you play the free version of WWF or Fortnite), this is different.

Malicious adware bombards users with ads, making money for its makers but annoying the heck out of users, and ultimately damaging the brands that are unsuspectingly pushing ads to these platforms. The guys at Trend Microspotted the deviant apps, (like Easy Universal TV Remote, which was downloaded more than 5 million times), and reported the activity to Google who promptly removed them. It’s a good idea to use an antivirus application on your device and before you download anything, always check for anything suspicious and read the reviews. Note to self.

Looking Ahead: Energy Infrastructure

As the New Year kicks in, the cyber experts around the world are offering their predictions for 2019. Over the next few weeks, we’ll cover some of these as well as serve up a few of our own. For years, hackers have focused on stealing data that they could sell; things like personal information and intellectual property. But things are changing — an alarming trend recently has been the rise of attacks on infrastructure including manufacturing, energy and transportation. Looking ahead, it’s safe to say that we can expect these industrial cyber attacks to continue and even increase.

According to vArmour’s Mark Weatherford, “an Industrial Control System attack on the energy sector would geographically impact citizens in the United States. There is increasing evidence that foreign governments have been roaming around the networks of US energy companies, which is typically the kind of reconnaissance activity that precedes an attack. These attacks have happened in other countries yet there is still the misplaced mythology in many traditional energy companies that the control system environments and the common IT business environments are isolated from each other. It’s. A. Myth.”

Town of Salem Under Attack! (sort of)

No, the witches haven’t taken over. And we’re not talking about bullets here. In fact, we’re not even talking about the actual town of Salem. We’re talking about the massive online game “Town of Salem” that’s played by nearly 8 million people worldwide. Last week the popular browser-based online version of the classic party game “Mafia,” was hacked and its users data was compromised. Though credit card information seems to be safe, user data such as email addresses, usernames and hashed passwords were among the hijacked information. The makers of the game will be doing “hard resets” and requiring all users to input new passwords, just to be safe. Um, we should hope so.

20 Year-old Busted in Biggest Ever German Breach

A few days ago, German media announced that it experienced its largest and most dangerous hack on German officials; including politicians, journalists and other public figures. Including German Chancellor Merkel. The government and the press immediately suspected several known cyber terrorist groups and went on the hunt. It turns out that the hacker was a local resident who was upset about recent political statements. It’s alarming that the data breach included sensitive information including phone numbers, private chats, credit card information and even home addresses and identity card numbers. It’s even more alarming that the hack was perpetrated by a 20 year old student with relatively little computer experience at all.

Major Newspapers Hacked

Remember newspapers? Yeah well, believe it or not there are actually people that still read them. And apparently, there are other people that don’t like them. Like, at all. Over the weekend, a cyber-attacker took aim on the printing and delivery systems of a slew of news rags, including the LA Times, the Chicago Tribune and the Baltimore Sun.

The LA Times reported that the attack, which appeared to originate outside the US, caused distribution cancellations or delays for numerous papers that share its production facilities, including the Wall Street Journal. The only good news is that the attack was limited to production and did not compromise any sensitive customer data. Where’s Clark Kent when you need him?