Security Central: New Crash Override Malware Poses Threat, Verizon Closes on Yahoo ThinkStock

Security Central: New Crash Override Malware Poses Threat, Verizon Closes on Yahoo

This week’s Security Central takes a look at the new Industroyer/Crash Override malware, examines the state of U.S. cybersecurity, and peeks inside IBM Cloud Identity Connect.

There's a new malware in town, and it has the power to wipe out... well, power. On Monday, ESET, a Slovakian anti-virus software maker, and Dragos Inca U.S. critical-infrastructure security firm, stated that they uncovered a new intricate, sophisticated version of malicious software capable of causing mass power outages and harming critical infrastructure operations around the world. 

The two cybersecurity firms believe that this is the same bug that caused a power outage in the Ukraine back in December 2016. The companies released in-depth analyses of the malware, which has been dubbed Industroyer or Crash Override, and sent out private warnings to governments and infrastructure operators to make them aware and primed to defend against the treacherous program.

According to Reuters, The U.S. Department of Homeland Security is investigating the malware, but hasn't found any evidence to suggest it has infected U.S. critical infrastructure. ESET and Dragos Inc said they did not know who was behind the Ukraine cyber-attack, but of course Russia has been blamed, and they have of course denied any involvement.  

Organizations, governments and service providers have been warned that there could be more similar attacks, either by the group that built the malware or copycats who modify the malicious software. "The malware is really easy to re-purpose and use against other targets. That is definitely alarming," said ESET malware researcher Robert Lipovsky said in a telephone interview. "This could cause wide-scale damage to infrastructure systems that are vital."

The Department of Homeland Security agreed, giving the assurance that the organization is working to better understand the threat posed by Crash Override. "The tactics, techniques and procedures described as part of the Crash Override malware could be modified to target U.S. critical information networks and systems," the agency said. Definitely something to be "in the know" on as this story develops.

Speaking of the United States and cybersecurity, we're not doing so hot these days, according to two witnesses in a Senate subcommittee hearing Tuesday. It's what experts, providers and IT leaders have been saying for... well, forever, but  perhaps these two struck a chord. According to Eric Rosenbach, who was chief of staff to former Defense Secretary Ashton B. Carter, and Samantha Ravich, who advised the George W. Bush White House on national security, cybersecurity in the U.S. is in a severe state of disrepair, leaving the country extremely open and vulnerable to attacks from hacking groups backed by its enemies.

According to Roll Call, Carter and Ravich told the Senate Foreign Relations Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy that they believe a massive cyber-attack is imminent unless the U.S. ratchets up its efforts to protect against and deter offensives from countries such as Russia, China, and North Korea.

Rosenbach told the lawmakers assembled at the hearing that he believes a large-scale attack by North Korea against the United States “is likely to happen within the next year, if current trends continue.” Ravich, quoting Chinese officials, described China’s aggressive cyber-offensive strategy as “a form of nonmilitary warfare, which is just as terribly destructive as a bloody war, but in which no blood is actually shed.”

Well there you have it, folks. Them's fightin' words. During the hearing, Sen. Cory Gardner, the panel’s chairman, stressed the importance of updating the U.S. government’s cybersecurity system, which is six-and-a-half years old. Six-and-a-half. “In technology terms, it’s a fossil,” the Colorado Republican said. Accurate. 

Gardner, funnily enough, referenced Russia’s 2015 cyberattack on the Ukrainian power grid, which we covered in our first story. The attack left 235,000 people without electricity for hours, making it a prime example of what could happen if American utility companies don’t invest in stronger firewall protections. “It’s definitely on their radar,” Rosenbach said of domestic utility companies’ security. “But they don’t take it seriously enough. … When it comes down to it, some of this stuff can be expensive, and it can be complicated, and normally, you’re not forced to do things unless you have to or there’s a return to your bottom line.”

And  therein lies our country's biggest problem in terms of cybersecurity - Rosenbach could not have summed it up more perfectly. Companies and organizations are driven by cost, not by need. When that need is better security systems, there is a whole slew of reasons not to have the most beefed up technology and software. Unless of course you're a company that's already been hacked. 

These disparaging statements from Rosenbach and Ravich come at a very interesting time in terms of cybersecurity in the U.S. The FBI is continuing to investigate Russian ties to meddling in the 2016 elections and the possible whisperings going on between the Trump administration officials and the Kremlin. Yes, that is still happening

“We, as a country, need to [rise] above the political furor about it,” Rosenbach said. The U.S. is essentially tripping over our own shoelaces, which could have huge consequences for us moving forward. The “fragility” of the U.S. response, Rosenbach said, combined with the widespread perception that Russia’s actions “achieved unprecedented success,” increases the chances that Russia and others will unleash cyber hell on the United States in some form or fashion in the near future. 

So, what's the big takeaway? U.S. lawmakers must take legislative and executive action to reupholster private and government security. “The worst case,” Rosenbach said, “would be someone thinking that the United States was an emperor that had no clothes when it comes to cybersecurity.” 

Our last story takes a look at IBM's new IBM Cloud Identity Connect, a new Identity-as-a-Service (IDaaS) offering delivered via the IBM Cloud for managing how employees gain access to their preferred business applications. According to the tech behemoth's press release about the offering, the service helps provide users with rapid access to thousands of popular cloud apps while enabling single sign-on (SSO) to their applications, whether from the cloud or on-premise.

As the workforce becomes more mobile, complications tend to crop up - managing and securing multiple identities across a business using mobile and IoT devices, desktop environments and internet services can be a nightmare. These complications are magnified as enterprises move to the cloud and try to make that leap from traditional on-premise tools and operate in the new hybrid world.

“Businesses need to infuse identity everywhere," said Jason Keenaghan, Director of Strategy and Offering Management, IAM and Fraud, IBM Security. "Cloud Identity Connect makes it easier than ever before for customers to inspire productivity and efficiency – while helping to ensure their enterprise is securely managed and can effectively transition to the cloud."

IBM Cloud Identity has now been expanded to offer the following services:

  • Cloud Identity Connect: As enterprises transition from on-premise to cloud, this new service delivers a simple, one-click activation process designed to help businesses protect their existing infrastructure investments and bridge services to the cloud. Administrators and app owners can easily add new SaaS apps and manage workforce access, while creating a unified end user catalog and app portal for fast, intuitive access.
  • Cloud Identity Service: IBM’s comprehensive suite of identity and access management capabilities enables organizations to fully adopt cloud for their entire IAM program. IBM  Cloud Identity Service delivers deep capabilities across Identity Governance, Web Access Management, and Federation, and supports Business-to-Enterprise (B2E), Business-to-Business (B2B), and Business-to-Consumer (B2C) use cases for multi-faceted user populations.
  • IBM MaaS360 UEM: For organizations using or needing unified endpoint management (UEM) for mobile devices, IBM’s MaaS360 offering will now deliver embedded access management capabilities out-of-the-box. This will enable end users to receive a more seamless SSO experience across a combination of web and native mobile applications, even when transitioning between devices such as mobile and desktop.  

IBM Cloud Identity Connect will be available on June 15th in the IBM Cloud Marketplace

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.