Quelques photos de la visite de notre CEO Florent Rizzo dans les locaux du Space ISAC à Colorado Springs.
Le Space ISAC est hébergé au sein du National Cybersecurity Center (NCC).
Merci à l’équipe du Space ISAC pour leur accueil et aux experts présents dans leur Watch Center.
Florent Rizzo a également eu la chance d’être présent le jour de la visite du sénateur John Hickenlooper qui est venu visiter les locaux du Space ISAC pour évoquer les enjeux de cybersécurité des PMEs ainsi que la difficulté de formation des experts en cyber… Beaucoup de parallèles ont été fait avec l’Europe, et notamment le RGPD/GDPR Européen a été cité à maintes reprises comme une référence.
Un grand merci au Space ISAC pour leur confiance et leur accueil
La Defcon et son Aerospace Village : un évènement exceptionnel !
Notre CEO Florent Rizzo a assisté ce DEFCON 31 à Las Vegas
Une petite synthèse en photos avant un debrief plus complet : – Interview de Chris Roberts : la “légende” repentie du hacking dans l’aéro qui a exprimé comment il aurait pu mieux faire les choses à l’époque… – CyberInflight cité par nos amis de Aerospace Corporation pour notre contribution au framework SPARTA Merci Brandon Bailey ! – La White House appelle à une harmonisation de la réglementation cyber – Server status : un des challenge de hack-a-sat. Il y a un leak de pointeur sur cette page (que vous pouvez voir) et qui a donné un indice aux équipes sur la façon de procéder – Synthèse de 4 derniers hack-a-sat – Ambiance électrique lors du dernier jour
The evolution of SPARTA is a perfect illustration of how the cyber domain is increasingly taking into account the specificities of the space domain. This adaptation is carried out through multiple publications by NIST, MITRE and others. SPARTA is at the forefront of this trend and continues to include new elements to facilitate its use.
1- TTP Notional Risk Scores
Two objectives:
To establish the likelihood of an attack due to the uniqueness of every mission and system implementation.
To illustrate adversary capability which contributes to the likelihood that an actor can execute certain SPARTA TTPs.
In order to produce an analysis on the TTPs potential impact, this results in a NOTIONAL risk determination with three notional risk values sorted by system/mission criticality (high, medium, low).
2- ISO 27001 Mapping
SPARTA is adapting to other regional contexts and rules. This mapping was performed using NIST’s published mapping between NIST 800–53 rev5 and ISO 270001.
3- D3FEND Technique and Artifact Mappings
SPARTA aims to provide a translation/mapping of D3FEND (Denial, and Disruption Framework Empowering Network Defense) techniques from MITRE and artifacts to the relevant SPARTA countermeasures. This should enable users of SPARTA to bridge the gap between countermeasures/courses of actions (COAs).
4- Additional References
In SPARTA version 1.3.2, over 20 TTP references were updated using CyberInflight’s Market Intelligence Team’s space attack database. In version 1.4, the integration of our data has been fully completed. Approximately 50 attacks were added to the appropriate techniques/sub-techniques under the reference section for each TTP.
Roughly 60% of the attacks that we provided fall within the Reconnaissance and Resource Development tactics, which is a precursor to almost all attacks. This reinforces how important the Protect Sensitive Information countermeasure is because threat actors are actively extracting sensitive design information. In some cases, threat actors’ objectives are simply Exfiltration or Theft, and these attacks could be achieving their objective simply by stealing the information.
Dans la démesure, le show à l’américaine où Elvis nous vend des produits de cybersécurité
Des démonstrations de hacking, de lock-picking, d’électronique mais surtout des discours marketing ultra-rodés où tous les moyens sont bons pour s’assurer que vous n’oublierez pas leur entreprise : distribution de goodies, de paires de chaussettes, de figurines APT, de tee-shirt et casquettes imprimés avec votre tête générée par une IA, autres concours de jeux vidéos, de rubix cube et même des massage du dos !
In late July, a hacker going by the name “samurai” and associated with the group “SecDet” claimed to have gained access to several hashtag#satellites, including CBERS-2/B, GLS-LANDSAT, and LANDSAT-1/7. These accesses were allegedly obtained by exploiting vulnerabilities in the INPE (National Institute for Space Research) in Brazil. The hacker’s claim was detailed on their website, where they outlined their malicious actions against databases and servers belonging to INPE.
Cyberattacks targeting the space sector
CyberInflight conducts data collection and analysis of cyberattacks targeting the space sector. This data is included in our attacks database, which is available for purchase.
For more information regarding this database or our economic intelligence report on the cybersecurity space market, feel free to contact us at the following email address: research@cyberinflight.com
On June 28-29, 2023, a series of messages on a Telegram channel claimed a large-scale cyber attack against Dozor-Teleport. Along with the claim messages, numerous files to download, an audio recording, and several screenshots were made available. The attacker(s) claimed affiliation with the Wagner Group without providing any additional evidence.
The information was first picked up on Twitter by pro-Ukrainian accounts. It quickly leaked to numerous cybersecurity news sites worldwide. Within 12 hours, major news outlets such as The Washington Post reported the information. Within 24 hours, the information was present on a range of media platforms.
During this dissemination, the information underwent a true game of “Chinese whispers.” The initial articles simply reproduced the information as it was published on Twitter or Telegram, barely mentioning that it was what the attackers claimed. Subsequently, various media outlets started amplifying the information. Headlines suggested that a Russian military hashtag#satellite network had been hacked before articles began appearing about hacked Russian military communication satellites.
In general, several issues continue to arise regarding the treatment of information about attacks in the space domain:
1️Once the word “satellite” is mentioned, the information suddenly gains interest in terms of cybersecurity. The reason is simple: the combination of space and cyber can quickly evoke fascination. The downside is that sensationalist headlines often multiply.
There is a clear lack of perspective regarding information related to cyberattacks. The need to be the first to publish information (which is understandable) leads to approximate or poorly verified information spreading rapidly.
The study and questioning of sources are rarely emphasized. Many press articles simply republish what has already been said without verifying the primary source of the information. As a result, basic information quickly becomes considered as true. For example, based on a given analysis on Twitter, it has been repeated by numerous media outlets that it was the first attack on a satellite provider since Viasat, which is false.
In the era of OSINT (Open-Source Intelligence), the amount of available information is considerable, but there is a lack of necessary reflection for understanding the information. Consequently, certain major cyberattacks that occurred over a year ago, such as the Viasat hashtag#attack, remain particularly vague in both their execution and impact.
Space security issues can be traced back to the 1980s. In 1989, several systems were hit by a computer virus called “WANK”.
Although suspicion initially focused on one or more French attackers, investigations soon established that the attack had originated from Australia. Some would go so far as to say that this attack was one of Julian Assange’s first moves. Assange had decided to attack NASA because the agency was planning to launch a nuclear-powered satellite, and many activists associated this with the danger of nuclear power (the 1986 Chernobyl disaster was still fresh in everyone’s minds). Assange then decided to attack NASA’s systems in order to delay the launch. There is still a great deal of doubt as to the origin of the attack.
The 1980s-1990s were a golden age for hacktivism, with the emergence of hacker culture. This period and the decades that followed quickly established NASA as a prime target. A space agency reflects the politics of its country, and indeed, space agencies in many countries are particularly targeted.
At CyberInflight, we continuously monitor the evolution of the threat and establish trends that feed into our business intelligence studies in the field of space cybersecurity.
The information below is issued from several Russian media, it should therefore be treated with great caution
During the months following the start of the Russian invasion of Ukraine, Roscosmos experienced several waves of DDoS attacks.
Roscosmos specified that on March 3rd and 4th, 2022, the websites of state-owned companies and industrial enterprises were subjected to a massive hashtag#cyberattack from abroad, originating from different IP addresses registered in various Western countries, mainly the United States, Canada, Sweden, the Netherlands, and Australia. Specifically, we are referring to the sources of Energuya, the M.V. Khrunichev Center, TsENKI, the Russian Space Systems (RKS) company, TsNIIMash, ISS-Reshenyov, and Uralvagonzavod.
In June 2022, the website of the Russian hashtag#space agency was once again targeted by a DDoS attack, which occurred after the publication of satellite images of NATO member countries “decision centers”, said Dmitry Strougovets, the head of the state-owned company’s press service.
Ivan Grigorov, the acting director of the “Zarya” Scientific and Technical Center (the parent organization of Roscosmos for information hashtag#security ), stated that “DDoS attacks are the third most common among cyberattacks (attempts at malware injection and hashtag#network analysis being the first and second). The trend is remarkable: in the past six months, more of these attacks have been recorded than in 2021”.
Cyberattacks on the space industry around the world rose sharply following the outbreak of war in Ukraine. CyberInflight has carried out extensive data collection and analysis through several databases.
In case you and your organization are interested to purchase one or more database, contact us at this adress : research@cyberinflight.com
The Space Development Agency (SDA) of the Space Force is making significant progress in enhancing cybersecurity applied to the space domain. The SDA has entrusted SAIC with the task of developing and maintaining a cloud-based “application factory.” This platform will be responsible for designing, developing, testing, and deploying “cyber-resilient” battle management, command, and control communications (BMC3) software for upcoming low Earth orbit satellites.
SAIC’s application factory will serve as a central hub for testing and deploying mission-specific software, ensuring interoperability within a modular framework. This innovative approach will even enable satellite upgrades in orbit, highlighting the importance of cybersecurity in space operations.
SAIC’s work does not stop there. They will develop “compute modules” for the BMC3 hashtag#software, ensuring that satellites can exchange information amongst themselves and, most importantly, with ground operators. The software environment of the application factory will be used to develop these modules and verify their functionality.
The SDA contract, valued at up to $64 million over four years, mandates that SAIC will develop, implement, and maintain the hashtag#architecture and infrastructure necessary to create a “clearing house” for other contractors who are developing mission-specific applications.
The emphasis on cybersecurity by the SDA and SAIC not only strengthens the safety of space systems but also reinforces resilience of hashtag#space infrastructures against #cyber_threats.