Archive for Germany

Rosneft Energy Plant Hit With A Cyber Attack

Posted in Commentary with tags , , on March 14, 2022 by itnerd

German newspaper die Welt is reporting ‘Hackers meet German Rosneft (translation here) subsidiary’, citing Germany’s BSI cybersecurity watchdog, which issued a cybersecurity warning to companies in the energy sector after a cyber attack occurred sometime between Friday night and early Saturday morning. While the attack has currently not effected Rosneft’s business or the supply situation, the company’s systems have been affected. And it’s thought that the hacker collective Anonymous might be behind this as the company has a relationship with Russia. Who aren’t the most popular people at the moment.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

 “With the global opposition to the Russian invasion of Ukraine, I doubt there is much sympathy for Rosneft, even as a subsidiary in Germany. This attack shows that globally, threat actor groups and nation states are both potential disruptors to critical infrastructure or any private sector company. All organizations should stay vigilant and continue to invest in cyber security solutions that employ advanced analytics and automated detection and response to thwart threat actors from disrupting operations, stealing sensitive data, or detonating ransomware. Certainly, solutions that employ a large set of machine learning models that are self-training to adapt to newer attacks and techniques is absolutely critical.”

I for one will be interested to see what the damage of this hack is, and if it makes other German companies reconsider their security posture if they have a relationship with Russia.

Leave a comment »

German Petrol Supply Firm Pwned By Hackers

Posted in Commentary with tags , on February 1, 2022 by itnerd

Bleeping Computer today reported German petrol supply firm Oiltanking paralyzed by cyber attack. Oiltanking is the main distributor who supplies Shell gas stations in Germany:

Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.

Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point.

And:

Bleeping Computer received the following comment from the company regarding the current situation:

On Saturday, January 29th 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group discovered we have been the victim of a cyber incident affecting our IT systems. Upon learning of the incident, we immediately took steps to enhance the security of our systems and processes and launched an investigation into the matter. We are working to solve this issue according to our contingency plans, as well as to understand the full scope of the incident. We are undertaking a thorough investigation, together with external specialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.

Oiltanking Deutschland GmbH & Co. KG, an operating unit within the Mabanaft Group, operates all terminals in Germany and is not part of the Oiltanking GmbH Group.

Oiltanking GmbH Group continues to operate all terminals in all global markets. Oiltanking Deutschland GmbH & Co. KG terminals are operating with limited capacity and have declared force majeure. Mabanaft Deutschland GmbH & Co. KG has also declared force majeure for the majority of its inland supply activities in Germany. All parties continue to work to restore operations to normal in all our terminals as soon as possible.

Saryu Nayyar, CEO and Founder, Gurucul:

“While there is a lot of discussion around ICS/OT security, the reality is that most operations are disrupted by compromises and attacks that begin within IT. While the devices and systems themselves may run on hardened or proprietary operating systems and architectures, the management of these devices often do not, leaving them susceptible to a malware or ransomware attack. This shows how critical it is to invest in more advanced threat detection and response solutions that can enable automation with higher confidence and lower impact to help security teams prevent disruption and the detonation of ransomware.”

Hopefully this attack is remediated quickly as we’ve seen with other cyberattacks on oil and gas facilities like the Colonial Pipelines attack, they can be devastating and cause all sorts of disruptions.

UPDATE: Saumitra Das, CTO and Cofounder, Blue Hexagon added this commentary:

“The use of cyberattacks for achieving nation-state or criminal gang aims continues to increase. This is reminiscent of the Colonial Pipeline attack where cyberattacks on critical infrastructure companies, even if on the IT side, can lead to issues in critical infrastructure. Attackers do not always have to infiltrate OT systems, bringing down the IT side of the house can cause enough disruption to achieve their end goals – whether that is a ransom payment or a geopolitical.” 

Leave a comment »

Office365, Google Docs, And iWork Verboten From Some German Schools

Posted in Commentary with tags , , , , on July 15, 2019 by itnerd

Privacy regulators in Germany have ruled out the use of Office 365, Google Docs or Apple’s iWork suite citing privacy concerns over the way these cloud services work. TNW reports the following:

Microsoft’s cloud services has run into a fresh roadblock in Germany, after the state of Hesse ruled it is illegal for its schools to use Office 365 citing “privacy concerns.”

The Hesse Commissioner for Data Protection and Freedom of Information (HBDI) ruled that using the popular cloud platform’s standard configuration exposes personal information about students and teachers “to potential access by US authorities.”

And:

The use of cloud applications by schools is generally not a data protection problem. Many schools in Hesse are already using cloud solutions. Whether, for example, the learning platform or the electronic class book: Schools can use digital applications in compliance with data protection, as far as the security of the data processing and the participation of the pupils is guaranteed.

The core issue is that telemetry data is sent out of Germany to the US, and this can include personal data.

This information can include anything from regular software diagnostic data to user content from Office applications, such as email subject lines and sentences from documents where the company’s translation or spellchecker tools were used.

Collection of such information is a violation of GDPR laws that came into effect last May.

And what makes the situation worse is that switching away from Microsoft to a Google or Apple solution is not possible:

What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensibly described. Therefore, it is also true that for schools the privacy-compliant use [of these alternatives] is currently not possible.

Thus schools have to run local copies of these apps and store data locally. Although the ruling has so far been made by only one state in Germany, it seems likely that the same issue would apply across the country. That means that Microsoft, Google and Apple will have to address this quickly to avoid a blanket ban across Germany.

Leave a comment »

German Government Servers Pwned…. Data Swiped…. Perhaps By The Russians

Posted in Commentary with tags on March 1, 2018 by itnerd

The German government has confirmed that it has identified a serious attack against its servers. Allegedly data was swiped as part of of the pwnage. The culprits according to reports are APT28 which are also known as the Fancy Bear hacking group which is Russian linked:

The group used malicious software to target German federal agencies, including the foreign and defence ministries. Hackers were able to steal data but the extent of the breach was still under investigation, the sources told dpa.

The German chancellery and the Federal Court of Auditors were also said to be among the sites compromised.

German security agencies recognized the cyberattack in December and have been trying to determine how far the group was able to penetrate into the government computer networks. The infiltration likely lasted more than a year.

The Interior Ministry confirmed the cyberattack without commenting on who perpetrated it, saying it was “isolated and brought under control.”

“The incident is being treated as a high priority and with substantial resources,” spokesman Johannes Dimroth said, adding that “government information technology and networks” had been hit.

Germany and Russia aren’t the best of friends. This incident isn’t going to help that. But there’s another piece to this. This attack may have gone on for at least a year. So that implies that not one IT security guy in the German government had any idea that they’d been pwned? It also implies that that nobody looked at either the firewall appliances or the logs for a whole year, or bothered to look for anything unusual?

I think that says more about their security than Fancy Bears skill.

 

 

 

Leave a comment »

German Security Chief Says To Ditch American Services To Avoid NSA Spying…. #Fail

Posted in Commentary with tags , , on July 5, 2013 by itnerd

For the last few weeks, the planet has been watching the circus that has been created by Edward Snowden and his leaks about the NSA and their spying activities. For German Interior Minister Hans-Peter Friedrich, the fact that the NSA spies on Internet traffic has got his attention. Thus, he offers this advice:

“whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.”

Good luck with that. When you do anything on the Internet, your traffic can go through any number of routes regardless of what service you’re using or where the service is hosted. So there is always a chance that your traffic can go through a place that the NSA monitors. Mr. Friedrich’s comments also don’t factor in the possibility that some other agency might be monitoring what you’re doing. So simply avoiding Facebook, Google, and Twitter will not get you very far. A more realistic response should be to assume that everything that you do online is being monitored. Thus you have to govern yourself accordingly.

In the meantime, perhaps Mr. Friedrich needs to rethink his comments.

 

Leave a comment »

Germany Suggests iPhone And BlackBerry Ban

Posted in Commentary with tags , , on August 11, 2010 by itnerd

If you’re a minister in the German government, you better not be using a BlackBerry or iPhone because of “attacks” against it’s networks via these devices. I’ve taken the liberty of translating a story from business daily newspaper Handelsblatt using Google Translate:

The security of the SPD, Sebastian Edathy suggested that a general ban on the use of smartphones in certain ministries. It would be negligent if caused by an incorrect use of a security risk to the government work, “said Edathy the” Bild “-Zeitung. The Federal Office for Information Security (BSI) had warned iPhone because of security concerns against the use of BlackBerrys by the Canadian manufacturer Research in Motion or Apple’s. The Authority recommends that only the “Simko2” the telecom wholesale division T-Systems for data traffic.

Admittedly, this isn’t the best translation. But you get the idea. But reading this makes me wonder is there really a security issue here? Or perhaps it is about using a “Made In Germany” solution?

Thoughts?

Leave a comment »