security

Why CISOs should be concerned about space-based attacks – Channel Asia Singapore


Credit: Shutterstock

Russia didn’t just attack Ukraine on the ground when it invaded that country on February 24, 2022, it also raided Ukraine’s data connections in space.

On that date, “a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service,” Viasat reported on March 30, 2022.

According to the satellite services provider, “the cyber-attack did impact several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe.”

They included the remote monitoring and control of 5,800 wind turbines owned by Germany’s Enercon, with a total capacity of 11 gigawatts.

An after-attack report from Sentinel Labs concluded that “the threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers.

A wiper for this kind of device would overwrite key data in the modem’s flash memory, rendering it inoperable and in need of re-flashing or replacing.” Sentinel Labs also reported that the wiper in question was AcidRain, “an ELF MIPS malware designed to wipe modems and routers.”

Conflict-related attacks can hit civilians too

Viasat itself has not confirmed the characterisation of this as a “supply-chain” attack was accurate and maintains that there has been no evidence this was the case, according to a Viasat representative via email.

The attack “primarily impacted the Ukrainian civilian population as they were not able to access reliable information from the government during the conflict,” according to the Cyber Threats section of the CyberPeace Institute website. “The recovery time varied, though some were without internet for two weeks.”

The response: “We worked with the operator to implement immediate updates to stabilise the network and defend against additional tactics,” says Craig Miller, president of Viasat Government Systems.

“Viasat’s in-house cyber expertise and capability is how we were able to maintain the safety and security of the majority of KA-SAT users, as well as initiate a rapid logistical response to get impacted users back online as quickly as possible.”

Satellites are attractive targets for hackers

Beyond providing satellite broadband, space-based communications satellites provide a wide and varied range of services to academic, business, commercial, government, and military users. This makes them an attractive target for hackers with many points of attack, including the satellite’s onboard control software, the data links between them and their Earth stations, and ground-based data networks and equipment such as modems that connect to them.

Although the Viasat KA-SAT malware attack was apparently aimed at blocking internet access to Ukrainian civilians many kinds of cyberattacks make sense concerning space-based data systems.

“My first thought — because of the global impact on commercial and military assets — would be satellite communications attacks on GNSS/GPS navigation signals by jamming, and more the powerful threat of signal spoofing,” says Randall K. Nichols, vice-chair of an Institute of Electrical and Electronics Engineers (IEEE) subcommittee on self-healing systems.

“From an IT point of view, all space vehicles requiring navigation assistance …are essentially SCADA (supervisory control and data acquisition) systems with all the attendant vulnerabilities and subject to a host of IT/cyber/system threats,” he said.

“There have certainly been more cyberattacks against space assets and services, with government and commercial networks defending against threats daily,” Miller says.





READ SOURCE

Readers Also Like:  U.S. Government Agencies' Emails Compromised in China-Backed ... - The Hacker News

This website uses cookies. By continuing to use this site, you accept our use of cookies.