Data Breach Liabilities: Not Just an IT Problem

On 29 August 2016, Wapack Labs identified the growing concern for clarification and understanding of state and federal legislation and regulatory control regarding company data breaches.  The U.S. Congress passed the Cybersecurity Information Sharing Act (CISA) and was signed into law by the President in December 2015. This is a good step to help guide private information notifications in the event of a breach.  But many states have outdated, and at times, ambiguous statues and regulations regarding cyber security; especially how and when to notify data breach victims.  This creates both potential government civil liabilities for companies of all sizes.  Data breaches are no longer an IT problem, but a company-wide concern.  We are providing this information for your situational awareness.

Publication date:                           30 August 2016

Handling requirements:               Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:           Data Breaches – legislation/regulations  

Actor Type:                                    All Tier levels      

Potential Targets:                           USA

Past Reporting:                               Msg #7859

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

After Action Report: Rio 2016 Research Project

Wapack Labs was asked to initiate a research project into the Rio 2016 Olympic Games in order to monitor and identify threats to both readers of its reporting and Olympic sponsors. The project, which was conducted over the course of approximately one month and one week, sought to leverage every data source that Wapack Labs possesses, including its human collection capabilities, to provide a deeper insight into the activities of local actors.  Wapack Labs has experience conducting research into Brazil, having both conducted another research project during the 2014 FIFA World Cup tournament (in Brazil) and authoring a well-received comprehensive geo-political cyber threat report on Brazil for the Financial Sector Information Sharing and Analysis Center (FS-ISAC). This experience informed both the development of Rio-specific research approaches as well as what the expectations for the project should be.

This After-Action Report is intended to serve as a capstone to the Rio 2016 Olympic project, highlighting both the areas of success, and those which Wapack analysts recommend for improvement.

Publication date:               30 August 2016

Handling requirements:    Traffic light protocol (TLP) AMBER.

Past Reporting:                  DOC 4226, 4224, 4211, 4199, 4207, 4202, 4190, 4194, 4191, 4185,                                                      4182, 4168, 4167, 4123, 4172, 4160, 4163, 4162, 4112

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

The Shadow Brokers Target Equation Group

www.bestvpn.com

On 13 August of 2016, a persona calling themselves “theshadowbrokers” announced the leak of Equation Group tools.  The leak appears to be authentic and includes several exploits used by Equation Group.  Three CVEs (2016-6366, 2016-6367, 2016-6909) have been assigned to the exploits and one, EXTRABACON (CVE-2016-6366), was considered a zero-day vulnerability when released.  Affected products and software versions are listed for each exploit.

This report provides analysis and mitigations for the exploits included in the leak. 

Wapack Labs is providing this analysis as situational awareness of tools leaked from a Tier VI adversary.

Publication date:                            26 August 2016

Handling requirements:                  Traffic light protocol (TLP) AMBER

Attribution/Threat Actors:              Equation Group

Actor Type:                                     Tier VI   

Potential Targets:                           USA / International

Past Reporting:                               DOC-4133

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Hacking the Automotive Industry

www.valbonne-consulting.com

Wapack Labs open source collection exposed current concerns with the potential of active hacking into the autonomous vehicle industry.  Due to the fact that automobiles have up to 100 ECUs and more than 100 million lines of code, the Automotive-ISAC, and numerous tech researchers, are issuing cyber awareness regarding this industry’s production future; one which is shared by this lab.  Recently, as a vulnerability demonstration, two white hat hackers gained control of the vehicle's steering and directed it off the road.  We are providing this information for your situational awareness and proposal for future research.

Publication date:                          26 August 2016

Handling requirements:                Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:            Autonomous vehicle industry

Actor Type:                                   Tier III or higher

Potential Targets:                         USA / International

Past Reporting:                             DOC-1771, DOC-1652

For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.