Military officials and civilian security researchers have warned us for years: cyberattacks are becoming a very genuine component of modern warfare. Far from being limited to military targets, cyberattacks can destroy everything from major public infrastructure to advertising and advertising operations.
In the early hours of February 24, when the Russian invasion force began launching missiles at Ukrainian cities, another attack was taking place in the virtual kingdom. Suddenly, satellite terminals across Europe went offline and many suffered permanent damage from the attack.
Details are unclear, but army investigators and analysts have reconstructed a picture of what happened that night. The Great Euro Sat Hack turns out to be the latest example of the vulnerability of our virtual infrastructure in times of war.
The KA-SAT satellite operated through the American company Viasat was introduced in 2010. It is guilty of offering high-speed satellite internet in Europe, with a limited policy that also extends to parts of the Middle East. Customers of the service come with residential users throughout Europe. , as well as many trading systems.
On February 24, when Russian forces began their large-scale invasion of Ukraine, the KA-SAT formula also attacked. Thousands of terminals were suddenly disconnected in the early hours of the morning. Far from being limited to Ukraine alone, users in Greece, Poland, Italy, Hungary and Germany were affected.
In particular, 5,800 wind turbines in Germany saw their management systems shut down as the attack broke out. When the satellite links were interrupted, it was no longer possible to track the wind turbines through SCADA systems. Fortunately, the stability of the grid has not been affected according to the operator ENERCON, as the grid operators have kept over the wind power source to the grid through other methods.
Early reports speculated that an undeniable distributed denial-of-service (DDoS) attack could have been to blame. This type of attack, in which traffic flows are used to saturate a network or server, is simple and short-lived.
However, it soon became apparent that a much more serious attack had occurred. The researchers who analyzed the consequences noticed that many terminals had been permanently disconnected and could no longer be used. The information slowly leaked from the sources, indicating that the satellite itself had not been altered, broken or physically attacked in any way. Therefore, the challenge probably lies in the floor segment of the KA-SAT network.
Just over a month after the attack, Viasat issued a statement explaining the scale and nature of the attack. According to the company’s report, the action began at 03:02 UTC with a denial-of-service attack that spread among users employing SurfBeam 2 and Surfbeam2 Modems in a consumer-facing segment of the KA-SAT network. These modems located in Ukraine generated giant volumes of malicious traffic and prevented valid users from staying online. Viasat’s technical groups worked to block those malicious modems from the network, and others appeared as the team got rid of them.
During this period, modems were gradually disconnected on this network partition. This accelerated until 4:15 a. m. gone forever, with none attempting to reconnect to the satellite network.
Further investigations showed that a breach had occurred in the ka-sat network control systems, an “incorrect configuration on a VPN device”. The attackers accessed the control network and used it to send commands to the network’s residential modems, corrupting the built-in flash memory and rendering them unusable.
Subsequently, security researcher Rubén Santamarta was able to get his hands on an affected Surfbeam2 modem, as well as some other blank device that was saved from the attack. Emptying the flash memory of any of the modems revealing. The compromised modem had highly corrupted flash memory compared to the original, which left the modems in a non-working state. The damage was so complete in some cases that the affected modems didn’t even demonstrate the prestige LEDs when they were turned on. Eventually, 0,000 replacement modems were sent to consumers to get back online in the weeks following the attack.
There are still some questions that need to be answered in relation to the attack. Exactly how the attackers got into the control segment of the KA-SAT network is unclear, and the company is reluctant to go public with what happened. The first DDOS attack followed through a modem. The mesh also suggests a well-planned multi-stage attack, suggesting that the attack was planned well in advance. and a consumer-facing network segment.
These specificities are of interest to security researchers and those involved in the corporations in question. More broadly, however, it shows that cyberattacks can and will be used in opposition to genuine wartime infrastructure. In addition, the effects will not necessarily be limited to target spaces or the army. It is too simple for such an attack to have widespread downstream effects when our networks cross national borders.
Overall, it’s a frightening reminder of the vulnerabilities inherent in much of our infrastructure. This time it’s about satellite internet, other times it’s about the water source or the fitness system. What is at stake is paramount in all those cases, so there are many reasons. invest in strengthening security where possible.
Zero thousand replacements is much more than 0 replacements; PAGS
> 0,000 replacement modems were sent to consumers to go back online in the weeks following the attack.
That’s a lot.
I had to mean 00,000
3, they 3.
and by that I mean 30,000 or 30,000.
State-sponsored cybernetics has been a “thing” for some time now.
The United States is behind (or pretends to be behind) in this area. Other countries have been investing in this kind of thing for some time. “eat some of the kill” on extortion, credit card fraud, etc. )
Part of an invasion strategy is to sow confusion to make it difficult to understand the actual action.
Selling the seized Russian oligarch’s ships rather than paying for the damages.
Would he spend millions of dollars on a yacht that wouldn’t be able to sail near where the Russian Navy fears it will be “seized”?
Do I have an American or British flag? So yes. But it’s not a consultation for me, I don’t have that money. If you buy it cheaply, it’s probably worth splitting it into portions and then throwing it away.
Richard A. Clarke. “Breaking point. “
Not just a novel, maybe. . . but also a manual?A precaution ignored.
So what’s the solution to prevent your devices from receiving fully valid updates from your service providers that are wholly owned by a foreign government?
Are the signature keys stored in a physical vault, deleted, and used to mark new firmware photographs as valid on vacuum machines, prior to mass distribution?
I hope we’ll be more sophisticated in doing this kind of thing.
Well, there is already a scam that comes to compromise a valid source.
https://youtu. be/vi3W26aZ9n0
And I had others related to update servers.
That’s how we did it, in much less things. . .
“The Great Euro Sat Hack is proving to be the newest of our virtual infrastructure’s wartime vulnerability. “
And peace. There are no surprises when you build basically “for the lowest bidder. “
“The compromised modem had a very corrupt flash memory from the original, which left the modems in a non-working state. “
A lesson learned about having a backup that can be activated manually once the light has been managed.
They will need to have at least one bootloader and flasher on a permanent EPROM or write-protected hardware flash. Press a repair button on the card and then press the force button. It starts and destroys the flash and RAM then writes the ROM loader. to the flash. Then it is blank and in a position to automatically flash the newest symbol of the USB.
The whole mess begs the question why was all this so insecure?Viasat shareholders wonder why they haven’t conducted extensive testing and normal security audits to locate vulnerabilities like this.
The same safety of waste is valid for many things: everything that has automatic OTA updates is regularly vulnerable to such things, some things take A-B photographs or have a recovery formula as you describe, it is not universal.
But in general, OTA updates probably save more than they cost when things like this happen (assuming they check the original updates well before sending them), as the world wants, anything new gets damaged in terms of security when it’s new, and users check and perform security updates for their headless systems. . .
It would be interesting to find a way to flash the JTAG firmware on dead drives. Is the type of application processor used known?
Be kind and respectful so that the feedback segment is excellent. (Feedback Policy)
This uses Akismet to reduce spam. Find out how knowledge of your feedback is processed.