News

CERT@VDE has been an accredited member of Trusted Introducer since February 3, 2018.
CERTs around the world use Trusted Introducer to organize trust-based communication and collaboration. To become an accredited member from a listed team, a CERT must disclose information about its policies and processes to the other accredited members. It must undertake to comply with some de facto standards developed in the CERT community, e.g. the Information Sharing Traffic Light Protocol (TLP) , and the TI CSIRT Code of Practice (CCoP).

Update A, 6.3.2018

The corresponding press release is available here.

Based on the NIS Directive of 2016, the EU Parliament has now taken a further and significant step towards uniform and comprehensive cyber security in the European Union...
Download the full article as a PDF:

New draft regulation for a single European IT security network

Dennis-Kenji Kipker, MMR -News 2017, 395945

On December 13, 2017, the security researchers at Dragos reported a new malware called "TRISIS" that targets Triconex controllers from Schneider Electric. The majority of this has been publicly available since 24.12.2017.
We would like to provide an updated timeline here:

13.12.2017: Message from Dragos, malware code name: TRISIS

14.12.2017: Message from Fireeye, malware code name: TRITON

18.12.2017: Analysis of the US-CERT, malware code name: HATMAN

24.12.2017: Publication of the decompiled code and the original samples on several websites.

Yesterday, two critical vulnerabilities in almost all modern processors became public knowledge. What impact does this have on the CERT@VDE target group?
First of all, the good news: although the vulnerabilities have a critical impact on the security of multi-user systems and especially cloud applications, most ICS components cannot be compromised by these vulnerabilities alone.

Both vulnerabilities use a side-channel attack to bypass kernel data protection, allowing a process to obtain information to which it would not normally have access. However, for an attack to be successful, it is necessary to be able to execute arbitrary code on the respective processor. f a user cannot do this because he does not have shell access to the system, the attack cannot be carried out (see also the message at Heise ).

CERT@VDE therefore advises all users to keep their own clients (be it a laptop, tablet or smartphone) at the latest patch level and, above all, to update the browser used. System administrators should give high priority to patching servers on which users have shell access. If you use cloud services, find out from your provider what steps they are taking!

We are monitoring the situation closely. At the time of publication of this report, we had no information on ICS components that are directly vulnerable to attacks due to Meltdown or Spectre. Should this change, we will publish appropriate advisories in due course.

Lawyer Philipp Reusch explores this question in an article for the magazine LEAD digital.

from www.reuschlaw.de :

„The risk of hacker attacks increases with every connected fridge or car. So faszinierend das "Internet of Things" auch ist, so viele Gefahren birgt es auch. Insbesondere in Sachen Produkthaftung ist man hier allerdings nicht hilflos ausgeliefert. Philipp Reusch berichtet in einem Gastartikel in der aktuellen Ausgabe der Zeitschrift LEAD digital über die Implementierung effektiver Security-Konzepte!“

Researchers have discovered critical gaps in the WLAN security standard WPA2.
Multiple security gaps in the handshake of the WPA2 protocol threaten the security of WLAN networks. If AES-CCMP is used, packets can be decrypted (making it possible, for example, to eavesdrop on TCP-SYN packets in order to take over a connection). If the outdated TKIP protocol is used, the effects are much more serious, as forged packets can also be smuggled in. For clients using Android 6.0 or wpa_supplicant under Linux, the effects are catastrophic, as a key consisting only of zeros can be enforced here. Intercepting and manipulating the traffic of such a client becomes trivial.

The vulnerabilities, known as Key Reinstallation Attacks (KRACK), were published at www.krackattacks.com. Heise has a German-language report on the topic.