Week of August 16th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

Canada Dealership Investigating Ramifications of Cybersecurity

In a statement this week, AutoCanada Inc. has reported that it has discovered a breach of its systems that could disrupt operations. It also reported a financial loss for the second quarter because of a separate cybersecurity incident.

The Edmonton-based dealership network, which has 84 franchised dealerships across North America, says it is "still working to understand the extent of the breach" that was first identified on August 11th, including what, if any, customer, supplier, or employee data may have been compromised.

This month's breach follows a June cyberattack against CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, which led to similar major disruptions.

Since 2022, there has been a significant increase in attacks on the automotive industry . Measures to help mitigate the threat of automotive-related business operations include, but are not limited to:

• Ensure your vehicle's software is up to date: Hackers can exploit the vulnerabilities in outdated software to steal your personal information or take over your vehicle. You may also automate the update process so that the car’s computer installs the updates as soon as the manufacturer releases them?
• Use a VPN to protect your privacy: VPNs are an effective method of protecting connected automobiles. VPN shields your car's engine and electronic components against outside malware threats. A robust VPN enables users to access the internet safely
• Keep wireless technologies to a minimum: Tracking your vehicle remotely with wireless technologies may open your system to hackers. In most cases, wireless and remote systems operate online, which makes them particularly vulnerable to cyberattacks
• Disable GPS: In self-driving vehicles, GPS systems are a weak point that hackers exploit. Radio transmissions can easily be used to spoof GPS systems. Therefore, drivers should use their GPS units judiciously
• Always ensure safety: Car manufacturers should prioritize security as their primary concern. Proper safeguards against hacking attempts must be envisioned and incorporated. If your vehicle's infrastructure has security flaws, consult with specialists and use vulnerability assessment services to fix them
• Management of vulnerability assessments: This entails finding, assessing, treating, and reporting security flaws. This is best utilized in conjunction with other vehicle security measures

EDR-Killing Tools: Advanced Threats to Endpoint Security

As first reported by The Hacker News , a cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts.

This EDR-killing tool has been dubbed "EDRKillShifter" by Sophos, which also discovered the tool in connection with a failed ransomware attack this past May.

Executed via command-line along with a password string input, the executable decrypts an embedded resource named BIN and executes it in memory. The BIN resource unpacks and runs a Go-based final, obfuscated payload, which then takes advantage of different vulnerable, legitimate drivers to gain elevated privileges and disarm EDR software.

To mitigate the threat, it's recommended that systems be kept up to date, tamper protection in EDR software be enabled, and strong hygiene be practiced for Windows security roles.

Cyberattacks in Cycling? Experts Explore Cyber Threats in the Olympics (and Beyond)

Recent research has determined that high-end bicycles commonly used for road races like the Tour de France are increasingly vulnerable to cyberattacks targeting wireless gear-shifting systems.

Over the past few years, manufacturers have widely adopted wireless gear-shifting technology, which gives riders better control over changing gears. The technology is not vulnerable to the physical issues that plague mechanical systems; however, in an attempt to circumvent physical issues, their innovations inadvertently became prime for cyber-related vulnerabilities.

According to a team of scientists from the University of California, San Diego, and Northeastern University, the gear shifting system works "by deploying wireless links between the gear shifters controlled by the riders and the device called a derailleur that moves chains between gears on the bike."

This team uncovered three key vulnerabilities within the wireless systems:

1. Threat actors have been seen to be able to record and retransmit gear-shifting commands, allowing them to control gear-shifting on the bike without needing authentication via cryptographic keys . The research team successfully conducted record and replay attacks from a distance of up to 10 meters using software-defined radios without needing an amplifier to boost signal strength
2. Threat actors are capable of disabling gear shifting on specific bicycles without affecting nearby systems, creating significant risks for individual riders
3. The wireless system used a communication protocol, ANT+, which leaks information, allowing attackers to monitor what their target is doing (alongside their location) in real-time

What are your thoughts on this development? Do you foresee a heightened number of bicycle-related cyberattacks during upcoming high-profile races?