Experts say vulnerabilities in this network technology, which is widely used in the space and aviation industries, could have catastrophic consequences for critical systems, including the disruption of NASA missions.

Let me remind you that we also wrote that NASA has faced 6000 cyberattacks in the past four years, and also that Malware Hides in Images from the James Webb Telescope.

TTEthernet turns ordinary Ethernet into a deterministic network with certain transfer times between nodes and significantly expands the use of the classic Ethernet standard. In such a mixed-criticality network, traffic with different timing and fault tolerance requirements can coexist.

In fact, TTEthernet allows time-critical traffic (from devices that send highly synchronized, scheduled messages according to a predetermined schedule) to use the same switches that handle non-critical traffic, such as passenger Wi-Fi on airplanes.

In addition, TTEthernet is compatible with the standard Ethernet used in conventional systems. TTEthernet isolates time-triggered traffic from so-called best-effort traffic, i.e., non-critical systems, by forwarding their messages around more important time-triggered traffic.

This allows to combine different devices in one network, mission-critical systems can work on cheaper network equipment, and the two types of traffic do not overlap.

The creators of PCspooF say that TTEthernet is essentially the “backbone of the network” in spacecraft, including NASA’s Orion spacecraft, the Lunar Gateway space station, and the Ariane 6 launch vehicle. contender” to replace the Controller Area Network bus and the FlexRay protocol.

According to the researchers, the PCspooF attack is the first attack in history that broke the isolation of different types of traffic from each other. The essence of the problem lies in the fact that PCspooF violates the synchronization system, called the Protocol control frame (PCF), whose messages cause devices to work on schedule and ensure their fast communication.

So, the researchers found that non-critical best-effort devices can display private information about the time-triggered part of the network. In addition, these devices can be used to create malicious sync messages. A malicious, non-critical device can violate the isolation guarantee on the TTEthernet network.

The compromised best-effort device can then create EMI in the switch, forcing it to send fake synchronization messages to other TTEthernet devices.

Once such an attack is launched, TTEthernet devices occasionally lose synchronization and reconnect. As a result, they lose synchronization (desynchronization can be up to a second), leading to the inability to send dozens of time-triggered messages and cause critical systems to fail. In the worst case, PCspooF provokes such failures simultaneously for all TTEthernet devices on the network, the researchers explain.

To test PCspooF, experts used NASA hardware and software components to simulate an asteroid redirection mission when Orion had to dock with an automated manned spacecraft. As a result, the PCspooF attack forced Orion to deviate from the course and completely fail the docking.

After successfully testing the attack, researchers reported the issue to organizations using TTEthernet, including NASA, the European Space Agency (ESA), Northrop Grumman Space Systems, and Airbus Defense and Space. Now, based on the data from the researchers, NASA is revising the protocols for onboard experiments and testing its off-the-shelf commercial equipment.

As protection against PCspooF and the consequences of such attacks, experts recommend using optical connectors or voltage stabilizers (to block electromagnetic interference); checking source MAC addresses to make sure they are authentic; hiding key PCF fields, using a link layer authentication protocol such as IEEE 802.1AE; increase the number of sync masters and disable dangerous state transitions.

Space technologies do not guarantee absolute protection: there are examples of authentic attacks. For example, the media wrote that DopplePaymer ransomware operators were hacked by NASA contractor.

The post PCspoF Attack Could Disable Orion Spacecraft appeared first on Gridinsoft Blog.

The document states that NASA has institutional systems that are used for the day-to-day work of employees (this includes data centers, web services, computers and networks).

NASA also has separate mission systems associated with scientific programs in the field of aeronautics, space exploration, and so on (such systems are used to control spacecraft and process scientific data).

In total, NASA owns more than 4,400 applications, more than 15,000 mobile devices, about 13,000 software licenses, about 50,000 computers and a whopping 39,000 TB of data.

The cyberattacks detected in recent years (more than 1,700 incidents were identified in 2020) were very different: brute force, email attacks, identity tampering attacks, equipment loss and theft, various web attacks and incidents involving external or removable media.

For example, in 2020, most incidents were associated with misuse, including the installation of unauthorized software or access to inappropriate materials. The number of incidents of this kind increased from 249 in 2017 to 1103 in 2020.

The report provides information on several specific incidents, including the hacking of NASA’s Jet Propulsion Laboratory in 2018, which resulted in hackers gaining access to the servers and telescopes of the Deep Space Network.

In the same year, unidentified persons stole about 500 MB of data from an unnamed mission system, compromising an external user account for this. In addition, in 2019, NASA discovered that a contractor was using its resources to mine cryptocurrency, and two Chinese citizens were charged with hacking NASA systems and stealing data.

Let me remind you that I also said that NASA staff faces exponential increase in number of hacker attacks.

The post NASA has faced 6000 cyberattacks in the past four years appeared first on Gridinsoft Blog.

Therefore, according to official figures, in recent days, NASA personnel have been suffering from:

• doubling the number of phishing attacks by email;
• exponential growth of malicious attacks on NASA systems;
• doubling attempts to block or mitigate the activity of NASA systems trying to access malicious sites (unknowingly, due to users accessing the Internet).

The last point means that NASA employees and contractors are actively clicking on malicious links that they send to them via email or text messages. And now this happens twice as often as usual. Social engineering is still one of the easiest ways to access corporate networks and users’ computers.

The mechanisms for blocking and mitigating such incidents that NASA SOC uses seem to include blocking access to servers that are considered malicious or suspicious, as well as terminating dangerous downloads from agency computers. Unfortunately, these measures can hardly be called reliable, and much better when the staff is trained to recognize phishing attempts and act accordingly.

“NASA employees and contractors should be aware that the APT and cybercriminals are actively using the COVID-19 pandemic to attempt exploitation and attacks on NASA’s electronic devices, networks and personal devices. In some cases, the goals of [criminals] include access to confidential information, usernames and passwords, conducting denial of service attacks, the spread of misinformation, and fraud”, – told NASA representatives

Cybercriminals began to send emails with malicious attachments and links to fraudulent sites more often, trying to force victims to disclose confidential information and provide access to NASA systems, networks and data. Such baits are often masked as requests for donations, supposedly updated data on the methods of transmission of the virus, security measures, tax refunds, information on fake vaccines and disinformation campaigns.

As a result, contractors and staff are advised to exercise caution when using computers and mobile devices connected to the Internet and to exercise increased vigilance.

As we wrote earlier, not only NASA will experience such difficulties. For example, the other day, Check Point experts reported that 71% of cybersecurity experts report an increase in the number of threats and attacks since the beginning of the pandemic. The majority of respondents (55%) report phishing attempts as the main threat.

In second place are malicious sites that allegedly contain information and tips about coronavirus (32%). Next is the increase in the number of malware (28%) and ransomware (19%).

“My new certificate log catcher is sucking in all the covid-19 and coronavirus domain certificates. 3,143 certificates in 24 hours today (UTC), not yet checked for duplicate domains re-registered for additional hosts”, — reports IS expert Sean Gallagher.

Overall, attackers are very actively exploiting the new opportunities that the pandemic offers them.

The post NASA staff faces exponential increase in number of hacker attacks appeared first on Gridinsoft Blog.