In an era marked by rapid technological advancements, the automotive industry is undergoing a transformative shift. With the advent of connected vehicles, autonomous driving, and integrated smart systems, vehicles have evolved from mere mechanical machines to sophisticated computers on wheels. While this evolution brings remarkable benefits, it also introduces a new frontier of challenges, primarily in the realm of cyber security. This blog explores the growing influence of cyber security threats on the automotive industry and the measures being taken to address these challenges.

Connected vehicles have become a symbol of convenience and innovation. However, the integration of internet connectivity into cars also presents a potential gateway for cyber attackers. Hackers can exploit vulnerabilities in infotainment systems, telematics, and communication protocols to gain unauthorised access to a vehicle’s network. This access could lead to unauthorised control over critical functions, jeopardising passenger safety.

The pursuit of autonomous driving has further intensified the need for robust cyber security. Autonomous vehicles rely on an array of sensors, cameras, and data-sharing mechanisms to navigate roads safely. Any compromise in the integrity of these systems could result in accidents or even intentional harm. Protecting these vehicles from hacking attempts is crucial to ensure public trust and safety in this transformative technology.

Connected vehicles generate an immense amount of data related to driving patterns, user preferences, and geolocation. This data is not only valuable for manufacturers but also for malicious actors seeking to exploit personal information for financial gain or other nefarious purposes. Ensuring the privacy of user data has become a significant concern, necessitating stringent data protection measures.

The automotive industry relies on a complex global supply chain, which can inadvertently introduce vulnerabilities. If even a single component or software module is compromised at any point in the supply chain, it could potentially expose the entire vehicle fleet to cyber threats. Collaborative efforts between manufacturers and suppliers are essential to establish a chain of trust and enhance cyber security resilience.

Recognising the severity of cyber security threats, the automotive industry has begun taking proactive measures. Collaboration between automakers, technology companies, and cyber security experts has led to the development of best practices, guidelines, and standards specifically tailored to the industry’s unique challenges. Organisations like the Automotive Information Sharing and Analysis Center (Auto-ISAC) have been established to facilitate information sharing and coordination among industry stakeholders.

To mitigate cyber security risks, manufacturers are increasingly adopting a “security by design” approach. This strategy involves integrating cyber security measures at every stage of a vehicle’s development lifecycle. From concept and design to manufacturing and maintenance, security considerations are embedded to create a holistic and robust cyber security framework.

As the automotive industry accelerates toward a future defined by connectivity and automation, the spectre of cyber security threats looms large. The intersection of technology and transportation has brought unprecedented conveniences and efficiencies, but it has also exposed vehicles to new forms of risk.

Organisational compute and infrastructure, such as classic on-premises server rooms, datacentres and cloud-based services are all subject to regular attack and the colocation of many services, often with network cross over between, has simply increased the scope and availability of a reachable threat surface.

By employing our Anticipate, Protect, and Respond strategy in the realm of cyber security, Solace Cyber has formulated a variety of service packages that can assist the industry in navigating this crossroad. These packages are built upon our core Real-time Risk Platform initially, scaling out to extend all the way up to our comprehensive safeguarding service suite of Solace Cyber Secure 360.

By acknowledging these challenges and collectively working towards innovative solutions we can build a safer and more secure automotive landscape for everyone.

Find out more about how Solace Cyber can support you on your cyber secure journey.

In the early hours of 30 August, the Gabonese Election Centre (CGE) announced that President Ali Bongo had won a third term in office, having received 64.27 percent vote share in Saturday’s general election. However, just after 05:00 local time, a group of senior officers from the Gabonese military announced on television channel, Gabon 24, that they had seized power with the full support of the Gabonese security and defence forces.​

​

Introducing themselves as members of The Committee of Transition and the Restoration of Institutions, the officials stated that the election results were cancelled, all borders were closed until further notice and state institutions – the government, the senate, the national assembly, the constitutional court and the election body – were dissolved. ​

​

Following the announcement, domestic and regional sources reported gunfire could be heard in the capital Libreville. However, as the day progressed, the streets appeared calm, and crowds of  citizens peacefully took to the streets. Videos circulating on social media showed multiple instances of people celebrating and cheering, often in close proximity to the country’s armed forces. So far, there has been no signs of widespread protest or alarm. Several hours after the officers’ announcement, internet access also appeared to be restored for the first time since Saturday’s vote. ​

​

The Gabonese government has yet to make an official statement, with President Bongo reportedly under house arrest, surrounded by his family and doctors.​

Ahead of the coup, there was significant concern over potential unrest following Saturday’s presidential, parliamentary and legislative elections that the opposition alleged were plagued by fraud. Questions over the election’s transparency were re-enforced by the lack of international observers, the suspension of foreign media broadcasts, the decision to cut internet service, and the imposing of a nationwide curfew.​

​

President Ali Bongo and his father, Omar Bongo, have ruled Gabon since 1967, but frustrations with the political dynasty had been growing for several years ahead of Saturday’s election. The Central African nation is a major oil producer, so much so that it is a member of OPEC, as well as being a major exporter of uranium and magnesium. Indeed, the country is home to over one-quarter of the world’s proven magnesium reserves. However, Bongo has done little to channel its oil and other wealth towards the population of some 2.3 million people, a third of whom live in poverty. ​

​

This is also not the first attempt in recent history to overthrow Bongo as in January 2019 he and the Gabonese government were able to foil an attempted military coup after soldiers briefly seized the state radio station and broadcasted a message saying Bongo, who had suffered a stroke months earlier, was no longer fit for office.

The strength of Gabon’s extractive-based economy means that it is Africa’s third most wealthy country by GDP per capita. However, with large swathes of the country still living in poverty, it is highly likely that the state has failed to transfer much of this wealth to ordinary citizens. It is likely that economic disparities have been one of the major triggers for the coup. This is likely supported by the lack of public resistance and the fact that celebrations have been seen on the streets of Libreville and other major population centres across the country.​

​

Furthermore, the coup has yet to be characterised by anti-French rhetoric in a similar vein to the recent West and Central African coups in countries like Niger and Mali. However, the coup is almost certainly another problem for Paris in Africa, with multiple French companies operating in the country. Unlike the other coups in Africa, it is doubtful that the Gabonese coup leaders will seek Russian support in favour of maintaining Western relations. Gabon has traditionally had weak ties with Russia and unlike much of Africa, has not been threatened with major insurgencies and security issues. Moreover, Gabon was one of the countries in Africa that voted against Russia at the United Nations in the 2022 resolution on Ukraine.​

​

Economically, the coup is almost certainly going to lead to price volatility in global oil and magnesium markets. Gabon has strong economic links with both France, and increasingly with China, and it is a major exporter of commodities to these nations. Reports indicate that some foreign companies like the French mining company, Eramet, have already suspended operations in Gabon in response to the coup. It is therefore highly likely that both France and China will be looking for the political situation to be resolved quickly, and there is a realistic possibility of diplomatic involvement from both Paris and Beijing. ​

​

In the immediate future, it is unlikely that any major protests or armed clashes will break out as the Gabonese security forces are seemingly onside, and most indications suggest the public is too. The turning on of the internet was likely a move to win over the public as well as signal a different approach to governance than the Bongo regime. However, this also presents an increased potential for demonstrations and protests, both in favour and against the coup, to occur as information is spread on social media. There is a realistic possibility of sustained demonstrations which will likely lead to disruption in major population hubs. Borders will likely remain closed for upcoming days, but if scenes remain calm, borders are likely to reopen quicker than seen in Niger and Mali.

On the morning of 26 July, multiple domestic and regional sources reported that a potential coup was underway in Niamey, Niger. Early indications suggested that the Presidential Guard had blocked the entrance to the Presidential Palace, and detained President Mohamed Bazoum. Concurrently, government ministries next to the palace were blockaded, with those inside, including the Minister of the Interior, detained.

By early afternoon, the Niger Armed Forces (FAN) and National Guard had both deployed in the vicinity of the Presidential Palace. The FAN and the Presidential office both released statements asserting that the ongoing coup attempt was being driven by “anti-republican” elements and gave the Presidential Guard an “ultimatum” to stand down and release President Bazoum, or face being attacked. Unverified social media reports have subsequently described armoured FAN columns entering Niamey. Further unverified reports later emerged of roadblocks appearing across the city.

The conditions in Niamey remained calm initially, however, as the situation developed businesses were reputedly told to close and residents were ordered to stay at home. Operations at Diori Hamani International Airport currently remain unaffected, with flight tracking data showing that both inbound and outbound flights were operating as normal.

Since 2020, several coups have taken place across the Sahel region, most notably in neighbouring Mali and Burkina Faso. The key driver for instability has been the inability of central governments to guarantee internal security from a myriad of insurgencies and terrorist actors. Niger has been increasingly afflicted by the instability affecting the wider region. In the southeast, Niger is battling incursions from Boko Haram and in the west of the country, the government is attempting to contain threats from Islamic State’s Sahel Province.
Due to the external and internal threats posed by these actors, Niger has become a major operating base for Western nations in the region. Indeed, both France and the USA utilise the country as a base for operations in the wider Sahel.
This relationship has grown in significance for Western governments as relations with other states in the region, such as Mali and Burkina Faso, have broken down in the wake of their own respective coups, leading to the expulsion of French forces.

Further strengthening this relationship is the fact that Niger’s President was democratically elected in 2021 and is one of the region’s few remaining democratically elected heads of state. However, in February 2023 protests erupted in the capital, Niamey, with demonstrators expressing their dissatisfaction with a sustained French military presence in the country, with many believing that the foreign presence was either ineffective or had exacerbated security concerns.

At the time of writing, there has been no official statement from Presidential Guard. However, given the recent regional trends, it is highly likely that this attempted coup has transpired due to concerns regarding the deteriorating security of Niger.

This is further evidenced by the fact that the Presidential Guard has also apprehended the Minister of the Interior, who is the person ultimately responsible for policing and internal security in Niger. The recent uptick in attacks near the borders with Burkina Faso and Mali likely provided the catalyst for the current situation.

As the situation develops, it is almost certain that key transport routes and critical locations across Niamey will be seized by rival forces. This will include Niamey’s key river crossings, which connect the main part of the city on the eastern bank of the Niger River to its western parts, the international airport, and state TV and radio offices. At the time of writing, it is believed that President Mohamed Bazoum remains in detention.

The success of the ongoing attempted coup remains to be seen. Initial signs suggest that the FAN and National Guard have remained loyal to President Bazoum and are willing to fight. If this remains the case, it is unlikely that the coup succeeds due to the disparity in military firepower between the two sides. This result would ultimately see the Presidential Guard purged.

However, should the coup succeed, civil unrest, both in favour and against, will highly likely occur. A transitional military council will likely take over the government and immediately revise the stationing of foreign militaries in Niger. The removal of the last remaining Western forces in the region will likely create a security vacuum, that will almost certainly benefit the insurgencies and terrorist groups in Niger and the wider region.

A critical pre-authentication vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) is currently being exploited by threat actors who have been able to execute code with zero credentials.

A critical pre-authentication vulnerability in the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) was discovered in the first week of July. This vulnerability is currently being exploited by threat actors and has been tracked as CVE-2023-3519, which carries a 9.8 CVSS.

This has led Citrix to issue updates for affected products – it’s recommended that all those affected install the updates immediately.

The vulnerability allows an attacker with zero credentials to execute code. There is no need for an attacker to worry about MFA in this scenario as its pre-authentication.  

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable. 

The vulnerability, which is tracked as CVE-2023-27997 is a pre-authentication remote code execution vulnerability, which if left unpatched, could lead to critical organisational risk.

The SSL-VPN vulnerability would allow an attacker with zero credentials to execute arbitrary code during the pre-authentication stage. This means, the attacker could circumnavigate MFA.

The MOVEit transfer application used to transfer files has a zero-day vulnerability in the form of an SQL injection vulnerability. This in turn allows the adversary to drop a web shell on the host inside the MOVEit wwwroot directory. After which time, the attacker could then download any file within MOVEit and install a backdoor.

A known breach involving Zellis, a supplier of IT services for payroll and human resources says a “small number” of organisations have been affected.

The ransomware group “Cl0p” has posted on their ransomware site that they are exploiting the MOVEit vulnerability. Microsoft have also attributed the attack to Cl0p. The recent attacks do not show signs of encryption, although there is potential for this to occur as well as lateral spread.

The group states on their Darknet page that they’ll post the names of the organisations compromised on June 14th 2023 if the targeted organisation hasn’t already contacted them. In the past 24 hours the BBC, Boots and British Airways have confirmed they’ve been impacted.

The UK’s National Cyber Security Centre said it was “monitoring the situation” and urged organisations using the compromised software to carry out security updates. As of today, results from internet reconnaissance show that there are 127 instances in the UK of the MoveIT Transfer application and 1853 in the US.

Due to the growing number of compromised organisations and the current supply chain spread the impact is still yet to be fully materialised.

Organisations without the vendor’s latest patch against CVE-2023-34362 should assume breach and conduct investigative and remediation efforts where the service is publicly accessible.

The vulnerability has been exploited by the threat group APT28, also known as Fancy Bear, Sofacy, and STRONTIUM since April 2022.

It was initially reported to Microsoft by the Ukrainian CERT. According to Microsoft, “a Russia-based threat actor” exploited the vulnerability in targeted attacks against several European organizations in government, transportation, energy, and military sectors.

Currently 15 organisations are believed to have been targeted or breached using CVE-2023-23397.

Solace Cyber Head of Incident Response believes with high certainty that this particular vulnerability will be used by other threat actors – equating to a vast quantity of attacks in the coming days to weeks.

As of 16/03/2023 proof of concept code has been developed by security researchers and it is likely to be used in subsequent attacks by other threat actors.

The attack involves the attacker sending an Outlook note or task to the victim, triggering the notification sound file mechanism, which sends an NTLM negotiation request to the attacker-controlled SMB share. The threat actors accomplish this using extended MAPI properties that contain UNC paths. The vulnerability can be exploited with a simple, specially crafted email, even if the victim doesn’t open the item.

However, it’s worth noting that this vulnerability cannot be exploited with Outlook for iOS, Mac, or Outlook for Android. Nevertheless, it affects all Windows versions of Outlook that are currently supported.  

Note: Those at a higher risk include remote workers due to home firewalls that do not block SMB traffic.

This can be done by emailing all end users to advise a manual update of Microsoft Office (click-to-run) or updating via alternative methods. If you require assistance with auto-patching solace cyber can assist.

Preferably this is run in audit mode only so that forensic data can be reviewed. If the script produces results it is recommended that you review the UNC paths in the outlook items to ensure no exploitation has occurred. 

As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.

Further updates and details on the potential vulnerability can be found here

In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:

.*autodiscover\.json.*Powershell.*

Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.

On 15 August, violence erupted at the Bomas of Kenya in Nairobi, as the Independent Electoral and Boundaries Commission (IEBC) had been scheduled to release the results of the Kenyan general election. Live footage from the venue showed physical altercations breaking out between attendees, with military
personnel intervening to break up the violence.

Earlier on 15 August the IEBC had announced a delay in releasing the results, although did not specify a reason for the delay. Separately, four commissioners of the IEBC held a press conference at the Serena Hotel in Nairobi, in which they stated that they could not “take ownership of the results” due to concerns over their opaqueness. As the violent scenes emerged and news broke of the division within the IEBC, it
was announced that riot police across the country had been placed on standby, with Kenya’s highest bishop calling for calm and peace to prevail.

In the days since the 9 August election, the IEBC has been verifying the vote tallies provided by the country’s polling stations. In this interim period, both main presidential candidates have alluded to voting irregularities and of fighting the result in courts. Meanwhile, the delay between voting and the announcement of a result had only led to further speculation and disinformation around the legitimacy
of the vote.
Around 20 minutes after the initial chaotic scenes at the Bomas of Kenya, and despite four of the seven IEBC commissioners stating they could not back the results, the IEBC announced that William Ruto had won the election with 7,176,141 votes – amounting to 50.49 percent of the total valid votes. The pre-election favourite, Raila Odinga, received 6,942,930 votes – representing 48.85 percent of the votes cast.

In 2007, post election violence resulted in more than 1,500 civilian deaths, whilst in 2017 at least fifty were killed and the election result was seen as so contentious that the country’s Supreme court ruled the vote should be re-run. Odinga has run for president on five occasions and has lost each time he has run.
He has also disputed the final election result following each loss, which set the conditions of suspicion and mistrust, and ultimately precipitated previous outbreaks of post-election violence. Given that Odinga was seen as the favourite to win the Presidency during the 2022 election, the closeness of the declared result and the inconsistency from the IEBC on 15 August, it is highly likely that he will once more
attempt to contest the election results.

Regardless of whether Odinga officially disputes the result, it is highly likely that his supporters will rally against the result. Any such unrest is highly likely to become violent. The city of Kisumu, which is home to a large pro-Odinga voting bloc, has already begun to see protests break out against alleged vote rigging, whilst in the Kibera area of Nairobi there are reports that riots have begun to break out. Further
unrest is likely to remain centred on the political centres of gravity in Nairobi, with the State House, Central Business District, and Serena Hotel all probable areas of unrest in the short term.

It is noteworthy that this was the first election in which there was no candidate from Kenya’s largest tribe, the Kikuyu. As a result, if election violence and unrest begins to spread across the country, there is a realistic possibility that it will avoid the traditional split along ethnic and tribal lines. Consequently, post-election violence may occur more widely across Kenya, as it would not be centred on tribal population centres, although it may be less extreme than levels observed during previous elections in which a Kikuyu candidate was participating.

Our team of risk management specialists and intelligence analysts, combined with on-the-ground security support from our global partner network can help secure your operations.

Learn more about how we can secure your operations

Be in the know with intelligence reports built directly around your operational requirements.

During a televised address, Malian President Ibrahim Boubacar Keita resigned. The announcement comes after the president was detained by soldiers on Tuesday, 18 August. The country’s parliament has also been dissolved, plunging the country into political uncertainty. It remains unclear if the military is now officially in charge of the country.

The news of the president’s departure was met with jubilation by protesters in the country’s capital. Footage on social media and media websites show people dancing and cheering on military vehicles and soldiers as they move around Bamako. The Ministry of Justice building was also set alight in celebration.

All land and air borders in the country have been closed and a curfew has been implemented from 09:00 to 17:00 until further notice. Military leaders have pledged to set up a civilian transitional government, inviting the country’s civil society and political parties to join them to prepare for elections.

The driving force behind the apparent coup appears to have stemmed from mutinying soldiers who took control of the Kati military camp. The soldiers then moved on the capital and arrested the president, Prime Minister Boubou Cisse and other senior government officials. The numbers of those involved remains undetermined as well as who will now take the leadership of the government.

The events came following a long political crisis where opposition protesters have taken to the streets demanding the departure of Keita. Protesters have accused Keita of allowing the economy to collapse thus worsening the security situation across the country.

Foreign embassies have announced that citizens/travellers based in Bamako should remain indoors where possible and avoid protests, especially within the capital. The coup has been condemned by the European Union, African Union and the United Nations, as well as representatives of several countries.

SOLACE GLOBAL COMMENT

Details surrounding the coup remain unclear, the mutiny appears to have started in Kati, similarly to the coup that occurred in 2012. The mutiny also comes off the back of ongoing protests that began on 5 June.

The country’s protests had been growing in recent weeks, with demonstrators complaining that not enough has been done to address the issues that the country faces. The protesters pointed fingers at those in charge for failing to adequately address the country’s struggling economy, improve job prospects, and fight corruption and the ongoing insurgency that is not only destabilising the country, but also the wider region.

Keita has, in 2013 when he won election by a landslide, vowed a zero-tolerance for corruption. However, the former president’s popularity has faded over time. While he was reelected in the 2018 presidential elections, they were marred by low turnout and fraud allegations, which created frustration among the public, particularly among the country’s youth.

The pressure on Keita has only grown since the beginning of the protests in June. With the fight against insurgents dragging on, despite French military support, poor economic prospects and violent protests, the former president’s position was becoming untenable. Indeed, regional mediators had arrived in Bamako to try and ease the unrest; however, the military decided to step in.

The coup represents a major setback for France. Paris has invested heavily in the country both financially and militarily with over $1 billion in funding and 5,000 soldiers. Many Malians are now calling on the French to withdraw their troops following the perceived lack of progress.

The instability created by the coup also heightens the risk that Islamic extremist insurgents and Tuareg rebels may look to exploit the situation. With the Malian military struggling to maintain control over large parts of the country, France has recently increased its efforts and is seeking increased European military support.

SOLACE GLOBAL ADVICE