critical infrastructure Archives

critical infrastructure

TRUST: Threat Reduction via Understanding Subjective Treatment

July 22, 2014 Lance James

It has become obvious (to me, anyway) that spam, phishing, and malicious software are not going away. Rather, their evolution (e.g. phishing-to-spear phishing) has made it easier to penetrate business networks and increase the precision of such attacks. Yet we still apply the same basic technology such as bayesian spam filters and blacklists to keep the human at the keyboard from unintentionally letting these miscreants onto our networks. Ten years ago, as spam and phishing were exploding, the information security industry offered multiple solutions to this hard problem. A decade later, the solutions remain: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance). Still: we find ourselves still behind the threat, rather than ahead of it. Do we have the right perspective on this? I wonder. The question commonly today is: “How do we identify the lie?” But as machine learning and data science become the new norm, I’m […]

Google Warns Of Dodgy Digital Certificates Issued By India

July 9, 2014 Paul Roberts

Beware of Google domains bearing gifts – especially gifts from India. On Tuesday, Google’s Adam Langley took to the company’s security blog to warn about unauthorized digital certificates that have been issued by India’s National Informatics Centre (NIC) and used to vouch for “several Google domains.” Google notified the NIC, as well as India’s Controller of Certifying Authorities (or CCA) and Microsoft about the discovery and the certificates have been revoked, Langley said. As Cory Doctorow noted over at BoingBoing.net, most operating system vendors and browser makers don’t trust NIC-issued certificates as a matter of course. However, NIC holds intermediate CA (certificate authority) certificates that are trusted by India’s CCA, and CCA-trusted certificates are included in Microsoft’s Root Store, meaning applications running on Windows as well as Microsoft’s Internet Explorer web browser would have trusted the bogus NIC certificates. Google said that Chrome users on Windows would not have been victims of the […]

Update: Cyber Spies Digging For Clues On Iraq?

July 8, 2014 Paul Roberts

The folks over at CrowdStrike have dug deep into a campaign of targeted cyber attacks targeting Washington D.C. think tanks and say they have evidence that whomever is behind the attacks has taken a sudden interest in U.S. policy towards Iraq. Editor’s Note: This story was updated to include comments from Adam Meyers, Vice President of Security Intelligence at CrowdStrike. – PFR July 8, 2014 14:30 Writing on Tuesday, CrowdStrike CTO Dmitri Alperovitch described a new campaign by a group they dubbed “DEEP PANDA” that was targeting think tanks specializing on U.S. foreign policy and national security. Alperovitch said CrowdStrike observed a pronounced shift in targets from think tank experts on Asia to experts on Iraq and the Middle East in recent weeks. The shift corresponded with the rapid escalation of violence in Iraq as the Islamic extremist group ISIS took control of large parts of the country. “This actor, who was engaged in […]

Industrial Control Vendors Identified In Dragonfly Attack

July 4, 2014 Paul Roberts

Two of the three vendors who were victims of a targeted malware attack dubbed ‘Dragonfly’ by the security firm Symantec have been identified by industrial control system security experts. Writing on Tuesday, Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers. Peterson has also identified the third vendor, identified by F-Secure as a Swiss company, but told The Security Ledger that he cannot share the name of that firm. The three firms, which serve customers in industry, including owners of critical infrastructure, were the subject of a warning from the Department of Homeland Security. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it was alerted to compromises of the vendors’ by researchers […]

DHS Warns Energy Firms Of Malware Used In Targeted Attacks

July 1, 2014 Paul Roberts

The Department of Homeland Security warned firms in the energy sector about new, targeted malware infecting industrial control systems and stealing data. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it is analyzing malware associated with an ICS-focused malware campaign. The malicious software, dubbed “Havex” that was being spread by way of phishing emails and so-called “watering hole” attacks that involved compromises of ICS vendor web sites. DHS was alerted to the attacks by researchers at the security firms Symantec (which dubbed the malware campaign “Dragonfly”) and F-Secure (“Havex”) -a remote access trojan (or RAT) that also acts as an installer (or “downloader”) – fetching other malicious applications to perform specific tasks on compromised networks. One of those additional payloads is a Trojan Horse program dubbed Karagany (by Symantec) that has been liked to prior attacks on energy firms. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, […]