resilience

New Stuxnet-Like Industrial Control System Malware Ups The Ante

In-brief: Security firm FireEye is claiming to have discovered proof-of-concept malicious software that targets industrial control systems software that is used to operate critical infrastructure worldwide. 

Cyber Insurance: Triumph of the Accountants?

In-brief: Rapid advancement in the market for cyber insurance is poised to transform a cyber security market based on FUD (fear, uncertainty and doubt) to one based on hard numbers and risk. Consider yourself warned!

To Secure Modern Networks: Close The Visibility Gap

In-brief: In a world where billions of devices, users and applications can come and go freely, how do you make sure that the threat protection defenses you have in place are working properly to protect your environment?

At Summit, in search of Leadership on Cyber Security

In-brief: President Obama will address technology leaders at a Summit at Stanford University on Friday. But technology industry leaders say that much hinges on Washington’s ability to pass needed legal reforms. 

Banking Trojans Pose as SCADA Software to Infect Manufacturers

Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech.   [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]