Siemens

Malware Campaign Against Industrial Systems Almost 3 Years Old

Malware Campaign Against Industrial Systems Almost 3 Years Old

The U.S. Government’s Industrial Control System CERT (ICS-CERT) said on Thursday that a campaign targeting industrial control system (ICS) software began in January, 2012 and targeted industrial systems that were directly connected to the public Internet. ICS-CERT said in an alert published on Wednesday that “HMI” (or Human-Machine Interfaces) products from vendors including GE, Advantech/Broadwin and Siemens may have been infected with variants of the BlackEnergy malware since January, 2012. Infected firms were running versions of the GE’s Cimplicity, Advantech/Broadwin’s WebAccess or Siemens’ WinCC with what ICS-CERT called a “direct Internet connection.” In some cases, as with the GE Cimplicity attacks, hackers exploited a known vulnerability in the Cimplicity software to gain access. In others (as with WebAccess and WinCC) the method by which the software was compromised isn’t known, ICS-CERT said. CERT said it hasn’t documented any cases of control processes being modified by the malware. However, BlackEnergy is typically used […]

Few companies have fully remediated Heartbleed one year after it was discovered, a study by Venafi concludes.

Tripping Over Heartbleed’s Long Tail

The news about the dreadful Heartbleed OpenSSL vulnerability keeps pumping – almost a month since it first made headlines. But now that other, equally scary security news is stealing the headlines (like the nasty Internet Explorer vulnerability that was announced this week, Heartbleed is taking a back seat. So where do things stand? I think its safe to say that we’re entering a phase that might be considered Heartbleed’s ‘long tail.’ On the one hand: there’s evidence of good news. The Register reported today that data collected by the firm Qualys suggests that almost all websites that were vulnerable to Heartbleed three weeks ago are now patched and no longer vulnerable. The Register’s John Leyden quotes Ristic, the director of engineering at Qualys, putting the percent of web sites, globally, that are still vulnerable to Heartbleed at 1 percent. That’s great news – but I don’t think its the end of the story […]

A paper co-authored by Bruce Schneier noting various methods for subverting cryptographic protections - the better to prevent back doors like those used by the NSA.

History Suggests Heartbleed Will Continue To Beat

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Ralph Langner, an expert on the security of industrial control systems, suggests that the critical infrastructure sector might consider the use of analogue systems as a backstop to cyber attacks on ICS software. (Image courtesy of the Library of Congress).

Is Analog The Answer To Cyber Terrorism?

Ralph Langner is one of the foremost experts on the security of critical infrastructure that we have. So, generally, when Ralph says something – whether its about Stuxnet, or cyberwar or the security of nuclear power plants – folks listen. And these days, Ralph is wondering, out loud, whether our reliance on digital systems to manage critical infrastructure has gone too far. The answer, he suggests, may be to go “back to the future,” as it were: reintroducing analog systems into the control process chain as a backstop for cyber attacks. Case in point: the Department of Homeland Security’s ICS-CERT warned on Friday that firmware for Siemens SIMATIC S7-1500 CPUs (Central Processing Units) contain nine vulnerabilities that could enable attacks such as cross site request forgery, cross site scripting and URL redirection. (Siemens has issued a firmware update that patches the holes.) Langner is among the world’s foremost experts on […]

Experts: Despite Warnings, Slow Progress Securing Industrial Systems

Experts: Despite Warnings, Slow Progress Securing Industrial Systems

Despite increased media attention to the security of industrial control systems and critical infrastructure, progress in securing those devices has been slow, experts say. Despite progress in some areas, critical infrastructure – including energy and transportation networks- remains vulnerable to attacks leveled at known security holes for months or years because of a lack of vendor response or customers who lack the incentive or know-how to patch vulnerable systems. That according to some of the world’s top experts in cyber security and industrial systems, who are gathering this week at an industry conference in Miami. The S4 Conference, sponsored by the firm DigitalBond, is one of the premiere conferences for cyber security as it pertains to industrial control systems and often coincides with disclosures from industrial system vendors about serious security holes in their products. The security of industrial control systems has been a top concern of IT security experts and government […]