CERT

Industrial Control Vendors Identified In Dragonfly Attack

Two of the three vendors who were victims of a targeted malware attack dubbed ‘Dragonfly’ by the security firm Symantec have been identified by industrial control system security experts. Writing on Tuesday, Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers. Peterson has also identified the third vendor, identified by F-Secure as a Swiss company, but told The Security Ledger that he cannot share the name of that firm. The three firms, which serve customers in industry, including owners of critical infrastructure, were the subject of a warning from the Department of Homeland Security. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it was alerted to compromises of the vendors’ by researchers […]

DHS Warns Energy Firms Of Malware Used In Targeted Attacks

The Department of Homeland Security warned firms in the energy sector about new, targeted malware infecting industrial control systems and stealing data. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it is analyzing malware associated with an ICS-focused malware campaign. The malicious software, dubbed “Havex” that was being spread by way of phishing emails and so-called “watering hole” attacks that involved compromises of ICS vendor web sites. DHS was alerted to the attacks by researchers at the security firms Symantec (which dubbed the malware campaign “Dragonfly”) and F-Secure (“Havex”) -a remote access trojan (or RAT) that also acts as an installer (or “downloader”) – fetching other malicious applications to perform specific tasks on compromised networks. One of those additional payloads is a Trojan Horse program dubbed Karagany (by Symantec) that has been liked to prior attacks on energy firms. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, […]

connected car - audi-thumbnail

Traffic Monitoring Tech Vulnerable To Hacking

Connected cars aren’t the only transportation innovation that’s coming down the pike (pun intended). As we’ve noted before: smart roads and smart infrastructure promise even more transformative changes than – say – having Siri read  your text messages to you through your stereo system. The applications of smart road and connected infrastructure are almost limitless. But at this early stage (mostly proof of concept), much of the light and heat around smart roads is around applications of remote sensors at the roadside, or embedded in the road surface to identify problems like icy roads, the presence of liquids, traffic density, vehicle and pedestrian detection and more. For a nice overview of some sensor applications, check out this video from Liebelium. But that doesn’t mean that attacks against smart infrastructure are problems for the future. The security researcher Cesar Cerrudo points out in a blog post over at IOActive.com that many […]

heartbleed SSL image

Tripping Over Heartbleed’s Long Tail

The news about the dreadful Heartbleed OpenSSL vulnerability keeps pumping – almost a month since it first made headlines. But now that other, equally scary security news is stealing the headlines (like the nasty Internet Explorer vulnerability that was announced this week, Heartbleed is taking a back seat. So where do things stand? I think its safe to say that we’re entering a phase that might be considered Heartbleed’s ‘long tail.’ On the one hand: there’s evidence of good news. The Register reported today that data collected by the firm Qualys suggests that almost all websites that were vulnerable to Heartbleed three weeks ago are now patched and no longer vulnerable. The Register’s John Leyden quotes Ristic, the director of engineering at Qualys, putting the percent of web sites, globally, that are still vulnerable to Heartbleed at 1 percent. That’s great news – but I don’t think its the end of the story […]

Heartbleed For Poets

Heartbleed For Poets And Other Must-Reads

It’s H-Day + 2 – two full days since we learned that one of the pillars of online security, OpenSSL, has contained a gaping security hole for the past two years that rendered its protections illusory. As I wrote over on Veracode’s blog today: this one hurts. It exposes private encryption keys, allowing encrypted SSL sessions to be revealed. Trend Micro data suggests around 5% of one million Internet top-level domains are vulnerable.  IOActive notes that Heartbleed also appears to leave data such as user sessions subject to hijacking, exposes encrypted search queries and leaves passwords used to access online services subject to snooping, provided the service hasn’t updated their OpenSSL instance to the latest version. In fact, its safe to bet that the ramifications of Heartbleed will continue to be felt for months – even years to come. In the meantime, there is a lot of interesting coverage and […]