DHS

Banking Trojans Pose as SCADA Software to Infect Manufacturers

Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech.   [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]

Continue Reading

Senator Warns of DHS Struggle with Cyber Security

U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]

Continue Reading

U.S. Sanctions 10 For Sony Hack, Keeps Mum on Evidence

  As the New York Times reports, the Obama administration doubled down on its recent allegation that the Democratic Peoples Republic of North Korea (DPRK) was behind the hacking of Sony Pictures, announcing sanctions on 10 senior North Korean officials and several organizations in response to the incident. Paradoxically, the administration acknowledged that there is no evidence that the 10 officials took part in either ordering or planning the Sony attack. Instead, they described them as “central to a number of provocative actions against the United States,” the Times reported. Those ‘provocative actions’ were not described. The actions mirror the Administration’s controversial decision, in May, to charge five Chinese military officers in May, 2014, for their connection to computer hacking and cyber espionage campaigns directed at U.S. firms in the nuclear power, metals and solar products industries. In the case of the Chinese nationals, however, the FBI cited evidence linking the five military officers to […]

Continue Reading

Uncle Sam Taking a Back Seat in Cyber Defense | Bloomberg

Bloomberg has a story on the collaborative, private sector effort to thwart an industrial hacking campaign linked to Chinese intelligence.   The effort, which involved firms like FireEye and iSight Partners “demonstrates for the first time a private-sector model that they believe can move faster than investigations by law enforcement agencies,” the report said. From the article: The take-down largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members — which include Microsoft Corp., Cisco Inc. and Symantec Corp. — say they can act faster than governments because they operate global Internet systems and have business relationships with tens of thousands of companies. Read more via China-Linked Hacking Foiled by Private-Sector Sleuthing – Businessweek.

Continue Reading

For Cyber Security Awareness Month: Change Your Passwords, Or Ditch Them?

October has arrived. And while that means colorful foliage and Halloween for many of us, it is also a special time in the information security industry: cyber security awareness month – or NCSAM. Security Ledger will be supporting NCSAM this month with banner ads and other content that highlight NCSAM events. Cyber Security Awareness Month – in its 11th year-  is a public-private effort to raise public awareness about online security and safety. It’s best known for the “Stop. Think. Connect.” meme, but also is an occasion for elected officials and private sector firms to highlight cyber security issues. In a Presidential Proclamation released on Tuesday, President Obama called cyber threats “one of the gravest national security dangers the United States faces.” “They jeopardize our country’s critical infrastructure, endanger our individual liberties, and threaten every American’s way of life. When our Nation’s intellectual property is stolen, it harms our economy, […]

Continue Reading
1 11 12 13 14 15