In-brief: Did security researcher Chris Roberts attempt to tamper with in-flight systems during a United Airlines flight from Denver to Chicago in April? An FBI affidavit says “yes,” Roberts says “no way.”
ICS-CERT
Surgical Robots The Latest To Fall To Whitehats
In-brief: Researchers from the University of Washington demonstrated attacks against “a slew” of exploitable vulnerabilities in a surgical robot they helped develop. They included attacks that could cause “jerky motion of robot’s arms” or render the surgical robot “motionless” and “almost unusable.”
Drug Pumps Vulnerable to trivial Hacks, DHS warns
In-brief: The Department of Homeland Security warned that drug infusion pump management software sold by Hospira contains serious and exploitable vulnerabilities that could be used to remotely take control of the devices.
DHS: APT behind Half of Cyber Incidents In Critical Infrastructure
In-brief: A new report from the Department of Homeland Security reveals that there were 245 reported incidents of cyber attacks on critical infrastructure in 2014. More than half were attributed to sophisticated “APT” type actors.
Banking Trojans Pose as SCADA Software to Infect Manufacturers
Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech. [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]
