Kaspersky Lab has a fascinating write-up of malware it is calling “DarkHotel.” The information-stealing software is believed to target traveling executives. Curiously, Kaspersky says the malware may be almost a decade old and is found only on the wireless networks and business centers of select, high-end hotels. Reports about targeted attacks on traveling executives are nothing new. However, the Kaspersky report (PDF version here) may be the most detailed yet on a specific malicious software family that is devoted to hacking senior corporate executives. According to Kaspersky, the DarkHotel malicious software maintained a presence on hotel networks for years, with evidence of its operation going back as far as 2007. The malware used that persistent access to target select hotel guests, leveraging check-in/check-out and identity information on guests to limit attacks to high value targets. Targeted guests were presented with iFrame based attacks that were launched from the hotel’s website, […]
Hardware
Malware Campaign Against Industrial Systems Almost 3 Years Old
The U.S. Government’s Industrial Control System CERT (ICS-CERT) said on Thursday that a campaign targeting industrial control system (ICS) software began in January, 2012 and targeted industrial systems that were directly connected to the public Internet. ICS-CERT said in an alert published on Wednesday that “HMI” (or Human-Machine Interfaces) products from vendors including GE, Advantech/Broadwin and Siemens may have been infected with variants of the BlackEnergy malware since January, 2012. Infected firms were running versions of the GE’s Cimplicity, Advantech/Broadwin’s WebAccess or Siemens’ WinCC with what ICS-CERT called a “direct Internet connection.” In some cases, as with the GE Cimplicity attacks, hackers exploited a known vulnerability in the Cimplicity software to gain access. In others (as with WebAccess and WinCC) the method by which the software was compromised isn’t known, ICS-CERT said. CERT said it hasn’t documented any cases of control processes being modified by the malware. However, BlackEnergy is typically used […]
You’re Doing NAT Wrong! One Million SOHO Routers Vulnerable
A vulnerability in more than 1 million small office and home office (or SOHO) routers makes them potentially vulnerable to remote attacks that could expose private internal network traffic to prying eyes, according to a warning posted by the firm Rapid7.
Is IoT Innovation Outpacing Our Ability To Keep It Safe?
GigaOm has an interesting, high-level piece that looks at the issue of law, liability and the Internet of Things. The article takes off from a discussion at the Download event in New York City earlier this month, wondering whether adoption of Internet of Things technologies like wearables is starting to run far ahead of society’s ability to manage them. Specifically: is the pace of technology innovation outstripping the ability of our legal system to reign in excess and protect public safety and civil liberties? On the list of ‘what-if’s’ are some familiar questions: How to assign liability. (“If one of Google’s automated cars crashes, is it the fault of the driver or Google?”) Read more Security Ledger coverage of Internet of Things here. What responsibility to users have to take advantage of safety features in connected products? (Does a parent’s failure to password-protect a baby monitor change the manufacturer’s liability when and […]
The IoT Comes To Chicago: IoT World Forum
The Internet of Things is increasingly an industry unto itself, with the conferences to prove it. And “no,” I’m not just talking about The Security of Things Forum – Security Ledger’s own IoT and security show. (Videos from our first annual show are now available, by the way. Register to view them here.) No: there are forums and symposiums focused on all different aspects of IoT: smart cities, design, wearables, and so on. There’s O’Reilly’s Solid, GigaOm Structure and any number of smaller, regional events. I’m at one of the more prominent IoT shows this week: The Internet of Things World Forum (IoTWF), which is sponsored by Cisco Systems. I’m moderating a really interesting panel that addresses a critical issue: the ways in with information technology (IT), operations technology (OT) and consumer technology (CT) converge in the IoT. These are three areas that, until recently, were separate. But a variety of developments […]
