SCADA – ICS

Missing in Action At BlackHat: The PC

Once the target of choice for hackers of all stripes, personal computers (PC) will be -at most- a side attraction at this year’s annual Black Hat Briefings show in Las Vegas, where presentations on ways to attack mobile devices and other networked “stuff” will take center stage. Just over ten percent of the scheduled talks and turbo talks at The Black Hat Briefings in early August (5 of 47)  will be devoted to attacks against what might be considered “traditional” endpoints, like end user systems and servers running Microsoft’s Windows, Apple’s Mac OSX and Linux. By contrast, more than 30% will discuss security flaws and attacks against mobile phones or other “smart” devices including wireless surveillance cameras, home automation systems and smart meters. The dearth of PC-focused talks isn’t a new trend in and of itself. As far back as 2006, talks that explicitly discussed security issues with components of Microsoft’s […]

Continue Reading

IT Security A Major Stumbling Block To Smart Manufacturing

The Internet of Things holds tremendous promise for the manufacturing space. But smart factories may still be more than a decade away, due in part to a lack of solid IT security controls, according to a survey of 1,300 German manufacturing firms and academics. The survey of 1,300 members companies and universities by the German Association for Electrical, Electronic, and Information Technologies (VDE) found that only 20% anticipated adoption of “smart production” (or “Industry 4.0” – as its referred to) by the start of the next decade. In contrast, 70% of those surveyed doubted that smart manufacturing goals would be achieved by 2025, despite obvious advantages. Why the skepticism? One commonly cited reason is a lack of strong IT security. According to a write-up on SAP’s blog, IT security was the most oft-cited obstacle to setting up smart factories. Sixty six percent of those surveyed cited security concerns as a reason to […]

Continue Reading

Botnet Of Embedded Devices Used To Map Internet

Botnets are mostly linked with spam e-mail campaigns, denial of service attacks and data theft. But global networks of compromised hosts can be used for a variety of ends – not all of them malicious. That was the idea behind “Internet Census 2012,” a stealth project by an unnamed and unknown researcher/hacker to map the entire IPV4 Internet address space using a massive network of compromised devices. The results, published in the form of a research paper, underscore the problem of  unsecured embedded devices, including set top boxes, home routers and critical infrastructure, with the hacker able to locate and compromise these systems, creating a botnet of more than 420,000 nodes. According to a copy of the report, the project grew out of an experiment to locate unprotected devices online using nmap, the open source scanning tool. By compromising each vulnerable host and then enlisting it to scan for other […]

Continue Reading

Obama Lays Down The Law On Cyber Espionage

The Obama Administration on Wednesday released a report detailing new Administration measures to protect U.S. trade secrets and intellectual property. The report: “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets” (PDF) establishes a new foundation for cooperation between the U.S. government and the private sector. It comes just days after a bombshell, 60-page report by the security firm Mandiant that described the activities of “APT1” – a hacking group that Mandiant claims is actually a cyber warfare unit of China’s People’s Liberation Army (PLA). In a post on the Whitehouse blog, the Administration said the Strategy is a continuation of Obama Administration policy to protect U.S. companies from the theft of trade secrets. Under the new Strategy, the Administration will take a “whole government” approach, using diplomatic pressure via the State Department, coordinated, international legal pressure through the Department of Justice and FBI. The U.S. will tap the […]

Continue Reading

Report Exposes Links Between Chinese Govt., Hacking Group

If you read one story today (besides this one, of course!) it should be The New York Times’ write-up of a just-released, 60-page report (PDF) on a Chinese hacking group known as APT1 by the security firm Mandiant. At a one level, the report doesn’t tell us anything we didn’t already know: APT1 is a professional, hacking crew that operates from within China and with the full knowledge and support of the Chinese Government. Most of us already suspected that. The report is worth reading for the depths of Mandiant’s research into APT \1 and the revelations of just how close the ties are to the Chinese government and, particularly, the People’s Liberation Army (PLA). Specifically: Mandiant is able to parse the findings of around 150 intrusions it has analyzed that are attributable to APT 1 – which is probably some small fraction of all the attacks the group has carried out. […]

Continue Reading
1 11 12 13 14 15