In-brief: A Michigan utility was knocked offline for much of last week following a ransomware infection that compromised the utility’s corporate network, but did not affect the delivery of water and electricity.
Threats
Podcast: Privacy Sweeps and securing the IoT Supply Chain
In-brief: Security Ledger Editor in Chief Paul Roberts speaks with John Dickson, a principal at Denim Group about the recent Internet of Things privacy sweep and about the challenge of securing the Internet of Things supply chain.
Reuters: German Nuke Plant Infected by Conficker, Ramnit Malware
In brief: the Gundremmingen nuclear power plant in Germany disclosed a malicious software infection including the Conficker and Ramnit malware. The infection occurred on systems used to help move nuclear fuel rods, Reuters reported.
Antivirus Players Vying for Industrial Control Systems Business
In-brief: news from incumbent endpoint protection firms Symantec and Kaspersky Lab that they are ramping up efforts to sell their wares into industrial control systems environments suggests that the death of anti virus may have been greatly exaggerated.
Blurred Lines: Sophisticated Hacks Building On Commodity Crime Tools
The information security industry has long operated with the premise of two, very different kinds of threats: indiscriminate, cyber criminal activity aimed at making money quick and sophisticated, targeted attacks intended to provide long term competitive advantage to another company (or economy), disrupt the operation of the target or provide a (future) strategic advantage in some kind of cyber conflict. But new research from FireEye suggests that the lines between sophisticated and unsophisticated cyber operations are blurred, making it hard for organizations to know if a given infection is merely bad luck, or evidence of a larger and more dangerous operation. Writing about a new financially motivated hacking crew called Fin6, FireEye said that the group, which targeted point-of-sale systems made off with “millions of payment card numbers.” Still, FireEye said that it couldn’t figure out how the group compromised its victims. “In Mandiant’s investigations of FIN6, the group already […]
