terrorism

Industrial Control Vendors Identified In Dragonfly Attack

Two of the three vendors who were victims of a targeted malware attack dubbed ‘Dragonfly’ by the security firm Symantec have been identified by industrial control system security experts. Writing on Tuesday, Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers. Peterson has also identified the third vendor, identified by F-Secure as a Swiss company, but told The Security Ledger that he cannot share the name of that firm. The three firms, which serve customers in industry, including owners of critical infrastructure, were the subject of a warning from the Department of Homeland Security. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it was alerted to compromises of the vendors’ by researchers […]

DHS Warns Energy Firms Of Malware Used In Targeted Attacks

The Department of Homeland Security warned firms in the energy sector about new, targeted malware infecting industrial control systems and stealing data. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it is analyzing malware associated with an ICS-focused malware campaign. The malicious software, dubbed “Havex” that was being spread by way of phishing emails and so-called “watering hole” attacks that involved compromises of ICS vendor web sites. DHS was alerted to the attacks by researchers at the security firms Symantec (which dubbed the malware campaign “Dragonfly”) and F-Secure (“Havex”) -a remote access trojan (or RAT) that also acts as an installer (or “downloader”) – fetching other malicious applications to perform specific tasks on compromised networks. One of those additional payloads is a Trojan Horse program dubbed Karagany (by Symantec) that has been liked to prior attacks on energy firms. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, […]

FireEye Report: Iranian Hacker Group Becoming More Sophisticated

A report from the security firm FireEye claims that hacking crews based in Iran have become more sophisticated in recent years. They are now linked to malicious software campaigns targeting western corporations and domestic actors who attempt to circumvent Internet filters put in place by the ruling regime.   The report, dubbed “Operation Saffron Rose,”(PDF)  was released on Tuesday. In a blog post accompanying the research, FireEye researchers say that it has identified a group of hackers it is calling the “Ajax Security Team” that appears to have emerged out of Iranian hacker forums such as Ashiyane and Shabgard. Once limited to website defacements, the Ajax team has graduated to malware-based espionage and other techniques associated with “advanced persistent threat” (APT) style actors, FireEye said. The researchers claim that the group has been observed using social engineering techniques to implant custom malware on victims’ computers. The group’s objectives seem to align with those […]

connected car - audi-thumbnail

Traffic Monitoring Tech Vulnerable To Hacking

Connected cars aren’t the only transportation innovation that’s coming down the pike (pun intended). As we’ve noted before: smart roads and smart infrastructure promise even more transformative changes than – say – having Siri read  your text messages to you through your stereo system. The applications of smart road and connected infrastructure are almost limitless. But at this early stage (mostly proof of concept), much of the light and heat around smart roads is around applications of remote sensors at the roadside, or embedded in the road surface to identify problems like icy roads, the presence of liquids, traffic density, vehicle and pedestrian detection and more. For a nice overview of some sensor applications, check out this video from Liebelium. But that doesn’t mean that attacks against smart infrastructure are problems for the future. The security researcher Cesar Cerrudo points out in a blog post over at IOActive.com that many […]

Diagram of a steam engine

Is Analog The Answer To Cyber Terrorism?

Ralph Langner is one of the foremost experts on the security of critical infrastructure that we have. So, generally, when Ralph says something – whether its about Stuxnet, or cyberwar or the security of nuclear power plants – folks listen. And these days, Ralph is wondering, out loud, whether our reliance on digital systems to manage critical infrastructure has gone too far. The answer, he suggests, may be to go “back to the future,” as it were: reintroducing analog systems into the control process chain as a backstop for cyber attacks. Case in point: the Department of Homeland Security’s ICS-CERT warned on Friday that firmware for Siemens SIMATIC S7-1500 CPUs (Central Processing Units) contain nine vulnerabilities that could enable attacks such as cross site request forgery, cross site scripting and URL redirection. (Siemens has issued a firmware update that patches the holes.) Langner is among the world’s foremost experts on […]