In-brief: A new company, PFP Cybersecurity, says it can detect malware infections almost instantly by analyzing changes in the way infected devices consume power. The company is targeting industrial control system and critical infrastructure with new products.
We’ve been writing a lot about the issue of cyber attribution in recent weeks, following the attack on Sony Pictures Entertainment in November. That incident has become something of a Rorschach Test for those in the information security field: revealing as much about the individual attempting to explain the Sony hack as about the attack itself. Rid and a Ph.D student, Ben Buchanan, have authored a paper in the Journal of Strategic Studies. In their paper, Rid and Buchanan note that one of the biggest challenges of cyber attribution: bridging the technical and political or cultural issues that often surround cyber attribution. As Rid notes: the individuals doing the basic forensic work on the incident may not have a grasp of the larger cultural or political issues at play. That’s a dynamic we’ve seen at play (in spades) in recent news about the hack of Sony Pictures. In this podcast, Rid […]
There are many superlatives to describe the hack of Sony Pictures Entertainment. It has been called the “worst” and “most destructive” hack of all time. It has been likened to a nuclear bomb. It has been called an act of cyber warfare. But, behind all the hyperbole, the Sony hack is just another hack – albeit a bad one. And like any other cyber crime, there are questions about the ‘whys’ and ‘how’s’ of the Sony hack that have yet to be answered to anyone’s satisfaction. Chief among them: how the attackers were able to sneak terabytes of data off of Sony’s corporate network without being noticed. [Read more Security Ledger coverage of the Sony Pictures Hack here.] The sad truth may be that making off with terabytes worth of data may be easier than you think. Like you, I found this notion preposterous. But an informal poll of respected security experts that […]
Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech. [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]
The Director of the FBI James Comey offered his most direct retort to date to those who doubt the Bureau’s case against the Democratic Peoples Republic of Korea (DPRK), saying that the hackers who pillaged Sony Pictures Entertainment were “sloppy” and revealed the source of the attack – IP addresses linked to the reclusive government, Ars Technica reports. Comey was speaking at ICCS, the International Conference on Cyber Security in New York City on Wednesday. He said that, while the Sony attackers largely concealed their identity by using proxy servers, on several occasions they “got sloppy” and connected directly to Sony’s network, revealing their own IP address in the process. Those slip-ups provided evidence linking North Korea to the attack on Sony’s network, he claimed. The IP address isn’t the only evidence, however. (Thankfully.) Comey also said that “analysts at the FBI found the patterns of writing and other identifying data […]
