Tag: SCADA

Security and Patching Challenge the Industrial Internet| CIO

Security and Patching Challenge the Industrial Internet| CIO

  The magazine CIO has picked up on a report by the firm National Instruments on some of the key challenges facing the industrial Internet of Things. No surprise: security and management are two of them. National Instruments has an interesting perspective on the topic: it makes equipment that is used by heavy industry (energy, oil and gas, automotive, etc.) to monitor industrial processes. As a result, NI is knee deep in the transformation to “smart” industry powered by autonomous, sensing equipment. The company anticipates big challenges as more and more industrial systems come online. From the article: “As massive networks of systems come online, these systems need to communicate with each other and with the enterprise, often over vast distances…Both the systems and the communications need to be secure, or millions of dollars’ worth of assets are put at risk.” Beyond that, NI notes that companies developing products for the industrial Internet of Things […]

Banking Trojans Pose as SCADA Software to Infect Manufacturers

Banking Trojans Pose as SCADA Software to Infect Manufacturers

Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech.   [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]

The FDA issued guidance for manufacturers to address cyber security issues in the design of connected medical devices.

FDA Issues Guidance on Security of Medical Devices

The U.S. Food and Drug Administration (FDA) issued final guidance on Wednesday that are designed to strengthen the safety of medical devices. The FDA called on medical device manufacturers to consider cyber security risks as part of the design and development of devices. The document, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” asks device makers to submit documentation to the FDA about any “risks identified and controls in place to mitigate those risks” in medical devices. The guidance also recommends that manufacturers submit documentation of plans for patching and updating the operating systems and medical software that devices run. The document, which will be released on Thursday, does not contain specific requirements. Rather, it describes the kinds of things that medical device manufacturers should consider when preparing pre-market submissions for medical devices in areas such as information confidentiality, integrity, and availability, the FDA said. The release of the document follows the […]

DHS Warns Energy Firms Of Malware Used In Targeted Attacks

DHS Warns Energy Firms Of Malware Used In Targeted Attacks

The Department of Homeland Security warned firms in the energy sector about new, targeted malware infecting industrial control systems and stealing data. DHS’s ICS CERT, the Industrial Control Systems Computer Emergency Response Team, said it is analyzing malware associated with an ICS-focused malware campaign. The malicious software, dubbed “Havex” that was being spread by way of phishing emails and so-called “watering hole” attacks that involved compromises of ICS vendor web sites. DHS was alerted to the attacks by researchers at the security firms Symantec (which dubbed the malware campaign “Dragonfly”) and F-Secure (“Havex”) -a remote access trojan (or RAT) that also acts as an installer (or “downloader”) – fetching other malicious applications to perform specific tasks on compromised networks. One of those additional payloads is a Trojan Horse program dubbed Karagany (by Symantec) that has been liked to prior attacks on energy firms. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, […]

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

The plot of the 1982 film Blade Runner (loosely based on the 1968 novel Do Androids Dream of Electric Sheep by Philip K Dick) turns on the question of what makes us ‘human.’ Is it memories? Pain? Our ability to feel empathy? Or is it merely the foreknowledge of our own certain demise? In that movie, a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them.  In essence: the replicants want to become immortal. It’s a cool idea. And the replicants – pre-loaded with fake memories and histories – pose an interesting philosophical question about what it is that makes us humans. Our artificial intelligence isn’t quite to the ‘replicant’ level yet (the fictional tale takes place in 2019, so we have time). But some […]