After having spent the past few months trying to get myself acquainted with the world of SCADA, it was time to look into the history of attacks it has been subject to. For the uninitiated, SCADA (Supervisory Control And Data Acquisition) is the term used for systems that are used to control physical equipment - such as in industries like power plants, oil and gas pipelines; at public facilities like metal detectors at airports; and even in private facilities e.g. to control/monitor processes like heating, ventilation, energy consumption etc. The... [Read More]
by RSS Ruchna Nigam  |  Feb 12, 2015  |  Filed in: Security Research
Following a post by F-Secure this June, bringing to light a variant of the Havex malware family targetting ICS/SCADA systems, there has been much speculation regarding the motives behind this malware campaign. That makes it only the second known malware family directly targeting SCADA equipment, after the infamous Stuxnet that reportedly set back Iran's nuclear program by 2 years. Symantec has called the attackers DragonFly while Crowdstrike refers to them as Energetic Bear in their 2013 Threat Report. Overall, there are two components of the... [Read More]
by RSS Ruchna Nigam  |  Jul 15, 2014  |  Filed in: Security Research
A SCADA environment (Supervisory Control and Data Acquisition) is unlike a conventional IT network in that it provides interconnectedness between industrial systems such as robots, valves, thermal or chemical sensors, command and control systems and HMI (Human Machine Interface) systems, rather than desktops. These environments monitor, manage and administer critical infrastructures in various fields such as transport, nuclear, electricity, gas, water, etc. Historically, these SCADA control systems have used a dedicated set of communication protocols... [Read More]
by RSS Michael Perna  |  Sep 18, 2013  |  Filed in:
Our previous post details the history of advanced persistent threats (APTs) as well as some of the most significant attacks, their origins and high-profile targets. In this post, we'll break down the stages of an attack, as well as APT attack tools and defensive solutions, as described by Fortinet's Richard Henderson's in the report "Threats on the Horizon: The Rise of the Advanced Persistent Threat." One of the many factors that distinguish advanced persistent threat (APT) attacks are their multiple components. First things first, though: The... [Read More]
by RSS Stefanie Hoffman  |  Jul 11, 2013  |  Filed in: Industry Trends
It’s a rare month that we don’t see the term Advanced Persistent Threat grace news headlines, wreaking havoc on nuclear power facilities, Iranian intelligence agencies and international banking systems.In recent months, the term APT has seemed to take center stage, drilled into our everyday vernacular as researchers continue to discover new and increasingly sophisticated threats one after the other. And like sequels to a blockbuster movie, each successor seems bigger and badder, with more special effects. The metaphor isn’t too far from... [Read More]
by RSS Stefanie Hoffman  |  Sep 27, 2012  |  Filed in: Industry Trends
Over the last month, the Flame virus quite literally burst onto the scene with its technical complexity and sophistication that outpaced the most advanced pieces of malware to date. Weighing in at 20 MB, the piece of code, dubbed Flame, wowed the security community with covert cyber espionage abilities usually relegated to Jason Bourne and Ethan Hunt. Among other things, Flame can sit silently on a victim’s machine and capture screenshots, intercept network traffic and stealthily record audio in the room, which it subsequently sends to remote... [Read More]
by RSS Stefanie Hoffman  |  Jun 25, 2012  |  Filed in: Industry Trends
Maybe it was something in the water, but the last week of May was indeed a week of extremes--from the biggest threat on record to the tiniest Trojan to an unusual and completely unexpected act of transparency from Apple. Here's what the security landscape looked like for May 29-June 1. Flame Ignites Fire In Security Community: It might be hard to imagine a an attack that can outpace unprecedented targeted threats such as Stuxnet and Duqu. But last week, the emergence of the Flame virus on the security landscape put them all to shame. The... [Read More]
by RSS Stefanie Hoffman  |  Jun 04, 2012  |  Filed in: Industry Trends
It seems that lately, threats that were once were simply known as “malware” or “viruses” have been elevated to the status of Advanced Persistent Threat (APT), a term that has strategically been used to strike fear in the hearts of consumers. These days, APTs have a much more common presence in the media, and some of the most notorious have included major global threats such as Ghostnet (a botnet deployed in various offices and embassies to monitor the Dalai Lama agenda), Shady RAT (like Ghostnet but with government and global corporate... [Read More]
by RSS Stefanie Hoffman  |  Apr 25, 2012  |  Filed in: Industry Trends
Since the Belarus vendor VirusBlokAda pulled the alarm last week on a new malware deemed “Stuxnet”, a whole lot of information has been released here and there on different portions of the threat. As a matter of fact, the Stuxnet case presents a certain level of multiplicity, as it consists in an “exploit” part, a “rootkit” part, involves specific infection vectors, targets a specific class of victims, and has unusual characteristics (for instance regarding software certificates). The subsequent fragmentation of information across the... [Read More]
by RSS Guillaume Lovet  |  Jul 21, 2010  |  Filed in: Security Research