Archive for the ‘critical infrastructure’ Category

Russia was likely behind dangerous critical infrastructure attack, report says

October 24th, 2018
Russia was likely behind dangerous critical infrastructure attack, report says

Enlarge (credit: Eni An Energy Company)

Malware that caused a dangerous operational failure inside a Middle Eastern critical infrastructure facility was most likely developed by a Russian government-backed research institute, researchers from US security firm FireEye said Tuesday.

The malware, alternately dubbed Triton and Trisis, was most likely designed to cause physical damage inside critical infrastructure sites, such as gas refineries and chemical plants, FireEye researchers said in a report published in December. The attack worked by tampering with a safety instrumented system, which the targeted facility and many other critical infrastructure sites use to prevent unsafe conditions from arising. FireEye’s December report said a nation state was most likely behind the attack, but stopped short of identifying the country.

In a report published Tuesday, FireEye said its researchers now assess with high confidence that the malware used in the attack was developed with the help of the Central Scientific Research Institute of Chemistry and Mechanics in Moscow. The assessment was based on a variety of evidence that not only implicated the institute, which in Russian is abbreviated as CNIIHM, but also a specific professor who works there. Evidence linking the CNIIHM to the attack—which FireEye now calls TEMP.Veles—included malware that was tested inside the institute, artifacts left inside the malware used in the attack, an IP address belonging to CNIIHM, and the malware developer’s operating hours, which showed them observing the work a normal work schedule in Moscow.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, critical infrastructure, FireEye, russia | Comments (0)

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

October 24th, 2018
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON, also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety

Posted in critical infrastructure, FireEye, hacking news, ICS Malware, industrial control system, malware, Russian hackers, SCADA Malware, Scada system, Trisis, Triton Malware | Comments (0)

‘Gloomy times ahead’ for security on critical infrastructure, warn experts

August 21st, 2017

NIST is raising awareness that security through obscurity has become a thing of the past – but are we doing enough to protect infrastructure such as dams and power plants?

Posted in critical infrastructure, government security, Industrial Control Systems, process sensors, Security threats | Comments (0)

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated…

Read the whole entry… »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

Exploits Available for Siemens Molecular Imaging Vulnerabilities

August 4th, 2017

ICS-CERT published advisories this week warning users of Siemens molecular imaging products of publicly exploits for Windows 7 versions of those devices.

Posted in critical infrastructure, health care, molecular imaging products, Siemens, vulnerabilities | Comments (0)

Vulnerable Radiation Monitoring Devices Won’t Be Patched

July 26th, 2017

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Posted in Black Hat, critical infrastructure, Digi, firmware vulnerabilities, hardware hacking, IOActive, Ludlum Portal Monitors, Mirion WRM2 protocol, nuclear power plant security, radiation monitoring devices, RF analysis, Ruben Santamarta, vulnerabilities | Comments (0)

Siemens Patches Authentication Bypass Flaw in SiPass Server

July 14th, 2017

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server.

Posted in authentication bypass, critical infrastructure, Man in the middle, Siemens, Siemens patches, Siemens SIMATIC Sm@rtClient for Android, Siemens SiPass integrated server, vulnerabilities | Comments (0)

Energy, Nuclear Targeted with Template Injection Attacks

July 10th, 2017

Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities.

Posted in Cisco Talos, critical infrastructure, Critical infrastructure attacks, docx, GitHub, Phishery, phishing attack, Relationship ID, Server Message Block, SMB server, URL injector, WebDAV, Wolf Creek Nuclear Operating Corporation | Comments (0)

Workarounds Available for Flaws in Siemens RUGGEDCOM Gear

March 29th, 2017

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available.

Posted in critical infrastructure, Cross site scripting, file upload vulnerability, harsh environments, Input validation, Maxim Rupp, path traversal, RuggedCom, server misconfiguration, Siemens, vulnerabilities | Comments (0)

Privilege Escalation Flaw Patched in Schneider Wonderware

March 10th, 2017

Schneider Electric patched a vulnerability in the Tableau Server running in its Wonderware analytics and visualization platform that could allow an attacker to elevate privileges.

Posted in critical infrastructure, ICS-CERT, privilege escalation vulnerability, Schneider Electric, Tableau Server, vulnerabilities, Wonderware Intelligence | Comments (0)