Industrial threats

SCADA exploits circulating

Ever since Stuxnet hit the news last year, there has been an increased interest in the area of industrial control systems (ICS). This has been evidenced by the fact that we’ve seen a recent surge in public releases of zero-day (unpatched) vulnerabilities and exploits.

Earlier this week, we saw no less than 34 unpatched vulnerabilities posted to Bugtraq.
In the original article by The Register, there’s also mention of a SCADA exploit pack which is currently for sale to pen-testers.

I’m against full disclosure, but these developments clearly show that there’s a continued interest into these systems that are in charge of critical infrastructure — from traffic lights to power grids to airport control systems.

This field has some very interesting challenges. Reliability/uptime is the core focus in ICS/SCADA and security has been something of an afterthought.

There are companies out there who have uptimes of 28(+) years. That means they’re running an OS developed some 30 years ago. This also means that unless something changes it could take another decade (or two) before serious security changes are made.

Industrial Control Systems are right on the edge of the private-public line. Critical infrastructure is run by companies who serve the public. For many of these businesses, government regulation is driving their security effort.

Governments aren’t necessarily known for moving quickly, but the main push for better ICS/SCADA security will have to come from them.

Hopefully the media coverage around these vulnerabilities will help drive the issue.

SCADA exploits circulating

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox