ESET Threat Blog

SCADA, a network-enabled setup for controlling infrastructure, is hitting the headlines in force for falling victim to cyber scammers. There have been several incidents of unauthorized access to Supervisory Control and Data Acquisition (SCADA) systems recently, from guessing simple passwords, to full-on spear phishing attacks against a hardware vendor, which were then used to access … Read More…

[Extra link and commentary added 26th September 2011; extra link added 27th September]
I notice there's a flurry of articles around the "Stuxnet anniversary" and "After Stuxnet" themes. Some of them are even interesting, if not always for the right reasons…
I'll be back to this, though probably not today. Watch this space.

After Stuxnet, waiting on Pandora’s … Read More…

I just came across a post from The H telling us that US government warns of potential Stuxnet variants. Of course, concern about the availability and possible portability of the code is hardly a new concern, but it turns out the article refers to a "Statement for the Record" to the (deep breath) United States House … Read More…

Earlier this year I delivered a presentation at Infosec Europe on SCADA issues, a topic that's come up a lot in my articles here.
There isn't a paper to go with that presentation, but the barebones slide deck on the ESET white papers page has now been replaced with a version – Infrastructure Attacks: The Next … Read More…

Greetings, my faithful fans. Did you miss me?
I've just had a restful week hiding from the Internet in a remote cottage in Devon, which is why I've been uncharacteristically quiet. Before that, though, I had an interesting and useful week in London mostly centred round the Infosec Europe expo, where apart from wall-to-wall meetings and … Read More…

Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database.
One aspect that's attracted attention on specialist lists is the mention of a large US power company that … Read More…

Added to the resources blog at http://blog.eset.com/2011/01/03/stuxnet-information-and-resources:

Report of a Stuxnet-unrelated vulnerability in SCADA software
A speculative cyberwar link
Some links on Iranian post-Stuxnet "cybermilitia" recruitment.

http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia
http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes

David Harley CITP FBCS CISSP
jQuery(document).ready(function($) { window.setTimeout(‘loadLinkedin_5810()’,1000);window.setTimeout(‘loadFBLike_5810()’,1000);window.setTimeout(‘loadGoogle1_5810()’,1000);window.setTimeout(‘loadGBuzz_5810()’,1000);window.setTimeout(‘loadTwitter_5810()’,1000); }); function loadLinkedin_5810(){ jQuery(document).ready(function($) { $(‘.dd-linkedin-5810′).remove();$.getScript(‘http://platform.linkedin.com/in.js’); }); } function loadFBLike_5810(){ jQuery(document).ready(function($) { $(‘.dd-fblike-5810′).remove();$(‘.DD_FBLIKE_AJAX_5810′).attr(‘width’,’92′);$(‘.DD_FBLIKE_AJAX_5810′).attr(‘height’,’20′);$(‘.DD_FBLIKE_AJAX_5810′).attr(‘src’,'http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog.eset.com%2F2011%2F01%2F13%2Fstuxnet-resources-update-2&locale=en_US&layout=button_count&action=like&width=92&height=20&colorscheme=light’); }); } function loadGoogle1_5810(){ jQuery(document).ready(function($) { $(‘.dd-google1-5810′).remove();$.getScript(‘https://apis.google.com/js/plusone.js’); }); } function … Read More…

…or at least a lot clearer than it has been.
Much of the controversy about the origin and targeting of Stuxnet derived from the uncertainty about exactly what its code was meant to do. Even after it was established that it was intended to modify PLC (Programmable Logic Controller) code, details of the kind of installation … Read More…

In researching today’s SC Magazine Cybercrime Corner article “From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier”, I came across this ‘Damn Interesting’ article which showcases the successful cyberwarfare compromise of a SCADA / pipeline control system nearly thirty years ago, an event which I had heard stories about in Navy circles but … Read More…

While the defining research on the Stuxnet topic doesn’t go this far, Forbes writer Trevor Butterworth went out on a limb to name names along with detailing the warfare aspects:

As I noted last week – and as the news media have only begun to grasp – Stuxnet represents  a conceptual change in the history of … Read More…