Analyzing ICS/SCADA Cyber Attacks

By Robert Vamosi | 11/14/12 2:17 AM

Researchers, looking at seven years of data, have concluded that Industrial Control Systems are vulnerable to cyber attacks in the near and foreseeable future.

Read More >

DHS Warns Of New ICS Attacks Via Shodan

By Robert Vamosi | 10/29/12 4:23 AM

LAst Thursday, DHS issued a new warning to Industrial Control System operators on new and increasing threats.

Read More >

Kaspersky Authors SCADA OS

By Robert Vamosi | 10/16/12 6:14 AM

Recent against SCADA and industrial-control systems have lead one security researcher to create a secure OS of his own.

Read More >

The Power of Shodan

By Robert Vamosi | 8/3/12 2:10 AM

Did you know there are hydrogen fuel cells attached to the Internet? According to one researcher there's a lot more of the Internet of Things that's accessible from the search engine Shodan than first meets the eye.

Read More >

Does ICS Need A DEFCON Readiness Condition?

By Robert Vamosi | 5/17/12 8:43 AM

With attacks increasing on Industrial Control Systems, it has been suggested that this critical infrastructure in particular have a state of readiness similar to the DEFCON status used in warfare.

Read More >

Increasing Use Of Public Cellular Networks In ICS/SCADA

By Robert Vamosi | 4/27/12 2:01 AM

At the recent Midwest Energy Association Summit, discussion broke out about "negotiating private cellular communications versus dependence on fully public networks" among the ICS/SCADA operators present. Many, apparently, are installing their own femtocell and microcell deployments, despite the costs and regulatory issues around frequency bandwidth and use.

Read More >

Langner: Stuxnet Is a Stealth Control System

By Robert Vamosi | 1/18/12 3:59 AM

Speaking at the S4ICS conference in Miami, FL on Wednesday, Ralph Langner described Stuxnet as a long-term Man-in-the-Middle attack rather than a short-term virus attack.

Stuxnet is a two-step malware product that first infects Windows systems, then attacks Siemens System 7 PLC units, such as those being used in Iran for nuclear research. Langner, a security researcher who knows more about Stuxnet code than practically anyone else, was quoted as saying, "we are 100 percent confident that Stuxnet's target was the Natanz enrichment plant in Iran."

Read More >

Remote SCADA Vulnerabilities Hit Schneider Electric

By Robert Vamosi | 12/14/11 4:43 AM

On Monday, a security researcher published new vulnerabilities affecting remote access to the “NOE 771” devices manufactured by Schneider Electrics, one of the world's largest manufacturer of SCADA system devices. The vulnerabilities prompted the ICS-CERT to issue an alert.

Rubén Santamarta (a.k.a. "Reverse Mode"), a 29-year old European-based independent security researcher who previously showed how to hack into the Large Hadron Collider at CERN, said that he was able to attack these devices remotely after first locating vulnerable NOE 771 devices through the SHODAN search engine and then downloading the firmware from Schneider Electric. After reverse engineering the firmware update, Santamarta found he could load a trojanized firmware update, use non-documented hidden accounts, and use other non-documented functionalities. The trouble is in how the devices access remote access commands.

Read More >

Duqu: Son of Stuxnet

By Robert Vamosi | 10/18/11 4:10 AM

It had to happen: Someone has released the next-step toward the next-generation Stuxnet virus, although the target of this new virus is yet unclear.

Read More >

The 2010 Rise of Stuxnet and Other Security Shake-Ups for Industrial Control Systems

By JDavis | 2/15/11 6:18 AM

The state of cybersecurity for industrial control systems is weakening while the push for productivity is at large. As industrial and corporate networks have become united, this has complicated the interconnectedness of their control systems. The result has been the increased vulnerability to security threats, many of which are the same that plague enterprise networks, and many that are new sources that these devices were never designed to handle.

Read More >