The Conficker worm didn't just hit PCs -- it also infected several hundred critical medical devices, a security expert said in a panel at the RSA security conference. Right now it's unclear how the devices, which control things like heart monitors and MRI machines, got infected. But it underlines the need to secure medical systems with embedded firewalls and anti-malware software like Mocana's NanoDefender™.
The computers are older machines running Windows NT and Windows 2000 in a local area network that was not supposed to have access to the Internet, however, the network was connected to one that has direct Internet access and so they were infected, he [Marcus Sachs, director of the SANS Internet Storm Center and a former White House cybersecurity official] recently told CNET news.
The situation illustrates the dangers of connecting critical networks, like in hospitals and in SCADA (Supervisory Control and Data Acquisition) systems used by utilities and other critical infrastructure providers, with networks connected to the Internet, he said during the panel "Securing Critical Infrastructures: Infrastructure Exposed."
"We're seeing a huge uptick in probing for SCADA systems," said Jerry Dixon, director of analysis and vice president of government relations at research firm Team Cymru. For years, the SCADA systems were separated from the public networks, but that's not the case anymore, he said.
While PCs do remain the primary targets, hackers and malware-writers are increasingly setting their sites on non-PC SCADA devices attached to the network. In other words, as PC security mechanisms have become more sophisticated, non-PC SCADA devices are becoming the more attractive, comparatively "soft" targets -- an easier way into the host network, thereby threatening our critical national infrastructure.
Download this FREE Whitepaper that dives further into why SCADA devices are under fire and what you can do about it.Read More
"The adversary doesn't get any dumber," Kevin Fu recently commented to The Boston Globe. To prove his point, Fu, who is investigating RFID attacks and countermeasures at the RFID Consortium for Security and Privacy, or CUSP, at the University of Massachusetts at Amherst, and his researchers conducted a rather extreme experiment.Read More
Two traffic engineers illegally disrupted a traffic light control system, disconnecting signal control boxes at four of LA's busiest intersections and hacking the system to prevent other managers from reconnecting the lights. It took four days to fully restore the system. Both have plead guilty to the felony and must now, along with paid restitution and community service, have their computer use at home and work monitored.Read More