In the recent blog, “Stuxnet Targeting Specific SCADA Configurations,” Danny Lieberman provides a nice, thorough analysis of the high-profiled Superworm in its current state. From what we know, the virus targets plants with a specific configuration, is activated whenever WinCC or PCS7 software from Siemens is installed, and can influence the processing of operations in the control system under certain boundary conditions. And for the time being, Stuxnet can be removed from affected systems by standard antivirus programs with updated signatures as of August 2010.
This is what we know, but unfortunately, it’s what we don’t know that poses the real threat.
As I mentioned when Stuxnet was first discovered, it’s not the actual worm itself that poses the greatest threat, it’s copycat attacks that use the Stuxnet blueprint to take cyberweaponry to the next level. Continue reading this post…
There’s always a way in.
That’s the straightforward, yet disturbing message that hacker-for-hire, Marc Maiffret, made after his team, hired by a large California-based water system to probe the vulnerabilities of its computer networks, took control of the equipment to add chemical treatments to drinking water within one day, hypothetically making the water undrinkable for millions of homes. Continue reading this post…
The group of anonymous, yet highly proficient, hackers who recently released a decrypted version of the infamous Stuxnet cyberworm has, in my opinion, potentially opened up a Pandora’s box to similar worms and malware kits that could serve the same malicious intent.
While the article, “Anonymous Hackers Release Stuxnet Worm Online,” confirmed that the decompiled code the group has made available is not the actual worm itself, Michael Gregg, COO of Superior Solutions, said given the right tools, the information that has been leaked could make it easier for others to build something similar, essentially acting as a building block for cybercrooks. Continue reading this post…
While the New York Times article, “Israeli Test on Worm Called Crucial in Iran Nuclear Delay,” hypothesizes that Israel and the United States were behind the Stuxnet worm to undermine Iran’s efforts to make a nuclear bomb, the scariest part may not be the worm itself — but the blueprint it provides for similar cyber attacks against highly sensitive targets and critical infrastructure around the world.
It’s no secret that advancements in all research and development are predicated upon what has been done before. And the same rule applies to malware creation. Continue reading this post…
Looking back, 2010 was a breakout year for application whitelisting. Once considered an alternative anti-malware solution, a shift has occurred towards a modern, antivirus approach that has application whitelisting as the primary mechanism for preventing the execution of malicious applications, with traditional antivirus solutions playing a more reactive, cleanup role.
Unfortunately, the year also brought a number of security challenges that have permanently changed the threat landscape. The year was highlighted by several new, high-profiled targeted attacks that included the game-changing Stuxnet worm. But through it all was the fact that application whitelisting stopped portions of all these targeted attacks, no matter how new or sophisticated they were. Below, I’ve compiled a list of CoreTrace’s Top 5 blogs for 2010: Continue reading this post…