惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
SegmentFault 最新的问题
Y
Y Combinator Blog
Recorded Future
Recorded Future
博客园 - Franky
I
InfoQ
T
The Blog of Author Tim Ferriss
Recent Announcements
Recent Announcements
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园_首页
阮一峰的网络日志
阮一峰的网络日志
T
Tailwind CSS Blog
Cyberwarzone
Cyberwarzone
The Register - Security
The Register - Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
Cloudbric
Cloudbric
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
MongoDB | Blog
MongoDB | Blog
F
Full Disclosure
Google DeepMind News
Google DeepMind News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Check Point Blog
爱范儿
爱范儿
The GitHub Blog
The GitHub Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
T
Threat Research - Cisco Blogs
U
Unit 42
N
Netflix TechBlog - Medium
The Cloudflare Blog
Spread Privacy
Spread Privacy
Microsoft Azure Blog
Microsoft Azure Blog
美团技术团队
T
Troy Hunt's Blog
Engineering at Meta
Engineering at Meta
H
Heimdal Security Blog
TaoSecurity Blog
TaoSecurity Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tenable Blog
B
Blog
S
Securelist
H
Hacker News: Front Page
Google Online Security Blog
Google Online Security Blog
G
Google Developers Blog

Havex Archives - Security Affairs

Dragonfly 2.0: the sophisticated attack group is back with destructive purposes SCADA Sssh! Don’t Talk, Filter it Financial malware poses as ICS/SCADA Software ICS-CERT states that manufacturing organization compromised for several months Kaspersky report on Energetic Bear – Crouching Yeti APT campaign Discovered a new Havex variant which hit SCADA via OPC Dragonfly gang is targeting Western energy industry Cyber espionage campaign based on Havex RAT hit ICS/SCADA systems
Malware posing as Siemens PLC application is targeting ICS worldwide
Pierluigi Paganini · 2017-03-26 · via Havex Archives - Security Affairs

Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide.

After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives.

Ben Miller, Director of the Dragos Threat Operations Center, conducted an interesting research based on data regarding ICS incidents collected over the last 13+ years.

The project studied modern industrial control systems (MIMICS) from completely public datasets.

“In this project the Dragos, Inc. team looked at public data sources such as VirusTotal to identify malware and (in many cases) legitimate ICS files being uploaded to encourage a more nuanced discussion around security in the modern ICS.” explains Dragos CEO, Robert M. Lee. 

Miller discovered ~30k samples of infected ICS files and installers dating back to 2003. The most dangerous threats are malware that quickly spread like Sivis, Ramnit, and Virut.

The experts confirmed that the infections of ICSs are not rare, they highlighted that there are only three publicly showcased pieces of ICS tailored malware: StuxnetHavex, and BlackEnergy2. There have been rumors around another couple of ICS tailored malware exploited in active campaigns, some of them studied by researchers at IronGate.

One of the most interesting findings of the MIMICS research is that multiple variants of the same malware disguised as software for Siemens programmable logic controllers (PLCs) has been detected 10 times over the last 4 years. The last time this specific ICS malware was discovered was early March.

“Starting in 2013 there were submissions from an ICS environment in the US for Siemens programmable logic controller (PLC) control software. The various anti-virus vendors were flagging it as a false positive initially and then eventually a basic piece of malware.” continues Lee. “Upon our inspection, we found that variations of this file and Siemens theme 10 times over the last 4 years with the most recent flagging of this malicious software being this month in 2017. In short, there has been an active infection for the last 4 years of an adversary attempting to compromise industrial environments by theming their malware to look like Siemens control software. The malware is simply crimeware but has seemingly been effective.”

ICS

Researchers encurage asset owners and operators to implement simple best practices such as network security monitoring in order to protect their environments, for example software supply chain validation can be sufficient to drastically a concerning attack vector.

“The last finding we had was driven by the hypothesis that many of the IT security teams and security technologies that are not used to ICS environments may be flagging legitimate ICS software as malicious where it could be inappropriately placed in public databases.” concludes the report.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ICSs, malware)