Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
As Stuxnet Anniversary Approaches, New SCADA Attack Is Discovered
Threaded  |  Newest First  |  Oldest First
David Wagner
50%
50%
David Wagner,
User Rank: Black Belt
6/26/2014 | 5:35:20 PM
Ominous
Wow, this isn't frightening at all. Just gathering intelligence for a future attack? Too-well-funded for anything but organized crime or a government?

Lovely.

So are Americans lucky here, or are we the next target?

RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/26/2014 | 10:07:10 PM
Admin Accounts
Again, it's these "watering hole" events, that make it crucial to have a standard account and an admin account with no internet capabilities. I know this isn't the main goal for this specific information gathering, however, if they wanted to they could use the spoofed app to pull credentials and gain industry information, change configurations, and potentially do major future damage. 

Just something to point out to help mitigate the risk of attacks that involve the watering hole event and potentientially stunt major detrimental damage.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/27/2014 | 3:23:24 AM
Stuxnet is another thing
Hi guys I'm reading on the internet that some colleagues are comparing this attack to the Stuxnet case. Be aware the only factor in common is that both targeted an ISC/SCADA system, but the level of complexity behind the operation is totally different.

Stuxnet is considerable a cyber weapon exploited by governments to hit Iranian critical infrastructure, its development as requested a huge effort in terms of money, resources and skills. I don't want to go deep into the details of Stuxnet architecture, but the malware used in the recent attacks is considerable a game if compared to Stuxnet. The dangerous aspect of the story is that the number of cyber attacks against critical infrastructures is increasing and it is even easier to find open on the internet all the necessary to hit vital component in critical processes.

I afraid that we will see an explosion of similar attacks in the next months, in the majority of the cases they will go undetected and this is a real problem.

Give a look to a recent presentation I made with the popular hacker Raoul Chiesa at Security Summit in Rome

http://securityaffairs.co/wordpress/25984/security/xp-critical-infrastructure.html

http://securityaffairs.co/wordpress/26092/cyber-crime/cyber-espionage-havex.html
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/27/2014 | 11:10:40 PM
Re: Stuxnet is another thing
I agree that the level of complexity is very different. Regardless, I think it underscores the importance of limiting the attack surface and locking those systems down as much as possible. No question that these attacks are going to continue to go up.

BP


Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I feel safe, but I can't understand a word he's saying."
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7599
PUBLISHED: 2020-03-30
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly ...
CVE-2020-7610
PUBLISHED: 2020-03-30
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
CVE-2019-17560
PUBLISHED: 2020-03-30
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" version...
CVE-2019-17561
PUBLISHED: 2020-03-30
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
CVE-2020-8509
PUBLISHED: 2020-03-30
Zoho ManageEngine Desktop Central allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.