BIRMINGHAM – From engaging with various insiders on Linkedin it quickly becomes evident that threats to industrial networks, including oil and gas and power distribution are common. Yet, there are few public incidents to point to which makes Siemens’ revelation last week all the more important to pay attention to.
The malware used in these attacks targets an unpatched vulnerability in Microsoft shell code that has become know as the ShortCut vuln because it takes advantage of the way Microsoft has implemented shortcuts on the desktop. A researcher in Belarus discovered that malware delivered by USB drives was targeting machines running Siemens SCADA software. Since then Symantec researchers have determined that the majority of 14,000 machines infected are in Iran where Siemens happens to do a lot of business.
Industrial processes are extremely vulnerable thanks in large part to the seemingly blind deployment of Windows system to the plant floor. Vendors such as Industrial Defender and SecureCrossing are rolling out network defense tools that target this issue. Now would be a good time for manufacturers and operators of critical infrastructure to review their control systems. There is now a clear and present danger that must be addressed.
Richard Stiennon is a security industry analyst based in Birmingham, MI. He has presented on the topics of cyber threats and cyber defense in 28 countries on six continents. He writes the ThreatChaos blog. His first book, Surviving Cyber War, was published by Government Institutes in spring 2010. Stiennon’s publishing group, IT-Harvest, is a joint venture partner of MITechNews.Com. For joint advertising information, email email [email protected]
a>>
