(credit: fcpages.com)
A surprisingly large number of critical infrastructure participants—including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers—rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage.
Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory control and data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices.
Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:
Read 6 remaining paragraphs | Comments
How one rent-a-botnet army of cameras, DVRs caused Internet chaos
by Sean Gallagher
Enlarge / We're also mad you're connected to the Internet, toaster et al. (credit: Disney)
Welcome to the Internet of Evil Things. The attack that disrupted much of the Internet on October 21 is still being teased apart by investigators, but evidence thus far points to multiple "botnets" of Internet-connected gadgets being responsible for blocking access to the Domain Name Service (DNS) infrastructure at DNS provider Dyn. Most of these botnets—coordinated armies of compromised devices that sent malicious network traffic to their targets—were controlled by Mirai, a self-spreading malware for Internet of Things (IoT) devices.
in a blog post on the attack, Dyn reported "tens of millions" of devices were involved in the attack
But other systems not matching the signature of Mirai were also involved in the coordinated attack on Dyn. "We believe that there might be one or more additional botnets involved in these attacks," Dale Drew, CSO of Level 3 Communications, told Ars. "This could mean that they are 'renting' several different botnets to launch an attack against a specific victim, in which multiple other sites have been impacted."
Read 29 remaining paragraphs | Comments
In my last diary[1], I gave an example of anuncommon spam message. But attackers have always new ideas to deliver their malicious content to us. Here are two new examples. October being the Cyber Security Awareness month[2], more examples are always welcome.
The first one was delivered as an NDR message (Non-Delivery Receipt">
From: Bounced mail
Attached to this mail, a malicious ZIP file with a .pif" />
The link points tohxxp://thekchencholing.org/.https/www/sharepoint.com/sites/shareddocument/SitePages/Home.aspx/index.php?wreply=YW5keS5nZXJhZXJ0c0BjZWdla2EuYmUN (the site has been cleaned up in the meantime). SharePoint is a common Microsoft tool used in big organizations and people could be lured by this kind of message.
Most spam campaigns are easy to detect but some messages, when properly redacted, may lure the victim easily. We are never far from an unfortunate click. Stay safe!
[1]https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/
[2]https://www.dhs.gov/national-cyber-security-awareness-month
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key
