S4 Conference – WindowsTechs.com

Why one researcher mimicked Russian hackers in breaking into a European utility

Posted on January 23, 2020 by Sean Lyngaas

Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses. “We’ve embodied them with all of these god-like abilities,” Larsen said of Sandworm, the group said to be responsible for the attacks and which many believe to work on behalf of Russia’s military intelligence agency. The group turned the lights […]

The post Why one researcher mimicked Russian hackers in breaking into a European utility appeared first on CyberScoop.

Continue reading Why one researcher mimicked Russian hackers in breaking into a European utility→

Idaho National Lab researcher shines a light on the market for ICS zero-days

Posted on January 22, 2020 by Sean Lyngaas

The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, […]

The post Idaho National Lab researcher shines a light on the market for ICS zero-days appeared first on CyberScoop.

Continue reading Idaho National Lab researcher shines a light on the market for ICS zero-days→

Researchers set up a mock factory network — and watched the criminals rush in

Posted on January 22, 2020 by Sean Lyngaas

The 2017 WannaCry-fueled shutdown of a car facility and other high-profile infections make ransomware too big to ignore for the manufacturing sector. But while factory operators reckon with their security weaknesses, they sometimes lack information on how and why their networks attract the interest of digital thieves. In search of those answers, researchers at cybersecurity company Trend Micro ran a simulated factory network for seven months that invited all sorts of digital miscreants into the fray. Different attackers used the mock network, or honeypot, to mine cryptocurrency and infected it with two strains of a ransomware known as CrySIS. “These are career ransomware actors that are doing these things,” Trend Micro senior threat researcher Stephen Hilt told CyberScoop, reflecting on how professionalized and sector-agnostic ransomware attacks have become. In both cases, the attackers were able to lock up files on the network by breaching the faux factory’s robotics workstation, which […]

The post Researchers set up a mock factory network — and watched the criminals rush in appeared first on CyberScoop.

Continue reading Researchers set up a mock factory network — and watched the criminals rush in→

To raise security awareness, researchers spent months hacking mock building systems

Posted on January 15, 2019 by Sean Lyngaas

Security experts have in recent months warned that building-automation lags behind other critical infrastructure sectors when it comes to awareness of cyberthreats and appreciation of their potential impact. Now an 18-month research project, which tested malware and exploits on gear made by top vendors, is trying to change that. “In the 18 months that we’ve been working on this, we’ve engaged with a lot of stakeholders from the domain,” Elisa Costante, a senior director at ForeScout Technologies, told CyberScoop. “And now we really see that the reception has changed and everybody has realized the impact can be actually more critical” than many realized. After all, she said, the building-automation sector doesn’t just mean office buildings, but also includes hospitals, airports, and other critical infrastructure. ForeScout researchers assembled a lab of building-automation equipment, threw their custom malware at it, and then documented how effectively their code manipulated the gear. The project culminates Tuesday, when Costante will present her team’s work […]

The post To raise security awareness, researchers spent months hacking mock building systems appeared first on CyberScoop.

Continue reading To raise security awareness, researchers spent months hacking mock building systems→