How one security researcher used radio signals to hop an air gap

For years, researchers and spies have devised ways of getting malware to computers that are “air-gapped,” or physically isolated from external network connections. Attacks like Stuxnet, the computer worm deployed against an Iranian nuclear facility a decade ago, shattered the myth that air-gapped systems are impenetrable fortresses. In that case, suspected U.S. and Israeli intelligence operatives crossed an air gap with malware that ultimately sabotaged centrifuges at a uranium enrichment plant. They also planted an idea in the head of Mikhail Davidov, an ethical hacker: Getting malicious code into an air-gapped computer is one thing, but how do you retrieve data from the network? One possibility, it turns out, is in the radio spectrum. With a radio, antenna, and his own computer script, Davidov figured out how to use a signal emitted by an air-gapped computer’s graphics processing unit (GPU) to exfiltrate data. Davidov, the lead security researcher at Duo […]

The post How one security researcher used radio signals to hop an air gap appeared first on CyberScoop.

Continue reading How one security researcher used radio signals to hop an air gap

Airbus researcher explores ‘Stuxnet-type attack’ for security training

Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity. The computer worm drove home the idea that well-resourced hackers could sabotage industrial plant operations, and it marked a new era of state-sponsored cyber-operations against critical infrastructure. Years later, industrial cybersecurity experts are still learning from the destructive potential of Stuxnet’s code and how it was deployed. While Stuxnet was an extraordinary situation — an intensive operation designed to hinder Iran’s nuclear program — it holds lessons for the wider world in securing industrial equipment that moves machinery. In a new study to improve security, a researcher at the cybersecurity subsidiary of European planemaker Airbus describes how he designed a program to execute code in a “Stuxnet-type attack” on a programmable logic controller (PLC), the ruggedized computers that monitor and control industrial systems like pumps, circuit […]

The post Airbus researcher explores ‘Stuxnet-type attack’ for security training appeared first on CyberScoop.

Continue reading Airbus researcher explores ‘Stuxnet-type attack’ for security training

ICS Attackers Set To Inflict More Damage With Evolving Tactics

While it remains difficult to attack critical infrastructure successfully, adversaries aim to use past experience to launch more destructive future attacks, according to analysis. Continue reading ICS Attackers Set To Inflict More Damage With Evolving Tactics

Patch Tuesday, September 2019 Edition

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user. Continue reading Patch Tuesday, September 2019 Edition

New Version of Flame Malware Discovered

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously thought. (Its controllers used a kill switch to disable and erase it.) It… Continue reading New Version of Flame Malware Discovered

Nation-state hacking kit ‘Flame’ had a second life, researchers say

Flame, the nation-state-developed malware kit that targeted computers in Iran, went quiet after researchers exposed it in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform. Flame’s disappearance “never sat right with us,” said Juan Andres Guerrero-Saade and Silas Cutler, researchers with Alphabet’s Chronicle. On Tuesday at the Kaspersky Security Analyst Summit in Singapore, they showed that Flame hadn’t died, it had just been reconfigured. Tracing early components of Flame, Guerrero-Saade and Cutler found a new version of it that was likely used between 2014 and 2016. Flame 2.0 is “clearly built” from the original source code, but it has new measures aimed at eluding researchers, they wrote in a paper. The discovery shows how good source code dies hard, and that tracking its evolution can be a very long game […]

The post Nation-state hacking kit ‘Flame’ had a second life, researchers say appeared first on CyberScoop.

Continue reading Nation-state hacking kit ‘Flame’ had a second life, researchers say

What Security Threats of the Past Can Tell Us About the Future of Cybersecurity

If we look close enough, many new security threats are something we’ve seen in another form or an attack style we’ve had to previously defend against.

The post What Security Threats of the Past Can Tell Us About the Future of Cybersecurity appeared first on Security Intelligence.

Continue reading What Security Threats of the Past Can Tell Us About the Future of Cybersecurity