Cyberisques News - SCADA et milieu maritime: une cybersécurité stratégique. Détails Publié le vendredi 13 février 2015 19:37 Écrit par Jean Philippe Bichard Affichages : 956 Environnement et contraintes en milieu maritime : des systèmes embarqués encore trop vulnérables et des zones portuaires a « cybersécuriser » davantage Février 2010 : le monde apprend avec stupeur les conséquences d'une cyber-attaque sur un ensemble de centrifugeuses d'une unité de production d'enrichissement d'uranium en Iran.
Stuxnet, code malveillant particulièrement sophistiqué a déclenché une suite d'instructions « pirates » mais parfaitement comprises des automates qui pilotaient des centrifugeuses. Oublions les centrifugeuses iraniennes et transposons les « performances » de codes de type Stuxnet sur des univers vulnérables en environnement de type architectures Scada. Les extraits de déclarations faites par les intervenants révèlent l'importance stratégique d'une cybersécurité efficace. Bref SCADA en 2015 est encore trop vulnérable. Source GDF Rappels sur SCADA qui concerne 80% des OIV: Cyber threats against industry - Are asset owners prepared?
By Toby Colquhoun Cyber attacks targeting retailers may garner more media attention, but threats to industrial control systems are a growing concern.
The US Department of Homeland Security responded to 257 such incidents in 2013—up from 198 in 2012 and 130 in 2011—over half of them attacks on energy infrastructure. While the vulnerability of business-critical operations is widely known, the investment needed to secure them has not been made. An IHS survey of 12 major assetowning industries, including energy, automotive, and chemical, shows high awareness of the threats faced at the operations level but a resistance to investing in cybersecurity measures because of their cost (see figure).
Global revenues of hardware, software, and services to secure automation/production networks across the surveyed industries are estimated at $600 million for 2013. Holding back investment is the perceived lack of return associated with it. Several initiatives may encourage a change in thinking. Breaking the Code on Russian Malware. Twitter245 Facebook88 LinkedIn363 Google Plus9 Russia poses a serious cyber threat to industrial control systems (ICS), pharmaceutical, defense, aviation, and petroleum companies.
Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage. According to a 2014 GData Red Paper, Uroburos malware’s “modular structure allows extending it with new features easily, which makes it not only highly sophisticated but also highly flexible and dangerous.” Understanding these threats posed by the malware and Russia’s objectives will go a long way to securing networks. There is nothing quick about studying Russian cyber operations.
To further complicate research and analysis, the codewords represent different facets of the malware problem, some are grouped by signatures, some by actors, others by tools. Click image for larger view Russian Malware Analysis Uroburos Malware Since that time, Agent.BTZ evolved into Uroburos. Conclusions. Attackers planting banking Trojans in industrial systems. Trend Micro researcher Kyle Wilhoit says the latest attacks on SCADA and industrial control networks are turning out to carry rather pedestrian banking Trojans, and have been on the rise since October 2014.
Talking to DarkReading, Wilhoit said rather than Stuxnet-style attacks, ne'er-do-wells are dropping banking Trojans into these networks disguised as updates to SCADA software. So far, the DarkReading piece says, he's seen the attack software disguised as Siemens' Simatic WinCC, GE Cimplicity, and Advantech device drivers. Rising numbers of attacks on SCADA environments in recent years have put sysadmins on edge. Apart from the nation-state-level Stuxnet, there's been a growing number of bugs identified in SCADA software. Apart from generic bugs like Heartbleed and Poodle, which are inherited via popular libraries the vendors deploy, industrial systems also suffer from all-too-common problems like hard-coded passwords and remote-access bugs. Foreign hackers target UK Power Grid every minute. UK Power Grid is targeted by hackers every minute according to James Arbuthnot, a member of parliament who chaired the Defense Select Committee until last year.
As reported by Bloomberg, Arbuthnot plans to visit National Grid Plc (NG/) next month to discuss the issue. Arbuthnot confirmed the incessant attacks on national critical infrastructure and he doesn’t exclude a major incident despite the enormous effort spent at the National Grid. “Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute,” Arbuthnot, whose committee scrutinized the country’s security policy, told a conference in London last year.
“There are, at National Grid, people of very high quality who recognize the risks that these attacks pose, and who are fighting them off,” he said, “but we can’t expect them to win forever.” The level of alert is high due to the large number of cyber attacks that are duly observed against the Britain’s electricity transmission network.
Pierluigi Paganini. Commentaires :