SCADA

Cybersecurity researchers next week will demonstrate how hackers can potentially wreak havoc on critical US infrastructure, even causing explosions by altering the readings on wireless sensors used by the oil and gas industry.

The presentations at the Black Hat conference beginning in Las Vegas on Wednesday will show how key industries remain vulnerable to cyber attacks, in part because companies are reluctant to replace expensive equipment or install new safeguards unless ordered to do so by regulators or offered economic incentives, experts say.

Just 18 hours after security researcher Kyle Wilhoit connected two dummy industrial control systems and one real one to the Internet, someone began attacking one of them, and things soon got worse. Over the course of the experiment, conducted during December 2012, a series of sophisticated attacks were mounted on the “honeypots,” which Wilhoit set up to find out how often malicious hackers target industrial infrastructure.

 A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers.

A security researcher claims that he found 23 vulnerabilities in industrial control software from several vendors after a different security company last week showcased vulnerabilities in applications from some of the same manufacturers, but chose not to report them.

Security researcher Reid Wightman from the firm ioActive has found an undocumented back door in CoDeSys, the management software used by 261 different manufacturers of ICS devices. The back door gives full access without requiring authentication and has prompted the US Department of Homeland Security's ICS-CERT to issue an alert (PDF).

L33tdawg: Eugene Kaspersky, has confirmed the company is working on a secure operating system developed from scratch. Code named 11.11, they've apparently been working on the project for a decade! Here's hoping it's more Windows 8 than NT :) (I'm just kidding Eugene, this is awesome stuff!)

Hi all!

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

A private encryption key embedded into widely used mission-critical routers could be exploited by hackers to attack electric substations, railroad switches, and other critical infrastructure, security researchers have warned.

Yesterday, the security research group F-Secure received a puzzling email claiming to be from a nuclear scientist with the Atomic Energy Organization of Iran (AEOI). In it, the author claimed that the country’s nuclear facilities were once again under attack. Only this time, the hackers brought Angus Young along for the ride.

Data security tops the agenda of many CIOs.  Lax handling of information security can threaten companies’ technological edge – and drivers’ safety.