Hackers are known for attacking the computers of banks and government agencies. Now they have a new favorite target: the U.S. water system.
In an unsettling new report on cyber attacks against the nation’s critical infrastructure, the Department of Homeland Security said that water plants were targeted 81 times in 2011, compared with only two incidents in 2010.
Iran has been forced to disconnect key oil facilities after suffering a malware attack on Sunday, say reports.
The computer virus is believed to have hit the internal computer systems at Iran's oil ministry and its national oil company.
Researchers have released two new exploits that attack common design vulnerabilities in a computer component used to control critical infrastructure, such as refineries and factories.
The exploits would allow someone to hack the system in a manner similar to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack that stunned the security world with its sophistication and ability to use digital code to create damage in the physical world.
Earlier today, we gave readers a heads up that Anonymous could soon have the ability to wipe out our power grid, further screwing Americans. But after the National Security Agency released the news of this domestic threat, Anonymous sent out a tweet today calling the NSA's claims "baseless fear-mongering."
There's good news for people who love bad news about the security of industrial control systems. At the SCADA Security Scientific Symposium (S4) in Miami Beach in January, there were a host of new security vulnerabilities unearthed in popular programmable logic controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems, the devices and software that are used to control all manner of critical infrastructure and industrial plants.
Recent reports painted a bleak picture of the security issues plaguing industrial control systems, but the situation is exacerbated by the fact that administrators are naïve about the dangers, researcher said.
Remember Firesheep . . . the addon that was so easy to use that even the clueless could successfully hack Facebook and Twitter accounts via Wi-Fi? In some scarier than your average security news, thanks to several Program Logic Controllers (PLC) exploits that were added to Metasploit today, "hacking SCADA systems can be push of a button easy," tweeted HD Moore, CSO of Rapid7 and Chief Architect of Metasploit.
Luigi Auriemma has uncovered multiple denial of service (DoS) vulnerabilities in Rockwell Automation's FactoryTalk supervisory control and data acquisition (SCADA) product, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) announced.
The vulnerabilities are exploitable by sending specially crafted packets to the server, which can result in a DoS attack, according to an ICS-CERT advisory.
"You can't change a password or your lights will go out!" yelled out a woman sitting in the audience of a workshop on how to secure a SCADA system. The woman identified herself as an engineer at a New York electric company.
"It would take us 5 years and $25 million to change a SCADA system," she said. Her comments were in response to a presentation delivered by Blake Cornell, an independent security researcher speaking at the third annual International Conference on Cyber Security here in New York City.
U.S. Energy Secretary Steven Chu has unveiled an initiative that seeks to further protect the power grid from cyber attacks.
The Electric Sector Cybersecurity Risk Management Maturity project, a federal program to find and contain gaps in the cyber security defenses protecting the nation's electric grid, will be headed by the Department of Energy (DOE), with assistance from the Department of Homeland Security (DHS) and the private sector. The program originated from a proposal from the White House.
