A new APT-style espionage campaign launched this summer targeting organizations tied to financial services, government agencies and the defense industry used a technique dubbed water holing to entice victims and silently redirect them to sites hosting zero-day exploits.
Browsing Category: Critical Infrastructure
When it comes to cybersecurity and critical infrastructure, there are generally more questions than answers. And for the last 10 months or so, the volume of concern and uncertainty has ramped up, largely because there’s little in the way of productive information sharing on threats, a serious lack of centralized leadership coordinating cybersecurity efforts among public and private sector interests, and attacks and vulnerabilities run largely unabated.
People in the security industry often criticize the federal government for being woefully behind the times on information security, not understanding the current threat landscape and not having enough trained law enforcement agents who can handle sophisticated computer crimes. Steven Chabinsky doesn’t want to hear it. A longtime FBI lawyer and former chief of the bureau’s Cyber Intelligence Section, Chabinsky believes that the government is doing a better job at security than ever before, as is the private sector. But, he also believes the attackers are still gaining ground every day.
FireEye reported today it had detected a new critical PDF attack targeting the aviation defense industry. Malware Page exploits a stack-based buffer overflow vulnerability in Adobe Acrobat and Adobe Reader. An attacker would be able to execute code remotely via a crafted argument to the getIcon method of a Collab object, according to the CVE alert.
Saudi Aramco says that the virus attack that compromised tens of thousands of the company’s workstations last month never endangered the company’s oil production capabilities and that all of the affected systems have been brought back online and restored. The attack on Aramco has been linked by researchers to the Shamoon malware, but company officials did not comment on the nature or provenance of the malware.
Huawei, the massive Chinese technology company that has come under criticism for its close ties to China’s government, is defending itself, saying that it has never stolen national intelligence or intellectual property and does not support any groups that do so. The company has been a frequent target of critics who allege that it trades information and secrets with the Chinese government, allegations its officials have consistently denied.
The Department of Homeland Security is warning users of some of GarrettCom’s switches that there is a hard-coded password in a default account on the devices, which are deployed in a number of critical infrastructure industries, that could allow an attacker to take control of them.
An “unknown virus” has shutdown the entire computer network of the world’s second largest liquefied natural gas (LNG) producer, RasGas, according to news reports.
Researchers say that one of the attack groups using the two new Java zero-day vulnerabilities is the same group that was behind an earlier targeted attack campaign from 2011. That group was traced back to China and was essentially running a spear-phishing campaign, but now the crew, known as Nitro, is using the Java vulnerabilities in Web-based attacks that install the Poison Ivy remote-access tool.
The Air Force Life Cycle Management Center (AFLCMC) posted a broad agency announcement [PDF] recently, calling on contractors to submit concept papers detailing technological demonstrations of ‘cyberspace warfare operations’ (CWO) capabilities.