Critical Infrastructure

Anonymous-Linked Attacks Hit US Stock Exchanges

The Websites of the NASDAQ and BATS stock exchanges as well as the Chicago Board Options Exchange (CBOE) were knocked offline for parts of Monday and Tuesday after coming under a sustained online attack by a group with links to Anonymous.

Bloody Valentine For Critical Infrastructure: EtherNet/IP Exploit Could Crash Devices

Security researchers made good on a promise to release new exploits for programmable logic controllers (PLCs). The exploits include one targeting a flaw in the implementation of the EtherNet/IP (Industrial Protocol) used in many IP-enabled PLCs. The security hole, if left unaddressed, could enable a remote attacker to crash or unexpectedly reboot the devices, which are critical components of almost every industrial – and critical infrastructure installation.

The fallout from last month’s S4 Conference continues in February, with a planned Valentine’s Day release of tools that make it easy to test and exploit vulnerable programmable logic controllers and other industrial control systems. Among the releases will be a tool for cracking passwords on the common ECOM programmable logic controllers by Koyo Electronics, a Japanese firm, according to a blog post by Reid Wightman for Digital Bond.

CANCUN–For people who follow the developments in the security and research communities, it’s easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are bad there, you may not want to look at what’s happening in the ICS and SCADA communities. It’s getting ugly early.

Verisign, the Internet security company responsible for management of the .COM domain, told federal regulators that it was the victim of several successful attacks in 2010, but that those incidents were not reported to the company’s management until September, 2011. The news was first reported by Reuters.

Threatpost’s exclusive interview with Ralph Langner continues, as our conversation shifts from  the legacy of the Stuxnet worm to larger issues facing the critical infrastructure sector including mounting attacks, tensions between vendors and security researchers over responsible disclosure, and what’s needed to secure critical infrastructure and industrial control systems.  

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.