Tag Archive: FireEye


Attackers Use Microsoft Security Hole Against Energy, Defense, Finance Targets

 

Internet Explorer zero-day vulnerability actively being exploited in the wild

 

 

” By the time Microsoft warned customers of a nasty security hole in its web browser Saturday, a sophisticated group of attackers were already using the vulnerability against defense and energy companies, according to FireEye, the security company.

  Things went from bad to worse over the weekend. FireEye’s researchers watched as the attackers shared their exploit with a separate attack group, which began using the vulnerability to target companies in the financial services industry, according to Darien Kindlund, the director of threat intelligence at FireEye.

  Even after Microsoft issued its advisory on Saturday, Mr. Kindlund said, “There was a notable increase in proliferation.”

  Soon, the attackers were using the vulnerability for so-called watering hole attacks, in which hackers infect a popular website with malware, then wait for victims to click to the site and infect their computers.”

 

Read more

 

 

 

 

 

 

 

 

 

 

Stuxnet: UK And US Nuclear Plants At Risk As Malware Spreads Outside Russia

 

 

 

 

” Security experts have warned the notorious Stuxnet malware has likely infected numerous power plants outside of Russia and Iran.

Experts from FireEye and F-Secure told V3 the nature of Stuxnet means it is likely many power plants have fallen victim to the malware, when asked about comments made by security expert Eugene Kaspersky claiming at least one Russian nuclear plant has already been infected.

“[The member of staff told us] their nuclear plant network, which was disconnected from the internet […] was badly infected by Stuxnet,” Kaspersky said during a speech at Press Club 2013.

Stuxnet is sabotage-focused malware that was originally caught targeting Windows systems in Iranian nuclear facilities in 2010. The malware is believed to originally have been designed to target only the Iranian nuclear industry, but subsequently managed to spread itself in unforeseen ways.

F-Secure security analyst Sean Sullivan told V3 Stuxnet’s unpredictable nature means it has likely spread to other facilities outside of the plant mentioned by Kaspersky.

It didn’t spread via the internet. It spread outside of its target due to a bug and so it started traveling via USB. Given the community targeted, I would not be surprised if other countries had nuclear plants with infected PCs,” he said.”

 

 

Here is a very thorough and detailed article for those readers interested in learning more about the history of Stuxnet .

 

Illlustration "How Stuxnet Worked"

 

 

” Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it’s the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab’s U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack.

Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.

This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)”

 

 

Further reading :

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

Confirmed: US and Israel created Stuxnet, lost control of it

The History of Stuxnet: Key Takeaways

Stuxnet: Anatomy of a Computer Virus on Vimeo

 

 

 

 

 

 

 

 

Hackers Blamed For NY’s ObamaCare Breakdown

 

 

 

” The “abnormally high traffic” that crippled New York’s ObamaCare Web site for two days may have resulted from a malicious attack by hackers, computer-security experts said Wednesday.

The NY State of Health site recorded an astounding 10 million visits after opening for business Tuesday — although there are only about 1.1 million state residents without health insurance and just 330,000 are expected to buy ObamaCare for next year.

By comparison, the federal government’s heavily promoted HealthCare.gov site — a portal to the sites for all 50 states, the District of Columbia and America’s territories and commonwealths — drew just 4.7 million visitors the first day.”