New botnet targets nationals of Georgia.
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
In a scathing and far-reaching US Congressional report released recently the Transportation Security Administration (TSA) was characterized in these unflattering terms: “Since its inception, TSA has lost its focus on transportation security. Instead, it has grown into an enormous, inflexible and distracted bureaucracy, more concerned with human resource management and consolidating power, and acting reactively
SCADA, a network-enabled setup for controlling infrastructure, is hitting the headlines in force for falling victim to cyber scammers. There have been several incidents of unauthorized access to Supervisory Control and Data Acquisition (SCADA) systems recently, from guessing simple passwords, to full-on spear phishing attacks against a hardware vendor, which were then used to access
Awhile back we noticed signals from the US Pentagon that they were considering the possibility of a traditional military response to cyber attacks on US physical infrastructure. Basically, a cyber attack on infrastructure could be considered an act of war. We now see the official report released, confirming this. The report states, “When warranted, we
Months back a rather vocal series of micro-hacktivist groups formed a somewhat larger, more vocal pseudo-organized non-organization ruled essentially democratically via IRC (among other things), attempting to cast light on perceived misdeeds by the large corporation (or government organization) du-jour they thought had behaved badly. The idea was to hack an organization, parade them around
On the heels of the recent activity with Stuxnet, the industrial process control computer worm that targeted Iranian nuclear centrifuges, a Blackhat talk by Thanassis Giannetsos explains how to hack yet another commonly used family of controllers. We have mused that this trend, targeting critical infrastructure nodes, is but a shade of things yet to
The North American Electric Reliability Corporation’s (NERC) newly formed Cyber Attack Task Force will “consider the impacts of a coordinated cyber attack on the reliability of the bulk power system”, in a proactive effort to increase providers’ readiness for new waves of potential nastiness. Recently, there has been a flurry of activity surrounding efforts to
Or so the latest report from DEBKAfile states, claiming the Stuxnet worm broke numerous Iranian centrifuges by forcing them to overspeed, causing damage and prompting the replacement of some 5,000-6,000 units. They cite “intelligence sources” as the source of information. Whether or not this will be confirmed, it seems malware authors clearly are targeting political
On Wednesday we heard additional documents had been leaked from the Arizona Department of Public Safety (DPS). “Will this ever end?” has to be the most commonly-asked question in Arizona nowadays at the DPS. The original attacks last week were claimed by the group LulzSec, which was making the rounds exposing private information through hacking
The Obama administration seems intent on pushing for stiffer sentences for hackers caught endangering national security to 20 years prison time, doubling the current sentence. A stiff penalty, to be sure, the latest in a series of volleys from D.C. to curb the flurry of recent high-profile attacks and restore confidence in the U.S. Government’s
It appears North Korea is expanding their cyber warrior savvy in a plan that includes sending the best and brightest of young programmers abroad to bone up on hacking, with the alleged goal of holding their own in cyber warfare. On the heels of the recent Pentagon announcement where cyber terrorism acts may be met
Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal, “The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public
The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth. As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates
[NOTE: As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook. Click here to view their article in Spanish. We will follow up on this shortly. AG] The malware phenomenon started by the announcement of Osama Bin Laden’s death continues
Not using Twitter or Facebook is, in these times, akin to not owning or using a mobile ‘phone. Last night’s events – the reported death of Osama Bin Laden – proved that we are well and truly in the Twitter era (Twitter reported that over 4000 tweets per second were made immediately preceding the President’s
Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945...
Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see https://www.welivesecurity.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I
...given the amount of detailed analysis that's already available (and I mean substantial blocks of reverse-engineered code, not high-level analysis and code snippets and descriptions), I'm not sure that anyone with malicious intent and a smidgen of technical skill would need the original code...