Last week, the Department of Homeland Security revealed a rash of cyber attacks on natural gas pipeline companies. Just as with previous cyber attacks on infrastructure, there was no known physical damage. But security experts worry it may only be a matter of time.
Efforts to protect pipelines and other critical systems have been halting despite broad agreement that they’re vulnerable to viruses like Stuxnet 2014 the mysterious worm that caused havoc to Iran‘s nuclear program two years ago.
The Frankenstein-like virus infected a type of industrial controller that is ubiquitous 2014 used around the world on everything from pipelines to the electric grid.
Stuxnet first made headlines when it burrowed into computers that controlled uranium centrifuges in Iran’s renegade nuclear program. Its self-replicating computer code is usually transmitted on flash drives anyone can stick into a computer. Once activated, the virus made Iran’s centrifuges spin out of control while making technicians think everything was working normally 2014 think of a scene in a bank heist movie where the robbers loop old security camera footage while they sneak into the vault.
Q. Who created it?
Whoever knows the answer to this isn’t telling 2014 but if cybersecurity researchers, the Iranian government and vocal Internet users are to be believed, the two prime suspects are the U.S. and Israeli governments.
Q. How does it work?
Stuxnet seeks out little gray computers called programmable logic controllers, or PLCs. The size and shape of a carton of cigarettes, PLCs are used in industrial settings from pretzel factories to nuclear power plants. Unfortunately, security researchers say the password requirements for the devices are often weak, creating openings that Stuxnet (or other viruses) can exploit. Siemens made the PLCs that ran Iran’s centrifuges; other makers include Modicon and Allen Bradley. Once introduced via computers running Microsoft Windows, Stuxnet looks for a PLC it can control.
Q. How big is the problem?
Millions of PLCs are in use all over the world, and Siemens is one of the top five vendors.
Q. After Iran, did Siemens fix its devices?
Siemens released a software tool for users to detect and remove the Stuxnet virus, and encourages its customers to install fixes Microsoft put out for its Windows system soon after the Iran attack became public (most PLCs are programmed from computers running Windows.) It is also planning to release a new piece of hardware for its PLCs, called a communications processor, to make them more secure 2014 though it’s unclear whether the new processor will fix the specific problems Stuxnet exploited. Meanwhile, the firm acknowledges its PLCs remain vulnerable2014 in a statement to ProPublica, Siemens said it was impossible to guard against every possible attack.
Q. Is Siemens alone?
Logic controllers made by other companies also have flaws, as researchers from NSS labs, a security research firm, have pointed out. Researchers at a consulting firm called Digital Bond drew more attention to the problem earlier this year when they released code targeting commonly used PLCs using some of Stuxnet’s techniques. A key vulnerability is password strength 2014 PLCs connected to corporate networks or the Internet are frequently left wide open, Digital Bond CEO Dale Peterson says.
Q. What makes these systems so tough to protect?
Like any computer product, industrial control systems have bugs that programmers can’t foresee. Government officials and security researchers say critical systems should never be connected to the Internet 2014 though they frequently are. But having Internet access is convenient and saves money for companies that operate water, power, transit and other systems.
Q. Is cost an issue?
System manufacturers are reluctant to patch older versions of their products, government and private sector researchers said. Utility companies and other operators don’t want to shell out money to replace systems that seem to be working fine. Dan Auerbach of the Electronic Frontier Foundation, formerly a security engineer at Google, says the pressure on tech companies to quickly release products sometimes trumps security. “There’s an incentive problem,” he said.
Q. What’s the government doing?
The Department of Energy and the Department of Homeland Security’s Computer Emergency Readiness Team, or CERT, work with infrastructure owners, operators and vendors to prevent and respond to cyber threats. Researchers at government-funded labs also assess threats and recommend fixes. But government agencies cannot 2014 and do not attempt to 2014 compel systems vendors to fix bugs.
The only national cybersecurity regulation is a set of eight standards approved by the Federal Energy Regulatory Commission 2014 but these only apply to producers of high-voltage electricity. A Department of Energy audit last year concluded the standards were weak and not well implemented.
Q. So is Congress weighing in?
Cybersecurity has been a much-debated issue. Leading bills, including the Cyber Intelligence Sharing and Protection Act, would enable government and the private sector to share more threat information. But while CISPA and other bills give the Department of Homeland Security and other agencies more power to monitor problems, they all take voluntary approaches.
“Some of my colleagues have said nothing will change until something really bad happens,” said Peterson, whose consulting firm exposed vulnerabilities. “I’m hoping that’s not true.”
Q. What does the Obama administration want?
The White House has called for legislation that encourages private companies to notify government agencies after they’ve faced cyber intrusions, and recommends private companies secure their own systems against hackers. But the White House stops short of calling for mandatory cybersecurity standards for the private sector.
Malware can allow someone to take control of your computer, record passwords and personal information or disable the machine altogether. (Shutterstock)
Sonia Bovio, tired but unable to sleep after her long journey from Phoenix to London last week, settled into her hotel room and was fiddling around on her laptop. One inadvertent click later, a file downloaded and she realized she had made a big mistake.
“It was terrifying,” said the 43-year-old senior vice president with communications firm Brodeur Partners. “I had a pit in my stomach. My biggest concern was that I didn’t want to be presenting to a roomful of executives and have something pop up on my screen.”
About the same time that was happening, the Internet Crime Complaint Center (IC3) – run in part by the FBI – was issuing a warning to Americans traveling abroad about getting duped into downloading malware while connecting to the Internet at their hotels. Malware can allow someone to take control of your computer, record passwords and personal information or disable the machine altogether.
The warning was specifically directed at “government, private industry, and academic personnel,” suggesting this threat was more about what is on their machines and less about bank accounts and personal identities. Travelers, the FBI said, are allowing malware to infect their computers by clicking on pop-up windows that appear while they are getting on the hotel Internet connection. The pop-ups appear to be part of what looks like a routine software update.
It’s very easy for someone trying to dupe you to make a pop-up appear to be from a legitimate source, said Robert Siciliano, a consultant for the computer security firm McAfee Inc, a division of Intel Corp. “Be smart about what you click,” he said. Just because it pops up and provides a message doesn’t mean it’s legitimate.”
Jonathan Halloran-Koren, president of New Jersey-based United Global Concierge Inc, said he was at a hotel in Hong Kong in 2009 using the hotel Internet connection when he got multiple warnings from his Internet security software. He later found more than 50 viruses on his machine.
“I was so freaked out that when I got back to the States I moved all my important files to a USB drive, wiped my hard drive and reinstalled everything,” said Halloran-Koren, 29.
Even an Internet security expert faced similar attacks. Damon Petraglia, director of forensic and information security services for Chartstone Llc, said that in both Romania and the Turks and Caicos his laptop came under attack. The attacks were blocked by his security software, he said.
INTERNATIONAL ESPIONAGE
Serious precautions need to be taken by anyone with anything of importance on their computers, said former Scotland Yard computer crime unit detective Steve Santorelli, now with the Internet security research firm Team Cymru.
“You’ve got to develop a healthy dose of paranoia,” he said. “If you’ve got blueprints to the next big thing on your hard drive, they’ve got resources to come at you with a pretty good attack. If you’re a regular tourist you don’t have as much to worry about.”
Both Santorelli and Rich Baich, principal in the Security & Privacy Practice division of consultancy Deloitte LLP, suggest the concern isn’t only about criminals, but about how certain governments conduct themselves. The rules that apply in the U.S. are not necessarily the same ones in other countries, they warn. “Whether it’s a hotel, whether it’s a cell phone or whether it’s a Wi-Fi you’re using, you could be subject to monitoring,” Baich said.
Such concerns were highlighted in 2008 when the U.S. government issued a warning to those traveling to the Olympics in China that the contents of their electronic devices were at risk of theft. The Chinese government denied any effort was under way to steal intellectual property or trade secrets from visitors.
Companies are becoming so sensitive to the threat that they are issuing special travel laptops to executives that are then wiped clean upon their return, Baich said. And Santorelli said he knows of executives who simply throw away their travel laptops upon their return because they’re that worried about what might have been installed while overseas.
If you’re not in a position to use a throwaway laptop or your company isn’t providing travel laptops, Santorelli, other security experts and the FBI urge the following steps be taken:
* Update your operating system and applications regularly – particularly before travel
* Use an up-to-date browser
* Do not use the same password for multiple accounts
* Change passwords before you leave on a trip and when you return
* Keep your anti-virus software updated
* Back up your data
* Encrypt your files
* Use a secure company virtual private network VPN.L to access work files
* Keep your device with you at all times
Two big players in providing Internet connections at hotels, iBAHN and Swisscom Hospitality Services, said they’re doing what they can to protect users and that they have had no security breaches. Some attacks could appear to come from the network, but are really from another source, according to an iBAHN spokeswoman.
“iBAHN takes the security and protection of its customers’ information very seriously, provides its customers with the highest possible level of security, and relentlessly monitors attempted attacks,” said senior global communications director Shannon R. Michael.
Swisscom spokesman Carsten Roetz said they have preventive and detective measures in place, and further suggests corporate users connect to their enterprise Virtual Private Network VPN.L to protect any potentially sensitive data.
If you’re aware of the threat, keep it in mind, and prepare, you should be able to protect your data, Santorelli said. “It’s all about risk,” and just having virus protection is not enough, he said. “People can no longer abrogate responsibility for Internet safety.”
Moscow, May 15 (IANS) Computer giant Apple has contracted specialists from Russian anti-virus company Kaspersky Lab to analyse the vulnerabilities of its Mac OS X operating system and improve its security.
The OS X security issue became important in early April, when Dr. Web, a Russian computer security company, reported finding botnets — or networks of compromised computers controlled by hackers — that included more than 500,000 infected Macs.
It was previously thought that Apple computers enjoyed better protection from viruses than computers operating on Microsoft Windows. The appearance of this latest threat has forced Apple to address the security issue, RIA Novosti reported citing the computing.co.uk website.
“Apple recently invited us to improve its security. We’ve begun an analysis of its vulnerabilities, and the malware targeting it,” said Kaspersky chief technology officer Nikolai Grebennikov.
“Mac OS is really vulnerable,” he said.
Anti-virus experts, including those at Kaspersky Lab, say the OS X system has a better security record than Windows because the Apple operating system is used on fewer machines.
But rising sales of Apple computers, and the appearance of botnets targeting them, indicates that the amount of malware may also increase.
Kaspersky Lab is an international group that operates in more than 100 countries worldwide. The company’s headquarters are located in Moscow, from which it oversees global operations and business development.
According to the company website, Kaspersky Lab is one of the fastest growing IT security companies worldwide. In 2011, Kaspersky Lab’s global revenue grew by 14 percent compared to the previous year and exceeded $600 million.
Kaspersky Lab currently employs over 2,400 specialists. The company has offices in 29 countries and its products and technologies provide protection for over 300 million users worldwide.
Moscow, May 15 (IANS) Computer giant Apple has contracted specialists from Russian anti-virus company Kaspersky Lab to analyse the vulnerabilities of its Mac OS X operating system and improve its security.
The OS X security issue became important in early April, when Dr. Web, a Russian computer security company, reported finding botnets — or networks of compromised computers controlled by hackers — that included more than 500,000 infected Macs.
It was previously thought that Apple computers enjoyed better protection from viruses than computers operating on Microsoft Windows. The appearance of this latest threat has forced Apple to address the security issue, RIA Novosti reported citing the computing.co.uk website.
“Apple recently invited us to improve its security. We’ve begun an analysis of its vulnerabilities, and the malware targeting it,” said Kaspersky chief technology officer Nikolai Grebennikov.
“Mac OS is really vulnerable,” he said.
Anti-virus experts, including those at Kaspersky Lab, say the OS X system has a better security record than Windows because the Apple operating system is used on fewer machines.
But rising sales of Apple computers, and the appearance of botnets targeting them, indicates that the amount of malware may also increase.
Kaspersky Lab is an international group that operates in more than 100 countries worldwide. The company’s headquarters are located in Moscow, from which it oversees global operations and business development.
According to the company website, Kaspersky Lab is one of the fastest growing IT security companies worldwide. In 2011, Kaspersky Lab’s global revenue grew by 14 percent compared to the previous year and exceeded $600 million.
Kaspersky Lab currently employs over 2,400 specialists. The company has offices in 29 countries and its products and technologies provide protection for over 300 million users worldwide.
ÂMOSCOW, RUSSIA: Computer giant Apple has contracted specialists from Russian anti-virus company Kaspersky Lab to analyse the vulnerabilities of its Mac OS X operating system and improve its security.
G Data Total Protection 2013 è una suite per la sicurezza dei computer Windows che protegge da attacchi hacker, virus, trojan, malware e da ogni tipo di minaccia della rete. Troviamo un antivirus intelligente che combina due motori di scansioni e un servizio di rilevamento cloud per offrire la massima sicurezza sul web e nella gestione della nostra corrispondenza elettronica.
G Data Total Protection 2013 offre ancora un potente firewall configurabile con cui proteggersi da eventuali tentativi di accesso non autorizzati. La suite integra anche un efficace sistema di parental controll che consente di limitare l’uso di internet ai più giovani, bloccando l’accesso ai siti ritenuti non adatti o pericolosi.
G Data Total Protection 2013 integra anche un comodo sistema di backup per mettere al sicuro i nostri dati personali e sensibili come documenti, foto e video. La suite presenta anche un interessante sistema di “Security Tuning” che verifica gli eventuali buchi di sicurezza del nostro computer e ci consiglia come risolverli. infine, chi acquisterà G Data Total Protection 2013, riceverà anche in omaggio la versione per device android dell’antivirus.
Tatanga malware’s authors appear to be in the process of expanding their network of infected computers by spreading their banking Trojan, initially aimed at the customers of a single Spanish bank, through a free fraud protection insurance scam that preys on unsuspecting users of online banking.
Where those behind the Tatanga virus were initially intent on targeting customers of a sole bank in Spain, they appear to have expanded their illicit operations to include the customers of other banks.
Those behind the financial malware intend on stealing money as well as identities in order to perpetrate crimes pertaining to identity fraud. In order to do so, the virus relies on social engineering techniques which are intended to trick the victim into bypassing security measures imposed by their banks. Security measures which include one-time passwords (OTPs) and transaction authorization numbers (TANs).
Director of product marketing for online security firm Trusteer, Oren Kedem, indicated that the Tatanga variant discovered last week was not aimed at the United States. In regards to the origins of the malware, Kedem was quoted by CSO having said:
“We don’t know where it originated, but it’s fair to assume that the people are Spanish speaking, and familiar with the Spanish banks. There is reason to believe it is coming from that part of the world.”
Tatanga currently affects nine web-browsers which include Mozilla Firefox, Internet Explorer, Opera, Safari, and Google Chrome.
A Trojan horse, in regards to computing, is composed of a server and a client. Once the server is executed on the victim’s machine, a communication port is opened through which the client is able to establish a connection in order to remotely control the infected computer. As software and hardware firewalls, like those commonly incorporated into home routers, thwart traditional Trojans by blocking unsolicited connection requests, reverse client/server viruses are now the apparent standard.
In regards to countermeasures, Kedem has indicated that banks should provide anti-malware services and training to their customers. He was quoted having said:
“Banks need to make customers watch for any change from normal. They should be suspicious if they see any unsolicited offering, anything that is asking for new information, if the screen changes or if suddenly somebody from the bank is chatting with you. Call the bank and ask if it is genuine. The best way to be safe is to be suspicious.”
In the constantly evolving world of online security, this writer suggests Internet users utilize a variety of anti-virus software suites, either a software or hardware firewall, avoid shady websites to the best of their ability, utilize complicated passwords, never use the same “universal” password for their various accounts, carefully scrutinize anything that seems too good to be true, never divulge personal information, and regularly backup important data. While following these directions has the ability to mitigate the risk of losing important data, being scammed, or infected with a virus, the directions will not make you impervious to infections or scams. For this reason, always exercise caution when accessing the wild west world that is today’s Internet.
Anti-virus software often incorporates anti-virus offset scanners in order to pinpoint infections. Essentially, an offset scanner works by scanning the code composing a given file for a string common to a known a virus in order to determine whether or not the file is infected. As the scanner is simply searching based on a library of virus definitions, a virus must first be discovered and analyzed, often through reverse engineering and execution in controlled environments, in order for there to be a definition in the database of known viruses. To relate to a more common world of understanding such as that of the corporeal, researchers are unable to provide a cure for a virus prior to having knowledge of the virus and the same is true when it comes to computer viruses. Such is the perpetual cat-and-mouse game that we play.
A new potential “scam” is hitting our area. It involves receiving a call, supposedly from someone from Microsoft, saying that their computer system had sent a message to Microsoft warning that individual’s system had a serious virus infection that needed immediate attention. This was an obvious attempt to either solicit information about an individual’s computer and/or to “sell” them some type of “questionable” computer protection.
About three weeks ago, one of my neighbors contacted me to say that she had received such a call. Since she did not have an in-depth knowledge about computers she went into almost a “panic” mode for obvious reasons. Since I’ve been involved with computers for close to 40 years, I checked out her system and found absolutely nothing wrong. I told her not to worry and to ignore any further calls that she might receive regarding such an issue.
Well, on May 4 I received a call identical to the one she received. I explained that my computer made no such contact with Microsoft and that no such “infection” existed. Furthermore, I informed the caller that I “knew” this was a potential “scam” that they were trying to initiate by virtue of the fraudulent statement on their part about the virus infection and the contact with Microsoft’s computers.
People NEED to be aware of what’s going on and should somebody contact them stating that “their” computer contacted Microsoft about a virus infection, they need to know that in all likelihood no such direct communication ever occurred and that they were being subject to a potential “scam.”
Tatanga malware’s authors appear to be in the process of expanding their network of infected computers by spreading their banking Trojan, initially aimed at the customers of a single Spanish bank, through a free fraud protection insurance scam that preys on unsuspecting users of online banking.
Where those behind the Tatanga virus were initially intent on targeting customers of a sole bank in Spain, they appear to have expanded their illicit operations to include the customers of other banks.
Those behind the financial malware intend on stealing money as well as identities in order to perpetrate crimes pertaining to identity fraud. In order to do so, the virus relies on social engineering techniques which are intended to trick the victim into bypassing security measures imposed by their banks. Security measures which include one-time passwords (OTPs) and transaction authorization numbers (TANs).
Director of product marketing for online security firm Trusteer, Oren Kedem, indicated that the Tatanga variant discovered last week was not aimed at the United States. In regards to the origins of the malware, Kedem was quoted by CSO having said:
“We don’t know where it originated, but it’s fair to assume that the people are Spanish speaking, and familiar with the Spanish banks. There is reason to believe it is coming from that part of the world.”
Tatanga currently affects nine web-browsers which include Mozilla Firefox, Internet Explorer, Opera, Safari, and Google Chrome.
A Trojan horse, in regards to computing, is composed of a server and a client. Once the server is executed on the victim’s machine, a communication port is opened through which the client is able to establish a connection in order to remotely control the infected computer. As software and hardware firewalls, like those commonly incorporated into home routers, thwart traditional Trojans by blocking unsolicited connection requests, reverse client/server viruses are now the apparent standard.
In regards to countermeasures, Kedem has indicated that banks should provide anti-malware services and training to their customers. He was quoted having said:
“Banks need to make customers watch for any change from normal. They should be suspicious if they see any unsolicited offering, anything that is asking for new information, if the screen changes or if suddenly somebody from the bank is chatting with you. Call the bank and ask if it is genuine. The best way to be safe is to be suspicious.”
In the constantly evolving world of online security, this writer suggests Internet users utilize a variety of anti-virus software suites, either a software or hardware firewall, avoid shady websites to the best of their ability, utilize complicated passwords, never use the same “universal” password for their various accounts, carefully scrutinize anything that seems too good to be true, never divulge personal information, and regularly backup important data. While following these directions has the ability to mitigate the risk of losing important data, being scammed, or infected with a virus, the directions will not make you impervious to infections or scams. For this reason, always exercise caution when accessing the wild west world that is today’s Internet.
Anti-virus software often incorporates anti-virus offset scanners in order to pinpoint infections. Essentially, an offset scanner works by scanning the code composing a given file for a string common to a known a virus in order to determine whether or not the file is infected. As the scanner is simply searching based on a library of virus definitions, a virus must first be discovered and analyzed, often through reverse engineering and execution in controlled environments, in order for there to be a definition in the database of known viruses. To relate to a more common world of understanding such as that of the corporeal, researchers are unable to provide a cure for a virus prior to having knowledge of the virus and the same is true when it comes to computer viruses. Such is the perpetual cat-and-mouse game that we play.
