The unsuccessful attacks were the result of email addresses being publicly posted on an electric company's website.
March 18, 2013
Honeypots installed by researchers at security firm Trend Micro provided bait for 39 attacks on simulated ICS environments over the course of a month.
November 01, 2012
For the last several years, security experts have been stressing the vulnerability of industrial control systems. Now, with attacks like Stuxnet proof of the risk, the big question is: How will industry respond?
A virus has reportedly shut down the energy company's website and email servers, giving rise to questions of whether the Shamoon virus is to blame.
Oil company Saudi Aramco has yet to confirm whether a virus, which struck 30,000 of its workstations, is Shamoon -- malware said to be targeting the Middle East energy sector.
Shamoon, malware that overwrites files to the point of making computers unusable, has been described as a targeted, yet damaging threat.
August 01, 2012
Consensus needs to be developed around how critical infrastructure is defined, says Mark Clancy, managing director and CISO for The Depository Trust & Clearing Corp.
August 01, 2012
Only through collaboration can government and the private sector thwart cyber attacks, says Raymond Choo.
Better coordination, actionable information, and risk awareness are needed to protect the country's critical infrastructure, especially the power grid, according a congressional watchdog report.
A sustained attack against the nation's natural gas pipelines, apparently orchestrated by the same malicious party, is proving difficult to quell.
The head of the National Security Agency is warning that Anonymous may be developing capabilities to target the U.S. power grid, but members of the hacktivist collective called such claims nothing more than fear mongering.
A new version of a federal law designed to protect the nation's critical assets is toned-down from previous cyber security proposals, but business and privacy leaders have concerns.
Unauthorized individuals gained access to the personal data belonging to customers of New York State Electric & Gas (NYSEG) and Rochester Gas & Electric (RG&E), which are owned by Iberdrola USA.
January 18, 2012
Many managers of utilities companies don't understand or appreciate the value of IT security...at their, the facilities' and the community's peril.
The proposal is helpful, but still doesn't answer the question: who to call when an attack happens.
While a number of entities have a stake in maintaining the cyber security of the U.S. electric grid, no single organization is currently responsible for overseeing protection across all aspects of grid operations.
An Illinois water utility pump failure may have been an accident caused by an employee -- not the work of foreign hackers.
Hackers reportedly breached the systems of a company that makes supervisory control and data acquisition (SCADA) systems, used to manage operations at critical infrastructure facilitates, and stole customer usernames and passwords.
November 04, 2011
"Cyber Atlantic 2011" aimed to clarify how the two nations can best communicate about cyber incidents that occur on government systems or critical infrastructure.
Microsoft issued a temporary fix for a vulnerability in the Windows kernel used to spread Duqu, the so-called "son of Stuxnet" trojan.
Hackers over the summer targeted at least 29 companies in the chemical sector during an attack campaign aimed at stealing intellectual property.
The slowness by which an offspring of Stuxnet was discovered may be further proof that attackers have a significant leg up on the security community.
When it comes to stopping individuals who want to compromise industrial control systems, the Anonymous group is certainly not Enemy No. 1.
Fresh off the Stuxnet attack, critical infrastructure environments must evolve to meet the growing threat, Pan Kamal, VP of marketing at AlertEnterprise, tells SC Magazine Executive Editor Dan Kaplan.
An Italian analyst said he spent little time finding a new batch of vulnerabilities impacting industrial control systems.
The White House on Thursday unveiled sweeping cybersecurity legislative recommendations to Congress.
Software products used to manage critical infrastructure facilities contain a vulnerability that could allow an attacker to take control of affected systems, the ICS-CERT warned.
Critical infrastructure providers have been slow to respond to an increasing number of threats targeting industries such as power, oil, gas and water, according to a new report.
Exxon Mobil, Royal Dutch Shell and BP were among the oil companies targeted by hackers believed to be from China to steal proprietary information about oil and gas field bids and operations, according to Bloomberg News. McAfee earlier this month disclosed details about the intrusions, dubbed "Night Dragon." The security firm, however, did not list any of the victim companies. According to Bloomberg, citing unnamed individuals familiar with the investigations, the list of targeted companies also includes Marathon Oil, ConocoPhillips and Baker Hughes. — AM
Mikko Hypponen, chief research officer of F-Secure, distinguishes among cyberwar and everything else, explains why the anti-virus industry failed when it came to detecting and preventing Stuxnet, discusses why critical infrastructure is at major risk to attack and reveals how he tracked down the authors of the first PC virus, which turns 25 years old this year. SC Magazine Executive Editor Dan Kaplan spoke with Hypponen following a media luncheon at the RSA Conference in San Francisco.
