This post is also available in: עברית (Hebrew)
The U.S Department of Homeland Security (DHS) has issued an alert about a coordinated cyber attack which could jeopardize Industrial Control Systems (ICSs).
The alert is about a Remote Access Trojan (RAT) malware package known as Havex. Joe Caruso, Global Digital Forensics (GDF) founder and CEO/CTO, hopes it serves as a wakeup call. “We are past the days when cyber security was strictly considered an in-house issue. The reality today is that every “trusted” entity you deal with in the digital world should be checked out as far as their cyber security posture too, because like Havex shows, if hackers can infiltrate any one of your “trusted” suppliers, vendors, application providers, or any other entity you share digital information and/or assets with, enemies can covertly find their way inside the gates to do as they please.”
“SCADA systems (Supervisory Control and Data Acquisition) of critical infrastructure targets are tantalizing for hackers in many arenas, from state-sponsored saboteurs from other nations looking for a cyber-warfare advantage, to hacktivists trying to make a political or ideological statement, or even a lone wolf hacker just looking for some notoriety in underground hacker circles, and by compromising a system or network of a vendor, partner or other entity doing business with our infrastructure organizations, they can get their foot in the door for full access even if the targeted organization has gone through great pains and resources to secure their digital assets.”