• chevron_right

      PIPEDREAM Malware against Industrial Control Systems

      news.movim.eu / Schneier · Tuesday, 9 May, 2023 - 15:24

    Another nation-state malware , Russian in origin:

    In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).

    The malware was built to manipulate the network communication protocols used by programmable logic controllers (PLCs) leveraged by two critical producers of PLCs for ICSs within the critical infrastructure sector, Schneider Electric and OMRON.

    CISA advisory . Wired article .

    • chevron_right

      Montenegro is the Victim of a Cyberattack

      news.movim.eu / Schneier · Tuesday, 6 September, 2022 - 03:47

    Details are few, but Montenegro has suffered a cyberattack :

    A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control.

    […]

    But the attack against Montenegro’s infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others.

    Government officials in the country of just over 600,000 people said certain government services remained temporarily disabled for security reasons and that the data of citizens and businesses were not endangered.

    The Director of the Directorate for Information Security, Dusan Polovic, said 150 computers were infected with malware at a dozen state institutions and that the data of the Ministry of Public Administration was not permanently damaged. Polovic said some retail tax collection was affected.

    Russia is being blamed, but I haven’t seen any evidence other than “they’re the obvious perpetrator.”

    • chevron_right

      Attacks on Managed Service Providers Expected to Increase

      news.movim.eu / Schneier · Monday, 16 May, 2022 - 21:14

    CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint for future attacks.

    News articles .

    • chevron_right

      Industrial Control System Malware Discovered

      Bruce Schneier · news.movim.eu / Schneier · Thursday, 14 April, 2022 - 15:46

    The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. There’s also no indication of how the malware was discovered. It seems not to have been used yet.

    More information . News article .

    • chevron_right

      White House Warns of Possible Russian Cyberattacks

      Bruce Schneier · news.movim.eu / Schneier · Tuesday, 22 March, 2022 - 14:57 · 1 minute

    News :

    The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion.

    […]

    Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors. But there’s been no sign so far of major disruptive hacks against U.S. targets even as the government has imposed increasingly harsh sanctions that have battered the Russian economy.

    • The public alert followed classified briefings government officials conducted last week for more than 100 companies in sectors at the highest risk of Russian hacks, Neuberger said. The briefing was prompted by “preparatory activity” by Russian hackers, she said.
    • U.S. analysts have detected scanning of some critical sectors’ computers by Russian government actors and other preparatory work, one U.S. official told my colleague Ellen Nakashima on the condition of anonymity because of the matter’s sensitivity. But whether that is a signal that there will be a cyberattack on a critical system is not clear, Neuberger said.
    • Neuberger declined to name specific industry sectors under threat but said they’re part of critical infrastructure ­– a government designation that includes industries deemed vital to the economy and national security, including energy, finance, transportation and pipelines.

    President Biden’s statement . White House fact sheet . And here’s a video of the extended Q&A with deputy national security adviser Anne Neuberger.

    • chevron_right

      Including Hackers in NATO Wargames

      Bruce Schneier · news.movim.eu / Schneier · Friday, 29 January, 2021 - 18:03

    This essay makes the point that actual computer hackers would be a useful addition to NATO wargames:

    The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks. Hackers and cyberwar experts would demonstrate how industrial control systems such as power supply for refrigeration and temperature monitoring in vaccine production facilities are critical infrastructure; they’re easy targets and should be among NATO’s priorities at the moment.

    Diversity of thought leads to better solutions. We in the information security community strongly support the involvement of acknowledged nonmilitary experts in the development and testing of future cyberwar scenarios. We are confident that independent experts, many of whom see sharing their skills as public service, would view participation in these cybergames as a challenge and an honor.

    • chevron_right

      Movim is moving!

      Timothée Jaussoin · pubsub.movim.eu / Movim · Wednesday, 20 January, 2021 - 06:47 edit

    Following our previous article, with the sudden subscription of hundred of new users both on our XMPP #services movim.eu and jappix.com and on #Movim itself it seems that we are starting to be quite limited by our current servers capacity.

    You might have noticed some connection issues and downtimes the past few days that are the direct result in this recent gain of interest for Movim.

    In the upcoming days we are planning to migrate the whole #infrastructure to a new server to give a bit more space for the project to grow and to allow many new users to join us.

    This will involve some extra server costs. If you want to help us covering our expenses you can always join our Patreon.

    By the way, we also bumped the size limit from 3Mb to 10Mb on our XMPP upload service, enjoy!