Scada system | Breaking Cybersecurity News | The Hacker News

A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word documents as droppers to deploy a previously unknown Python-based RAT dubbed "PoetRAT" due to various references to sonnets by English playwright William Shakespeare. "The RAT has all the standard features of this kind of malware, providing full control of the compromised system to the operation," said Cisco Talos in an analysis published last week. According to the researchers, the malware specifically targets supervisory control and data acquisition (SCADA) systems in the energy industry, such as wind turbine systems, whose identities are currently not known. The development is the latest in a surge in cyberattacks exploiting the ongoing coronavirus pandemi...

A story has been making the rounds on the Internet since yesterday about a cyber attack on an Indian nuclear power plant. Due to some experts commentary on social media even after lack of information about the event and overreactions by many, the incident received factually incorrect coverage widely suggesting a piece of malware has compromised "mission-critical systems" at the Kudankulam Nuclear Power Plant . Relax! That's not what happened. The attack merely infected a system that was not connected to any critical controls in the nuclear facility. Here we have shared a timeline of the events with brief information on everything we know so far about the cyberattack at Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu. From where this news came? The story started when Indian security researcher Pukhraj Singh tweeted that he informed Indian authorities a few months ago about an information-stealing malware, dubbed Dtrack, which successfully hit "extre...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON , also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric which are often used in oil and gas facilities. Triconex Safety Instrumented System is an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically if a dangerous state is detected. Since malware of such capabilities can't be created by a computer hacker without possessing necessary knowledge of Industrial Control Systems (ICS), researchers believe with "high confidence" that Moscow-based lab Central Scientific Research Institute of Chemistry and...

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected. Researchers from the Mandiant division of security firm FireEye published a report on Thursday, suggesting state-sponsored attackers used the Triton malware to cause physical damage to an organization. Neither the targeted organization name has been disclosed by the researchers nor they have linked the attack to any known nation-state hacking group. According to separate research conducted by ICS cybersecurity firm Dragos, which calls this malware "...

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS , a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and embedded devices from cyber attacks by preventing any third-party or malicious code from executing. Kaspersky Lab CEO Eugene Kaspersky confirmed the rumors of a new operating system on his official blog published on Monday, saying this project under the codename 11-11 has been in the works for 14 years and has been designed from scratch. The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure. It's quite easy for most companies to get rid of the virus-infected computer, ...

Security researchers have discovered a new campaign targeting energy companies in Western Europe with a sophisticated malware that almost goes to great lengths in order to remain undetected while targeting energy companies. Researchers from SentinelOne Labs discovered the malware, which has already infected at least one European energy company, is so sneaky and advanced that it is likely believed to be the work of a wealthy nation. The malware, dubbed ' SFG ', contains about 280 kilobytes of code, featuring a vast arsenal of tools rarely seen in ordinary malware samples. It takes " extreme measures " to cleverly and stealthily evade a large number of security defenses before it drops its payload. The malware dismantles antiviruses processes one-by-one until the malware is finally safe to uninstall them all. It also encrypts key features of its code so that it could not be discovered and analyzed. It'll not execute itself if it senses it's being run in...

Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed " IRONGATE ," affects Siemens industrial control systems. The malware only works in a simulated environment and is probably just a proof-of-concept that is likely not used in wild; therefore is not yet advanced enough to impact real-world systems . The Irongate malware "is not viable against operational Siemens control systems," the cybersecurity firm said in its blog post , and the malware "does not exploit any vulnerabilities in Siemens products." The researchers found this malware fascinating due to its mode of operation that included some Stuxnet-like behavior. The Stuxnet sab...

The country which built a Digital Iron Dome , Israel had undergone one of the largest serious cyber attack this year. This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid Authority's Network. "Yesterday we identified one of the largest cyber attacks that we have experienced," Energy Minister Yuval Steinitz confirmed at the CyberTech 2016 Conference at the Tel Aviv Trade Fair and Convention Center on Tuesday, according to an article published by The Times of Israel. "The virus was already identified and the right software was already prepared to neutralize it," Steinitz added. "We'd to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over...but as of now, computer systems are still not working as they should." Sev...

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and " Havex " that previously targeted organizations in the energy sector. Now once again, hackers have used highly destructive malware and infected, at least, three regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December. The energy ministry confirmed it was investigating claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the power outage that left half of the homes in Ivano-Frankivsk without electricity just before Christmas. According to a Ukrainian news service TSN, the outage was the result of nasty malware that disconnected electrical substations. Related Read: Dragonfly Russian Hackers Target 1000 Western Energy Firms . First Malware to...