Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Gauss Malware Threat To Industrial Control Systems

LogRhythm : 10 August, 2012  (Technical Article)
LogRhythm comments on the emergence of the Gauss malware and what it might mean to the vulnerability of critical infrastructure systems
Extensive analysis on a new cyber espionage weapon dubbed ‘Gauss’ has been released, stating that the tool has capabilities to attack national critical infrastructure and steal financial data.

Apparently designed by the same ‘factory’ behind the state-sponsored Flame and Stuxnet cyberweapons, Gauss was discovered in June and has already been found to have infected personal computers in Lebanon and other countries in the Middle East. The sophisticated malware, which not only steals system information but has a potentially dangerous ‘mysterious payload’, also contains a module known as ‘Godel’ which researchers have concluded contain a weapon for attacking industrial control systems.

Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:

“This latest malware discovery clearly shows a developing trend of sophisticated cyber weapons, like the Stuxnet, Duqu and Flame viruses, which aim to take control of critical national systems. While Gauss’ initial purpose appears to be the theft of financial information, its inclusion of the ‘Godel’ module further proves that cyber warfare tactics between nation states can result in significant damage to physical infrastructure.

“A large proportion of today’s cyber security breaches – whether cyber espionage exercises such as data theft or full on cyber attacks that take control of critical systems – are a result of organisations lacking visibility into the activity taking place across their networks. Traditional perimeter cyber security defences such as anti-virus software just aren’t enough to ensure protection, particularly as Gauss’s ‘cousin’, the Flame virus, avoided detection from 43 different anti-virus tools and took over two years to detect. Instead, what’s required is a continuous monitoring of all log data generated by IT systems, so that any aberrant network activity can be identified, analysed and remediated in real time.

“Especially relevant in the detection of attacks on control systems like SCADA (supervisory control and data acquisition), constant monitoring of IT network log data also provides the traceability required to identify patterns in seemingly unrelated incidents enabling damage limitation strategies to be enacted before any destruction of national infrastructure can occur. In order to subvert this approach, hackers have to simultaneously break into their target, control systems like SCADA for example, and into the log management system to modify specifically the pieces they were looking for – a very difficult if not impossible task. Only by adding these additional levels of protection can anomalies be identified in real-time and cyber threats be responded to.” 
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo