Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Sophos Comments On Critical Infrastructure Zero-Day Vulnerability

Sophos : 22 July, 2010  (Technical Article)
A variation of the Stuxnet malicious code is now in the wild and focussed on attacking SCADA based infrastructure systems
IT security and data protection firm Sophos has issued new guidance and research on a Windows zero-day vulnerability that is already being used to target critical infrastructure systems, and for which exploit code has been made widely available.

Since first reporting on the vulnerability earlier this week, Sophos has now detected an additional variant of the malware payload, prompting concerns that further examples of the attack will materialise as the hackers attempt to avoid detection.

Termed the 'CPLINK' vulnerability by SophosLabs, researchers have found that the vulnerability is present in all Windows platforms - including Windows 2000 and Windows XP SP2, both of which Microsoft ceased official support for last week. Initially associated with removable USB storage devices, the CPLINK vulnerability requires no direct user interaction to deliver its payload, which Sophos has named the Stuxnet-B Trojan. Early versions of the malware have been programmed to seek out SCADA software (Supervisory Control And Data Acquisition) by Siemens Corporation, which is used in managing industrial infrastructures, such as power grids and manufacturing plants.

'The threat from the exploit is high as all a user has to do is open a device or folder - without clicking any icons - and the exploit will automatically run," said Graham Cluley, senior technology consultant at Sophos. "With an additional variant of the malware already on the loose, the potential for this exploit to become more widespread is growing rapidly.'

The issue has been compounded by the revelation that default passwords, hardcoded into the Siemens SCADA system, have been widely available on the Net since 2008 - and Siemens has issued guidance that operators should not now change passwords in response.

"Siemens is worried that if critical infrastructure customers change their SCADA password - to hinder the malware's attempt to access their system - they could at the same time throw their systems into chaos,' continued Cluley. "This is a horrible situation. Good security practice would be for the systems that look after critical infrastructure to not use the same password. Furthermore, the systems shouldn't be hard-coded to expect the password to always be the same - which results in any change to the password resulting in a right royal mess."

Sophos has updated its protection for customers, detecting the attacks that have already been seen and issuing proactive defences against future threats based upon the exploit. Microsoft, meanwhile, is believed to be working on an emergency patch to fix the vulnerability in their software.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo