Project Basecamp Adds Stuxnet-Like Attacks To Metasploit 17
Trailrunner7 writes "Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers (PLCs). The new exploits, which are being submitted to the Metasploit open platform, include one that carries out a Stuxnet-type attack on PLCs made by the firm Schneider Electric, according to information provided to Threatpost by Digital Bond, a private consulting firm that has sponsored the effort. It was the third major release from researchers working for Project Basecamp and included three new modules for the Metasploit platform that can exploit vulnerable PLCs used in critical infrastructure deployments. The exploits rely on a mix of software vulnerabilities and insecure 'features' of common PLCs, which serve a variety of purposes in industries as varied as power generation, water treatment, manufacturing and others."
Good news, everybody! (Score:3, Interesting)
Oh good. What the world really needs is for script kiddies to be able to knock industrial equipment offline without even learning anything about the equipment they're attacking.
Well, maybe some incompetent fools who put PLCs on a publically-accessible network will learn a valuable lesson. I guess every cloud has a silver lining.