US Defense Contractors and Universities Targeted In Cyberattacks 79
Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."
Biggest Change (Score:5, Interesting)
This is low level Cyber warfare and its starting to ramp up. this is like the introduction of planes in WWI. At first they waived at each other on their scouting mission. then someone brought a pistol, then a rifle. Then it was gunners and machineguns until we get the Red Baron and Fighter Aces. Next thing we know its jet Propulsions and heat Seakers, Stealth fighters launching! Make no mistake, Stuxnet was the First pistol at 1000 feet, what comes next no one can guess.
what is obvious is that Information Assutrance is no longer a support service, somewhere behind tech support and first to be cut, IA is now a front line warfighter task. Lets just hope the bean countes realize in time!
Re:This is news? (Score:5, Interesting)
That is correct. 5 years ago I worked at a Defense contractor and we had a carefully crafted spear phishing attack. The hackers learned that Company "doe" did the support for IT for most of their IT. The group created a "doesupport.com" domain, and stole company logos from "doe.com". A fake site was crafted, and honestly looked pretty legit. They even had someone that knew English do the wording. The problem was, with all that work they had a username and password dialogue box on the site, and our users were warned about this type of attack every day. We had 1 user out of about 6800 log in to the site, and more than 2800 tickets from users reporting the suspected site.
The site was in the US, but traced it's roots to China. Interesting how fast this gets found out when Government is involved.
Obviously "doe" is a fictional name to protect both the contractor and support people.
Re:China (Score:5, Interesting)
You are making a massive leap in logic. If we opened a war with North Korea for example, I think you would find that even if it did not do so openly, China would be sending in lots of troops. The regime is not the only difference between now and the Vietnam/NK war times. There is also no open war in the area, which makes probably more difference than who is currently in power.
Re:Biggest Change (Score:2, Interesting)
For some time, Chinese hacking has been the "landwar in Asia" tactic. Lots and lots of units in the field. When you have 30,000 longbowmen, it really doesn't matter how good their aim is, as long as they can fire quickly and in roughly the right direction a lot of people are going to be hit by arrows. Much of their hacking has been the same, sacrifice accuracy for quantity and get results.
The USA has (for quite some time now) preferred the "sniper" model. Small groups, low profile, and then someone falls over dead in the middle of inspecting the troops. The irony of that with Flame and Stuxnet is how big of an infection vector was still small enough to avoid notice. For those of us who used CPUs without a trademark as part of the name, it looks a lot like being able to drive an Abrams through hostile territory just by pulling up behind a caravan and not shooting anyone for a while. (I wonder if that would work, how many supply lines would assume "if it was hostile, it would've stopped us by now. Must be a capture.")
Re:China (Score:5, Interesting)
Since we have such a closed government now, and many other countries are following the same exact tight lipped policies let me ask a few questions.
Syria, how many foreigners are involved? We simply don't know, and obviously we won't know. I think we both know that the US, China, and Russia are all involved right? Just how much and who becomes the question. Is Russia simply supplying arms? Or are they also manning gunships in "Police" action? (Just like the US does mind you)
How many Iranians are involved in the constant fights still going on in Iraq and Afghanistan? Pakistanis? Again, we don't know.
These are small conflicts at this point, the US made sure that the actual war was over very quickly. If this was a longer war, would more troops from more countries be involved? Historically the answer is a resounding "FUCK YEAH!"
The more open the conflict, the more apt there will be for people to send in soldiers. It's a simple game in politics that is universally played. Everyone want's their interests interjected on the other side. If that was not true, why would we have wars in the first place?
What's the name of the Targeted Operating System? (Score:4, Interesting)
Just who in their right minds connects a SCADA unit directly to the Internet. Lets have a contest too see how long someone can write about Internet security without once mentioning Microsoft Windows.
"In Digitlbond's case, the file is called "Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe" and when it's opened, the file installs a Trojan downloader [threatpost.com] called spoolsvr.exe "