Forgot your password?
typodupeerror
Security

Industrial Control System Firms In Dragonfly Attack Identified 24

Posted by Unknown Lamer
from the they're-in-the-grid dept.
chicksdaddy (814965) writes Two of the three industrial control system (ICS) software companies that were victims of the so-called "Dragonfly" malware have been identified. ... Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers. Peterson has also identified the third vendor, identified by F-Secure as a Swiss company, but told The Security Ledger that he cannot share the name of that firm.

The three firms, which serve customers in industry, including owners of critical infrastructure, were the subject of a warning from the Department of Homeland Security. DHS's ICS CERT said it was alerted to compromises of the vendors' by researchers at the security firms Symantec and F-Secure. DHS said it is analyzing malware associated with the attacks. The malicious software, dubbed "Havex" was being spread by way of so-called "watering hole" attacks that involved compromises of vendors web sites. According to Symantec, the malware targeted energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. Most of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.
This discussion has been archived. No new comments can be posted.

Industrial Control System Firms In Dragonfly Attack Identified

Comments Filter:
  • I hadda look this one up. [wikipedia.org]

  • by Anonymous Coward

    Good luck with securing that as a protocol. Might as well tape a 'kick me' sign on your back. When you are controling things that can kill people why is ease of use/development even a consideration?

  • So the Belgian and German companies can be named, but not the Swiss one? That seems strange.

    • by Dale Peterson (3733417) on Saturday July 05, 2014 @09:58PM (#47390985)
      We found the Belgian and German companies independently. The name of the Swiss company was shared in confidence, primarily to confirm our contention it was another small company with actually less of an impact than eWON or MB Connect. We are in the process of getting the name from additional sources without restrictions and will publish it when we can. It should be out as should the ICS and energy sites that were redirecting. Of course, it still is a mystery why US-CERT/ICS-CERT and the European CERTs don't mention any of the company names. The names would certainly be helpful if they wanted to alert asset owners that they may be compromised. eWON, to their credit, posted an updated notice on their home page of the website breach. MB Connect and the Swiss vendor sites are still silent on the issue. Dale Peterson @digitalbond
      • Of course, it still is a mystery why US-CERT/ICS-CERT and the European CERTs don't mention any of the company names. The names would certainly be helpful if they wanted to alert asset owners that they may be compromised.

        It's no mystery at all.

  • Peterson has also identified the third vendor, identified by F-Secure as a Swiss company, but told The Security Ledger that he cannot share the name of that firm.

    Well, HELLO there, internets!

    It'll be interesting to see why that company could not be named. Banking, perhaps?

  • It's a good thing none of these industrial controls require IE 6 with an unsupported OS with updates turned off requiring a live internet connection or anything stupid. For a minute that would imply mass incompetence

  • My employer had SCADA sent via a telephone line to some engineer at another location Walt had no idea how the plant operated or what the info he could see meant and could have started or stopped some equipment remotely. One of the telemetry techs allowed a contractor to shut down a 9 million gallon/day lake pump, not a good thing. There wasn't even a password.
  • ... the gods themselves, contend in vain. The first time I heard of this, my instant thought was that it was utter stupidity to connect any industrial process to the Internet. Since then, every comment I've heard or seen from every source follows the same idea, so why is anyone still doing it?

    The cost argument really doesn't fly. Can you imagine the firestorm of compensation claims when (not if) the first major disaster takes place?
    • by EETech1 (1179269)

      I use the eWon, and MBConnect devices all the time, one or the other goes in to every machine we build. They are VPN gateways with secure login so we can remotely work on a machine instead of having to immediately travel to it to check the slightest thing.

      None of our customers leave the internet side of the device plugged in. Unless we are on the phone with them, and they are by the machine, it is unplugged. As an additional level of security, the device has a keyswitch connected to it that must be turned

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...