I blame the WSJ reporter for the ridiculous story, “The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack”. Either the reporter miscast what the NSA Director said or was dumb enough to bite on the story. Anonymous could do it now if they chose to as could anyone with moderate to strong hacking skills, desire, time and the willingness to get in a lot of trouble for causing a regional or larger blackout.
This week showed a good example of TippingPoint’s Zero Day Initiative (ZDI). Luigi Auriemma provided an ABB WebWare vulnerability to ZDI and got some money for it. The ZDI provided it to ABB who promptly developed a security patch. This week it was disclosed publicly.
More problems with pcAnywhere. Now pcAnywhere Nuke claims to crash a fully patched version of the product, and there may be more dangerous exploits coming. PcAnywhere is still widely used for ad hoc remote ICS access. A good reminder that every application and component on your ICS devices is part of the attack surface.
Tweet of the Week
Worth Reading Articles
- Nothing this week — really
Critical Intelligence’s ICS Security Event Calendar Updates
- ISA Using ANSI/ISA99 To Secure Your Control System, April 12 – 13 in Eindhoven, Netherlands
- Oliver Kinross SCADA and Smart Grid Cyber Security Summit, April 26 – 27 in London, UK
- ISA Using ANSI/ISA99 To Secure Your Control System, June 14 – 15 in Eindhoven, Netherlands
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by anmar_