Decoy water plant attracts hackers, Chinese APT1 crew
Posted on 06 August 2013.
A Trend Micro researcher that has lately concentrated on finding out just how often industrial control systems are attacked and from where has shared the latest findings of his research involving decoy systems as honeytraps, and says that one of them has been targeted by the infamous APT1 Chinese hacking crew.

At the Black Hat conference held last week in Las Vegas, researcher Kyle Wilhoit has revealed that he has set up twelve honeypots posing as water control systems in local water plants in the US, Brazil, Ireland, Australia, Singapore, Russia, China and Japan.

With the help of cloud software, he created realistic access and configuration screens and control panels that correspond to those used by typical plants of this kind, and waited for the attacks.

The attack by APT1 (also known as Comment Crew) began last December, and was initiated via a booby-trapped Word document hiding malware that, along with other things, pointed to the group being the perpetrator.

I actually watched the attacker interface with the machine, Wilhoit shared with MIT Technology Review. It was 100 percent clear they knew what they were doing."

Between March and June this year, the honeypots were intentionally attacked 74 times. Not all attacks were sophisticated, but 10 were sophisticated enough to gain complete control of the mosck systems.

By using the Browser Exploitation Framework he managed to locate the attackers' systems, and has discovered that they came from 16 different countries.

The majority of the non-critical attacks originated in Russia, and half of the critical ones in China. The rest of them were effected from systems in the UK, Germany France, Japan and Palestine.

It's also interesting to note that some of the attackers were clearly knowledgeable about things like distinct communication protocols used to control industrial hardware.

Once again, Wilhoit has successfully proven that even "insignificant" systems like those of a local water authority are interesting to attackers, and has pointed out that those owning and/or operating industrial control systems (ICS) should be aware of that fact and should look into hardening them.









Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //