Sunday, November 16, 2014

Chinese Spies are retiring: Spanish Waste & Drinking Water services don't need them

Industrial Control engineers do their work for them

Critical Infrastructure protection law is being deploying in Spain and new essential sectors will be covered this year. One of those sectors is Water and I have began to study that sector in depth.
My first findings are amazing and I will talk about them in my next posts.

This week I will show you how things have changed with social networks in these last years. Nowadays, everyone seems to find for celebrity through social network presence: Facebook, Twitter, LinkedIn and any other platform that let you show to the entire world how cool you are. (By the way, you could think this is what I am doing, but this is just Cyber Work).

Making some Internet spidering on Waste water plants around Spain I have found some "funny" staff.
In one SCADA control engineer personal blog I have found his complete CV describing all the projects he has been working in through his career. This is not bad by itself but when deep description on SCADA plant systems is present, it is getting worse....

Information you can find there is:
  • Plant Name and location
  • Automation elements description:
    • SCADA application redundant systems (Schneider Electric Monitor Pro)
    • 3 Telemecanique Unity devices (MODICOM PLCs)
    • Other PLC to control engines
    • Ethernet interconnection between them and a Modbus Gateway
    • Interconnection Diagram
    • Advantsys I/O modules 
Sure you can find many plants worse documented than this !!!!

Awareness is something we have to improve in the next months if we want to get a better Security Level in our critical infrastructure.

In the meantime, no Chinese spies required ......
Posted by at

Wednesday, November 5, 2014

New threats, Old vectors



In the last weeks I have been making some presentations on different Cyber Security Events in different Cities and with different attendants, but there is always a common question in all of them:

- "Can you talk us about the new Threats?".

My response is always the same:

- "Don't you have enough with the old ones?"

 I understand people can be worried about all Cyber espionage, Cyber Crime, Cyber attacks campaigns, but at the end of the day everything remains the same: "Nobody reads the F#@ Manual".

When talking about Dragonfly we have been dealing with old attack vectors:
  • Phising
  • Compromising vulnerable Web Sites
Nothing new in these attacks. Nothing a good awareness policy can't stop. Nothing a basic OWASP compliance test can not detect. Nothing has been done in those organizations in the last years on the security posture.

In the last 8 ENISE congress, some representative from the NATO Security Network Area was describing the top attacks NATO was registering, and surprisingly they were: Phising and DDOS.
May be the malware associated with the phising campaigns is more sophisticated (on the second round), but there must be always someone who press the attach link to activate the malware.

Why don't we stop the old attack vectors before proceeding to the new threats defenses ?

Posted by at
Subscribe to: Posts (Atom)