A new piece of industrial control malware has been discovered. Dubbed SFG, Sentinel One Labs discovered the piece on the information networks of a yet-unnamed European energy company.
It appears quite sophisticated. It not only collects information on the infected system but opens a backdoor through which a destructive payload could be launched, “to potentially shut down an energy grid”. Continue reading
The location of the utility has not been revealed and its name has been changed in Verizon’s report, but given the fact of Verizon’s involvement, this likely happened in the U.S. — all the other incidents discussed in the report linked in The Register’s article took place in America. And we know that jihadis have long wanted to poison the water supply. As far back as 2002, the feds arrested two jihadis who were carrying plans about how to poison water supplies. In 2003, al-Qaeda threatened to poison water supplies in Western countries. In 2011, a jihadi in Spain likewise planned to poison water supplies.
And in May 2013, seven Muslim “chemical engineers” were caught trespassing at the Quabbin Reservoir, a key supply of water for Boston, after midnight. Only months later and indirectly did we hear that it was a “criminal matter.” A month later, locks were cut at the aqueduct that supplies water to Greater Boston. Continue reading
A year-long study found that the present legal and regulatory approach to EMP/Space weather threat to America’s nuclear power plants are inadequate and dangerous. This sorry state is anchored in the industry efforts to maintain safety regulations dating back to the 1980s, and a national security mentality relevant at the end of the Cold War.
This has been successful, in part, due to a campaign to brand nuclear power as a clean, safe source of energy. To their credit, the NRC and industry have demonstrated a commitment to safety where design basis events are concerned. However, EMP and GMD are beyond design basis events. Once these occur, there are no guarantees and few strategies with which to cope. Continue reading
Another interesting factor in attacks on the U.S. critical infrastructure is the exploiting of SCADAS. It’s been evidenced quite a few times that these have been compromised.
Here is one such example: UPDATE 3: U.S. probes cyber attack on water system
More than 10,000 people in Arkansas were dumped into a blackout Sunday following an attack on that state’s electric grid, the FBI said today, the third such attack in recent weeks. In August, a major transmission line in the region, around Cabot, Ark., was deliberately cut.
The FBI said that two power poles had been intentionally cut in Lonoke County on Sunday, resulting in the outage.
The FBI said it would pay a $25,000 reward for information about the attacks.
And for good reason. The FBI suspects these attacks are linked with a third incident in September. Continue reading