Results 1 to 20 of 112

Thread: Malware & other nasty IT / cyber things

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    IMPORTANT for providers of critical infrastructure....

    Severe vulnerability in GE Multilin SR poses a serious threat to Power Grid
    Security experts discovered a critical vulnerability in GE Multilin SR that poses a serious threat to the power grid worldwide. A team of researchers from New York University has found a serious vulnerability in some of GE Multilin SR protection relays...
    The experts will provide further details about the vulnerability at the upcoming Black Hat conference in Las Vegas,#below an excerpt from the#abstract#published on the conference website.
    “Essentially, we completely broke the homebrew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations,” explained the experts in their abstract. “Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack.”
    The experts will propose also a live demo showcasing exploitation of the vulnerability during their talk anticipating that an attack leveraging on the issue would have a significant impact on a nation.
    The#ICS-CERT published a security advisory#on this threat that was tracked as CVE-2017-7095.
    An attacker can obtain the password either from the front LCD panel or via Modbus commands and use it to gain unauthorized access to vulnerable products.
    “Successful exploitation of this vulnerability may allow a remote attacker to obtain weakly encrypted user passwords, which could be used to gain unauthorized access to affected products.” reads the advisory.#
    “Cipher text versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Cipher text of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.”

    The following versions of GE Multilin SR relays are affected by the flaw:
    750 Feeder Protection Relay, firmware versions prior to Version 7.47,
    760 Feeder Protection Relay, firmware versions prior to Version 7.47,
    469 Motor Protection Relay, firmware versions prior to Version 5.23,
    489 Generator Protection Relay, firmware versions prior to Version 4.06,
    745 Transformer Protection Relay, firmware versions prior to Version 5.23, and
    369 Motor Protection Relay, all firmware versions.
    GE has promptly released firmware updates that fix the vulnerability for most of the above products. The firmware updates for 369 Motor Protection Relays are expected to be released in June.
    To mitigate the vulnerability#GE recommends that users apply updated firmware versions to affected products, as well as implement the following best practices:
    Control access to affected products by keeping devices in a locked and secure environment,
    Remove passwords when decommissioning devices,
    Monitor and block malicious network activity, and
    Implement appropriate network segmentation and place affected devices within the control system network, behind properly configured firewalls. Protection and Control system devices should not be directly connected to the Internet or business networks.
    While the recent disruptions to Ukraine’s energy supply have clearly demonstrated that attacks on the power grid are a reality, it’s not uncommon for cybersecurity researchers to exaggerate the impact of their findings. It remains to be seen exactly how easily this flaw can be exploited after more information is made available.
    Last edited by davidbfpo; 04-29-2017 at 10:16 AM. Reason: Moved from anothe rthread, as it fits here best.

  2. #2
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default

    (CNN)White House homeland security adviser Tom Bossert said Monday the United States believes North Korea was behind the "WannaCry" cyberattack earlier this year.
    "After careful investigation, the US today publicly attributes the massive 'WannaCry' cyberattack to North Korea," Bossert wrote in a Wall Street Journal op-ed.
    He continued, "The attack was widespread and cost billions, and North Korea is directly responsible."
    http://www.cnn.com/2017/12/18/politi...cry/index.html

    Previous posts-in-thread on WannaCry.
    http://council.smallwarsjournal.com/...archid=6713937
    You're welcome.
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

Similar Threads

  1. Russo-Ukraine War 2016 (April-June)
    By davidbfpo in forum Europe
    Replies: 1088
    Last Post: 07-01-2016, 08:44 PM
  2. Leadership of Cyber Warriors: Enduring Principles and New Directions
    By SWJ Blog in forum Media, Information & Cyber Warriors
    Replies: 0
    Last Post: 07-11-2011, 02:41 PM
  3. USAF Cyber Command (catch all)
    By selil in forum Media, Information & Cyber Warriors
    Replies: 150
    Last Post: 03-15-2011, 09:50 PM
  4. Replies: 51
    Last Post: 01-08-2011, 07:42 PM
  5. Question 5: Cyber space (oh you know I had to ask at least one of these)
    By selil in forum TRADOC Senior Leaders Conference
    Replies: 7
    Last Post: 08-14-2009, 03:27 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •