Submitted by Eric Byres on Mon, 2011-03-21 10:23
There has been a lot of media coverage and discussion of the Stuxnet malware, and its impact on industrial control system (ICS) and SCADA security. We are one of the groups guilty of creating a Stuxnet publishing industry.
Submitted by Eric Byres on Tue, 2011-02-22 16:27
Over the past four months, Joel Langill, Andrew Ginter and I have been working on a really cool research project. We have been investigating how Stuxnet would infect an industrial site protected by a “high security architecture.”
Submitted by Eric Byres on Fri, 2010-09-17 09:16
Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.
Submitted by Eric Byres on Wed, 2010-08-11 10:05
If you have been reading the various advisories on the Stuxnet malware, you would be forgiven for thinking that only computers running relatively new versions of the Windows systems are vulnerable to this worm. For example, the Siemens Stuxnet advisory states; “The virus affects operating systems from XP and higher.” Does that mean if I am running Windows 2000 servers I am immune?
Unfortunately, the answer is NO! Based on our testing, all versions of Windows are vulnerable to Stuxnet, regardless of age.
Submitted by Eric Byres on Wed, 2010-08-04 21:00
Over the past half decade I have avoided creating blog on cyber security. After all, there certainly are plenty of blogs out there, and some provide excellent and detailed analysis of the latest news in SCADA security.
