Jump to content
Login new information ×
Login new information

Microsoft Office pulled into SCADA security shenanigans

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

Clippy wouldn't stand for any of that messing

 

THE BLACKENERGY malware threat is back and being enabled by people and an unpatched Office 2013 vulnerability that really should have been put to pastures already.

 

BlackEnergy is the industrial systems nightmare that has made itself an unwelcome guest in a variety of places. It gets knocked down, but it can get up again.

Security firm SentinelOne explained in a BlackEnergy 3 security analysis (PDF) that an unpatched system is one option for entry, but that the most likely explanation is a mischievous insider.

 

"Execution of this particular BlackEnergy 3 attack vector is likely the work of an internal actor, especially in the case of SCADA systems. This is due to the fact that Office 2013 has already been patched against CVE-2014-4114," the company said.

 

"The only two options to carry out the attack are to target a victim's machine that was not patched, or get an internal employee to accidentally or deliberately execute the infected Excel documents causing the malware to propagate inside the network.

 

"At this point it would be highly unlikely that organisations have not deployed the patch against CVE-2014-4114, thus the most likely conclusion is use of an internal actor."

 

Yeah you'd think that, but you might be surprised by what the real world has to say about patchwork patching.

BlackEnergy has been a bother since 2007, and has mostly been used against state targets. SentinelOne is betting on an official bad guy here.

 

"We're confident that a particular government is well aware of this new attack and is actively participating in the development of its core code/plugins," the firm added.

 

Ukrainian utilities firms were hit in an attack earlier this month, and a finger was pointed at BlackEnergy. Again, the activity looked state sponsored, selective and sophisticated.

 

"We have discovered that the reported case was not an isolated incident and that other energy companies in Ukraine were targeted by cyber criminals at the same time," said security firm ESET.

 

"Furthermore, we found out that the attackers have been using a malware family on which we have had our eye for quite some time now: BlackEnergy.

"Specifically, the BlackEnergy backdoor has been used to plant a KillDisk component onto the targeted computers that would render them unbootable."

 

Article source

Link to comment
Share on other sites
  • Views 597
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...