Security Alerts & News
by Tymoteusz A. Góral

History
#880 IRONGATE ICS malware: Nothing to see here... masking malicious activity on SCADA systems
In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE.

FLARE found the samples on VirusTotal while researching droppers compiled with PyInstaller — an approach used by numerous malicious actors. The IRONGATE samples stood out based on their references to SCADA and associated functionality. Two samples of the malware payload were uploaded by different sources in 2014, but none of the antivirus vendors featured on VirusTotal flagged them as malicious.

Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed that IRONGATE is not viable against operational Siemens control systems and determined that IRONGATE does not exploit any vulnerabilities in Siemens products. We are unable to associate IRONGATE with any campaigns or threat actors. We acknowledge that IRONGATE could be a test case, proof of concept, or research activity for ICS attack techniques.

Our analysis finds that IRONGATE invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community.
Read more
#887 Updated CryptXXX ransomware big money potential
#886 NTP patches flaws that enable DDoS
#885 WordPress patches 0-day in WP Mobile Detector plugin
#884 Does your website suck on mobile? Find out using Google's free new tool
#883 Ransomware as a service, inside an organized Russian ransomware campaign (PDF)
#882 FastPOS: Quick and easy credit card theft
#881 Marcher mobile bot adds UK targets, steps up banking fraud capabilities
#880 IRONGATE ICS malware: Nothing to see here... masking malicious activity on SCADA systems
#879 Stop Facebook tracking you across the web, change these settings
#878 Facebook’s new DeepText AI understands almost everything we write
#877 Hacked TeamViewer users 'careless' in personal security
#876 FireEye: Organisations should stop playing malware whack-a-mole
#875 ​Former cyber defence head: Ethics should be at the core of cybersecurity
#874 Dropbox smeared in week of megabreaches
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12