Tag Archives: ics_sec

Uh-Oh Cyber-News: Infect a Friend, Rebooting Boeings, No-Authentication Holes, and More.

Hi folks!

Herewith, the next installment in my ‘Uh-oh Cyber-News’ column – the one in which I keep you up to date with all that’s scarily fragile and frailly scary in the digital world.

Since the last ‘Uh-oh’ a lot has piled up that really needs bringing to your attention. Yep, the flow of ‘Uh-ohs’ has indeed turned from mere mountain-stream trickle to full-on Niagara levels. And that flow just keeps on getting faster and faster…

As a veteran of cyber-defense, I can tell you that in times past cataclysms of a planetary scale were discussed for maybe half a year. While now the stream of messages is like salmon in spawning season: overload! So many they’re hardly worth mentioning as they’re already yesterday’s news before you can say ‘digital over-DDoSe’. “I heard how they hacked Mega-Corporation X the other day and stole everything; even the boss’s hamster was whisked away by a drone!”…

Anyway, since the stream of consciousness cyber-scandals is rapidly on the up and up, accordingly, the number of such scandals I’ll be writing about has also gone up. In the past there were three of four per blogpost. Today: seven!

Popcorn/coffee/beer at the ready? Off we go…

1) Infect a Friend and Get Your Own Files Unlocked for Free.

Read on: Effective Hacker Headhunting…

Pleasant News from China.

Privyet all!

I’m lying low in MOW at the mo, but that doesn’t mean life comes to a standstill – far from it!

While I sit here in my office looking out the window at the falling snow, over in China, in the city of Wuzhen, the annual World Internet Conference is taking place (which I was at last year). And this year the organizers have decided to give awards to the best (in their opinion) cyber-projects. And guess who featured among the winners?!

Here’s congratulating all project members! Our solution for protecting industrial installations and critical infrastructure – KICS – won the award for ‘World Leading Internet Scientific and Technological Achievements’, alongside Tesla, IBM Watson and Alibaba!

The contest was entered by 500 companies, and we were in among the 15 winners – and the only one from the IT security field.

Finally, Our Own OS – Oh Yes!

At last – we’ve done it!

I’ve anticipated this day for ages – the day when the first commercially available mass market hardware device based our own secure operating system landed on my desk. And here she is, the beaut.

This unassuming black box is a protected layer 3 switch powered by Kaspersky OS and designed for networks with extreme requirements for data security.

And there’s plenty more in the pipeline where this came from too, meaning the tech will be applied in other Internet-connected bits of kit, aka the Internet of Things (IoT). Why? Because this OS just so happens to be ideal for applications where a small, optimized and secure platform is required.

Read on: Distinctive features…

One Small Step into Giant Industrial Security.

The other day, Innopolis – the hi-tech town just outside the city of Kazan, Tatartstan, 800 kilometers directly to the east of Moscow – became a “world center of industrial systems’ cybersecurity”.

I was here early this year marveling at the speed of its development and ambitiousness of its plans, all the while turning over its future prospects in my mind.

First of all, let me get all gushing in singing praises: I take my hat off to the determination and persistence of the local authorities, the assuredness of the partners and sponsors, and also the professionalism of the contractors and everyone else who played a part in making Innopolis a reality.

Innopolis was built from nothing in just three years according to a hi-tech concept for hi-tech companies: here there’s excellent infrastructure for both living and doing business, a special economic zone, university, and an international airport not far away.

The year-round conveniences and also the prices here are so attractive it could make you think about dropping everything and moving to Tatarstan at once! In the winter there’s downhill skiing, in summer there’s the golf course, in fall there’s mushroom picking in the surrounding forest, and all year round there’s fishing on the Volga. A 50m2 one-bedroom apartment costs a mere 7000 rubles (~$110) to rent and a two-bedroom apartment costs just 10,000 rubles (~$160), which has a lift going down to the underground parking, which incidentally also costs next to nothing – 1000 rubles per month (~$16). Also: the gym + swimming pool costs just 15,000 rubles a year (~$240)!

Moreover, everything is brand spanking new, shiny, modern, stylish and hi-tech – a far cry from its humble, rural/provincial surroundings.

There’s only one thing that spoils things: Innopolis is surrounded by ugly vacant lots and construction sites. Still – no omelet without the proverbial eggs – and it’s obvious that it’s not going to stay that way forever. It looks like it’ll soon either be built up with more swish residential buildings or just made pretty with landscaping, lawns or something else pleasing to the eye.

So, as you can see, it’s no wonder there’s a long line to get here to live/study/work.

DSC03300

Read on: One Small Step into Giant Industrial Security…

Uh-oh Cyber-News: The Future’s Arrived, and Malware Back from the Dead.

As always for this ‘column‘, I’ll be giving you a round-up of some of the most eek recent items of cybersecurity news, which might not have made the headlines but which are no less eek for that. And as usual, it’s all mostly bad news. There are still a few reasons to be optimistic though – but only a few. Eek!

Uh-oh Cyber-News Item No. 1: The Future’s Arrived.

news-1A screenshot from Blade Runner

Many authors like to fantasize about how things will be in the future. Often, science fiction writers come up with deep philosophical reflections upon man and his place in the Universe. There’s Russia’s Strugatsky brothers, there’s Philip K. Dick, and there’s Arthur C. Clarke (plus his ‘translator’ to the silver screen Stanley Kubrick), for example. And very often such deep philosophical reflection is rather bleak and scary.

Other times, the reflection is a little less deep and philosophical, but no less likely to one day lead to reality – in fact, oftentimes more so. This is where I make appearances!…

So. Back in the first decade of this century, during my presentations your humble servant liked to tell fun ‘scare’ stories about what could happen in the future. Example: a coffeemaker launches a DDoS attack on the fridge, while the microwave works out the factory PINs of the juicer so it can then show text-adverts on its digital display.

Fast forward less than a decade and such ‘sci-fi’ is coming true…

Read on: Computer worms rising from the dead…

Uh-oh Cyber-News: Infected Nuclear Reactors, Cyber-Bank Robbers, and Cyber-Dam-Busters.

Just a quick read of the news these days and you can find yourself wanting to reach for… a Geiger counter. I mean, some of the news stories are just so alarming of late. Or am I overreacting? Let’s see…

Uh-oh News Item No. 1: Apocalypse Averted – for Now. 

inews-1Photo courtesy of Wikipedia

It was reported that the IT system of Unit B of the Gundremmingen Nuclear Power Plant in Swabia, Bavaria, southwestern Germany – right on the 30-year anniversary to-the-day of the Chernobyl disaster (!) – had been infected by some malware. However, it was also reported that there’s no reason to worry at all as no danger’s being posed whatsoever. All’s ok; we can all sleep soundly; everything’s under control; the danger level couldn’t be lower.

After sighing a ‘pheewwwww’ and mopping one’s brow, you read further…

… And as you do, you get a few more details of the incident. And it does indeed seem all is ok: the background radiation level, after all, didn’t go up – that’s the main thing, surely. Right? But then you read further still…

And you find out that the (Internet-isolated) system that was infected happens to be the one that controls the movement of nuclear fuel rods. It’s here you stop, rub the eyes, and read that again slowly…

WHAAAAT?

Read on: Cyber-Spy-Novel-Worthy …

Get Your KICS en Route to Industrial Protection.

Hurray!

We’ve launched our KICS (Kaspersky Industrial CyberSecurity), the special cyber-inoculation against cyber-disease, which protect factories, power plants, hospitals, airports, hotels, warehouses, your favorite deli, and thousands of other types of enterprises that use industrial control systems (ICS). Or, put another way, since it’s rare for an enterprise today to manage without such systems, we’ve just launched a cyber-solution for millions of large, medium and small production and service businesses all around the world!

So what’s this KICS all about exactly? What’s it for? First, rewind…

Before the 2000s a cyberattack on an industrial installation was a mere source of inspiration for science fiction writers. But on August 14, 2003 in northeastern USA and southeastern Canada, the science fiction became a reality:

kaspersky-industrial-security-1Oops

Because of certain power grid glitches, 50 million North Americans went without electricity – some for several hours, others for several days. Many reasons were put forward as to the reasons behind this man-made catastrophe, including unkempt trees, a bolt of lightning, malicious squirrels, and… a side-effect from a cyberattack using the Slammer (Blaster) computer worm.

Read on: Hacked in 60 seconds…

Expo Marathon.

Right after the Mobile World Congress in Barcelona there was mad dash to get to Nuremberg for another exhibition – Embedded World.

This one is about automating all things that rotate, revolve, pull stuff up and down, heat and refrigerate, pump, chemically bond, move on wheels, float and fly, as well as ‘everything digital for men in orange helmets, and loads of other stuff like that. Big time cyber-industrialism!

cesna-nurnberg-milano-5

Read on: meetings, discussions, presentations…

How to help salmon breed.

There are all sorts of unusual phenomena in the world – both natural and manmade.

Sometimes they’re hunky dory and harmless, like horizontal waterfalls in Kimberley in Australia, manmade cascading falls at the Itaipu Dam, or the stunning sunsets on Santorini.

Other times they’re depressingly dreadful and destructive, like volcano eruptions, earthquakes and tsunamis.

There’s the static symmetry of mountains and volcanoes; there’s the slow and steady movement of things like tectonic plates, glaciers and snowcaps; and there’s the unpredictable though grimly inevitable things like avalanches and other such cataclysms. There are also freak, flash, or full-on floods, which come and go with intermittent regularity. Floods are what we get when the gods forget to turn the tap off when pouring a bath. So man has to intervene. He can’t get them to stop forgetting, so he has to design and construct large protective installations to drain water that’s just about to cause a flood – to make up for this godly absent-mindedness.

One place where heavenly amnesia occurs rather frequently is in the European part of Russia – just off the Gulf of Finland, especially around the delta of the river Neva. And by unlucky coincidence the city of St. Petersburg happens to be situated right there. This is a city known for its heroism, victories and imperial cultural heritage, but also, alas, water-caused catastrophes. Of the latter it’s had more than its fair share. For those interested – here.

Still interested? Then simply read the Bronze Horseman. It rules. It’s here btw, with plenty of commentary.

The short version:

St. Petersburgers naturally needed to do something about the flooding. Which is just what they did. Now, I’d heard about it before, but only recently did I finally get to see it in the flesh sun: around St. Petersburg there’s now a huge dam to protect the city from flooding. Pushkin’s poetic depictions of floods are now thankfully firmly a thing of the long-gone past – and good riddance.

Turns out, professional hydraulic designers and technicians scoff at the description ‘dam’ for this fantastic feat of engineering. They prefer: ‘complex of protective installations against flooding’. Doesn’t quite slip off the tongue, but if they insist, who am I to question it?

Now for a bit of technical data…

What was needed was a construction that would normally let reasonable amounts of water through from the Gulf of Finland into Neva Bay, but when catastrophically high waves come a-crashing in from the Baltic Sea would create a tall barrier to stop them causing a ruinous flood throughout the city. The installation also had to be able to let ocean-faring ships through on a daily basis, plus also not interfere with the delicate local marine ecology.

Plans to build the ‘dam’ were first made as far back as in the 19th century, but construction only started in 1979 (details – here). Then of course Communism finally arrived… and at the end of the 1980s construction was halted. Fast-forward to the early-2000s and the abandoned project was resuscitated, and in 2011 it was finally completed; and what they got was something truly damtastic!

I tried to find similar flood-control dams on the net but didn’t get very far. They’re all somehow a lot smaller in size. There’s one in London, one in Holland, one on the Elbe… But they’re all tiny compared to the whopping Russian 25-kilometer dam installation. Impressed I was.

There is one anti-flood installation that’s on a par – the one being built in New Orleans. When it’s completed it will be bigger; but for the moment the one in St.P is No.1!

To the layman who may encounter the construction, it’s simply a 25-km-long highway that crosses the Gulf of Finland from bank to bank, much like that one featured in Miami Vice that connects Miami to the Keys (which is much longer – but it ain’t no anti-flood installation:). Smooth tarmac, neat markings and signposts, entry and exit roads…: nice.

piter-damba-1

piter-damba-1-1

Read on: Oh My Genius!!…