Power grid hackers probably got inside by attacking PCs, says researcher
'Plenty of PCs have been compromised' in different industries, critical or not, says Roger Thompson
Computerworld - The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said today.
"Any computer connected to the Internet is potentially vulnerable," said Roger Thompson, chief research officer at AVG Technologies USA Inc. "Getting to the actual infrastructure devices directly -- that's always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised."
According to a report earlier today in The Wall Street Journal, unnamed national security sources said that hackers from China, Russia and elsewhere have penetrated the U.S. power grid, extensively mapped it, and installed malicious tools that could be used to further attack not only the electrical infrastructure, but others as well, including water and sewage systems.
The discoveries were made by U.S. intelligence agencies, not the utilities' security teams, the Journal said.
"I'm a bit bothered by all the anonymous sources [in the Journal story]: one unnamed source here and another unnamed source there," said Thompson. "But I think there's a high likelihood that it has a strong basis in fact. Any infrastructure device that's connected to the Net is potentially hackable."
It's more likely, he added, that the power-grid hackers exploited the same kinds of vulnerabilities -- but not the exact same bugs -- that have plagued consumers and businesses that run Microsoft Corp.'s Windows and its Office application suite.
"I have no doubt that there's been this kind of attack, or attempt to attack, for quite some time," said Thompson, "perhaps using the same kind of Office zero days that have been coming out." In security parlance, a "zero-day" exploit is one that leverages an unpatched vulnerability.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts