|
Havex
Havex malware, also known as Backdoor.Oldrea, is a RAT employed by the Russian attributed APT group “ Energetic Bear” or “Dragonfly." Havex was discovered in 2013 and is one of five known ICS tailored malware developed in the past decade. These malwares include Stuxnet, BlackEnergy, Industroyer/CRASHOVERRIDE, and TRITON/TRISIS. Energetic Bear began utilizing Havex in a widespread espionage campaign targeting energy, aviation, pharmaceutical, defense, and petrochemical sectors. The campaign targeted victims primarily in the United States and Europe. Discovery The Havex malware was discovered by cybersecurity researchers at F-Secure and Symantec and reported by ICS-CERT utilizing information from both of these firms in 2013. The ICS-CERT Alert reported analyzing a new malware campaign targeting ICS equipment via several attack vectors and using OPC to conduct reconnaissance on industrial equipment on the target network. Description The Havex malware has two primary co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Watering Hole Attack
Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research.Symantec. Internet Security Threat Report, April 2016, p. 38 https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes. Defense techniques Websites are often infected through zero-day vulnerabilities on browsers or other software. A defense against known vulnerabilities is to apply the latest software patches to remove the vulnerability that allowed the site to be infected. This is assisted by users to ensure that all of their software is running t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Energetic Bear
Berserk Bear (aka Crouching Yeti, Dragonfly, Dragonfly 2.0, DYMALLOY, Energetic Bear, Havex, IRON LIBERTY, Koala, or TeamSpy) is a Russian cyber espionage group, sometimes known as an advanced persistent threat. According to the United States, the group is composed of " FSB hackers," either those directly employed by the FSB or Russian civilian, criminal hackers coerced into contracting as FSB hackers while still freelancing or moonlighting as criminal hackers. Four accused Berserk Bear participants, three FSB staff and one civilian, have been indicted in the United States and are regarded by the United States Department of Justice as fugitives. Activities Berserk Bear specializes in compromising utilities infrastructure, especially that belonging to companies responsible for water or energy distribution. It has performed these activities in at least Germany and the U.S. These operations are targeted towards surveillance and technical reconnaissance. Berserk Bear has also targeted ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Remote Access Trojans (RATs)
In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a smartphone), while being displayed on a separate client device. Remote desktop applications have varying features. Some allow attaching to an existing user's session and "remote controlling", either displaying the remote control session or blanking the screen. Taking over a desktop remotely is a form of remote administration. Overview Remote access can also be explained as the remote control of a computer by using another device connected via the internet or another network. This is widely used by many computer manufacturers and large businesses help desks for technical troubleshooting of their customer's problems. Remote desktop software captures the mouse and keyboard inputs from the local computer (client) and sends them to the rem ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Industroyer
Industroyer (also referred to as Crashoverride) is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. The attack cut a fifth of Kyiv, the capital, off power for one hour and is considered to have been a large-scale test. The Kyiv incident was the second cyberattack on Ukraine's power grid in two years. The first attack occurred on December 23, 2015. Industroyer is the first ever known malware specifically designed to attack electrical grids. At the same time, it is the fourth malware publicly revealed to target industrial control systems, after Stuxnet, Havex, and BlackEnergy. Discovery and naming The malware was discovered by Slovak internet security company ESET. ESET and most of the cybersecurity companies detect it under the name “Industroyer”. Cybersecurity firm Dragos named the malware “Crashoverride”. In 2022, the Russian hacker group Sandworm initiated a blackout in Ukraine using a varia ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trend Micro
is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and North America. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform. Eva Chen, who is the founder, currently serves as Trend Micro's chief executive officer, a position she has held since 2005. She succeeded founding CEO Steve Chang, who now serves as chairman. History 1988–1999 The company was founded in 1988 in Los Angeles by Steve Chang, his wife, Jenny Chang, and her sister, Eva Chen (陳怡樺). The company was established with proceeds from Steve Chang's previous sale of a copy protection dongle to a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ICS-CERT
The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad. Background The concept of a national Computer Emergency Response Team (CERT) for the United States was proposed by Marcus Sachs (Auburn University) when he was a staff member for the U.S. National Security Council in 2002 to be a peer organization with other national CERTs such as AusCERT and C ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows Trojans
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for servers, and Windows IoT for embedded systems. Defunct Windows families include Windows 9x, Windows Mobile, and Windows Phone. The first version of Windows was released on November 20, 1985, as a graphical operating system shell for MS-DOS in response to the growing interest in graphical user interfaces (GUIs). Windows is the most popular desktop operating system in the world, with 75% market share , according to StatCounter. However, Windows is not the most used operating system when including both mobile and desktop OSes, due to Android's massive growth. , the most recent version of Windows is Windows 11 for consumer PCs and tablets, Windows 11 Enterprise for corporations, and Windows Server 2022 for servers. Genealogy By marketi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Footprinting
Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system. When used in the computer security lexicon, "Footprinting" generally refers to one of the pre-attack phases; tasks performed before doing the actual attack. Some of the tools used for Footprinting are Sam Spade, nslookup, traceroute, Nmap and neotrace. Techniques used for Footprinting * DNS queries *Network enumeration *Network queries *Operating system identification Software used for Footprinting to get entity information Wireshark Uses of Footprinting It allows a hacker to gain information about the target system or network. This information can be used to carry out attacks on the system. That is the reason by which it may be named a Pre-Attack, since all the information ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Distributed Component Object Model
Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication between software components on networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure. The extension COM into Distributed COM was due to extensive use of DCE/RPC (Distributed Computing Environment/Remote Procedure Calls) – more specifically Microsoft's enhanced version, known as MSRPC. In terms of the extensions it added to COM, DCOM had to solve the problems of: * Marshalling – serializing and deserializing the arguments and return values of method calls "over the wire". *Distributed garbage collection – ensuring that references held by clients of interfaces are released when, for example, the client process crashed, or the network connection was lost. *Combining significant numbers of objects in the client's browser into a single transmi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SCADA
Supervisory control and data acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery. Explanation The operator interfaces which enable monitoring and the issuing of process commands, like controller set point changes, are handled through the SCADA computer system. The subordinated operations, e.g. the real-time control logic or controller calculations, are performed by networked modules connected to the field sensors and actuators. The SCADA concept was developed to be a universal means of remote-access to a variety of local control modules, which could be from different manufacturers and allowing access through standard automation protocols. In practice, large SCADA systems have grown to become very similar to distr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OLE For Process Control
Open Platform Communications (OPC) is a series of standards and specifications for industrial telecommunication. They are based on Object Linking and Embedding (OLE) for process control. An industrial automation task force developed the original standard in 1996 under the name OLE for Process Control. OPC specifies the communication of real-time plant data between control devices from different manufacturers. After the initial release in 1996, the OPC Foundation was created to maintain the standards. Since OPC has been adopted beyond the field of process control, the OPC Foundation changed the name to Open Platform Communications in 2011. The change in name reflects the applications of OPC technology for applications in building automation, discrete manufacturing, process control and others. OPC has also grown beyond its original OLE implementation to include other data transportation technologies including Microsoft Corporation's .NET Framework, XML, and even the OPC Foundation's ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Triton (malware)
Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017. It can disable safety instrumented systems, which can then contribute to a plant disaster. It has been called "the world's most murderous malware." In December 2017, it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia, were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system. In 2018, FireEye, a company that researches cyber-security, reported that the malware most likely came from the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a research entity in Russia. See also * Advanced persistent threat * Cyber electronic warfare * Cyber security s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
.svg "Click for more on -> Windows Trojans"){kind=logo}
