Navigation Links
Dam it! Chinese Hackers Tangling with US Infrastructure Again?

New York, NY (PRWEB) May 07, 2013

Last week, The Washington Free Beacon reported the US Army Core of Engineers suffered a potentially devastating cyber intrusion and data breach which US Intelligence agencies say was a China-based cyber attack. And the booty? How about sensitive information related to the vulnerabilities of every major dam in the US, all roughly 8,100 of them. Joe Caruso, founder and CEO/CTO of Global Digital Forensics, talks about the dangers that these type of two-pronged cyber attacks that ultimately target SCADA (Supervisory Control and Data Acquisition) systems, which are an integral part of the US infrastructure, and how regularly and professionally performed cyber threat assessments and penetration testing can play a vital role in shoring up defenses against cyber intruders, both foreign and domestic.

Cyber-spies are everywhere.

“Success on the battlefield has historically favored the side that is technologically advanced. And when you boil down technology today, at the core you always find data. Designs, simulations, production machines, delivery systems, transportation control, weapons systems, robotics, finances, healthcare, space-based systems, engineering, communications, it’s all run on data, and that makes it one precious commodity. In a technology-reliant society like ours, that also makes it a prized target for a multitude of attackers, each with their own agenda. Some attackers are politically motivated, some are driven by pure greed, some by ego, some are thrill-seekers, and yes, for some it’s about shifting the balance of power on a grand scale by using chaos and mayhem as their tools of choice. And when it comes to SCADA systems and critical infrastructure, the latter can pose a monumental threat that could actually put real lives at stake. Focusing more attention and resources on these dangerous cyber threats has never been more important for US organizations essential to our daily way of life.”

An infrastructure hack - a cascade of access

“The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) database is not only a pretty scary situation, it could also serve as a text-book example of how a cyber attack on our infrastructure can be realized. Though details have not been revealed yet about the particulars of the initial intrusion, to date the most common form of initial entry is through a successfully executed phishing or spear phishing campaign. Getting just one person in the organization to click on a link leading to a malicious site or opening an infected attachment is all it takes to get the snowball started downhill. And that’s what’s highly frustrating, it’s cyber security awareness 101, and so many organizations we go into to perform cyber threat assessments seem to be trying to get ahead of themselves, worrying primarily about the super advanced threats, which only account for a small percentage of actual intrusions, while forgetting the basics which can stop 90% or better of the cyber threats they are faced with on a daily basis. After one person is compromised an intruder uses that foothold to gain further access in a number of ways, whether it’s by nabbing network credentials, gaining access to other employees, to different internal systems, to other employees, or just navigating from there to exfiltrate precious data, like the mother load in this case, a breakdown of vulnerabilities which can be put to destructive use in the future. It’s really a cascade effect for the intruder, as they gain more and more access every step of the way.”

What can an intruder do with access to a SCADA system?

“An attack on a SCADA system is about affecting critical system and machines in the physical world by taking over low level control and functions. Stuxnet was a famous example of what can be done when an intruder gains access to a SCADA system, a switch changed here, a setting changed there, and presto, they had the Iranian centrifuges spinning so fast they broke, setting their entire uranium enrichment program back almost to the starting blocks. Now imagine what a cyber warrior, state-sponsored or otherwise, could do with control of our dams and the trillions upon trillions of gallons of water they are holding back from populations across the country, not to mention all the hydroelectric power they generate. It could certainly fall into the chaos and mayhem category, that’s for sure.”

Assess, test, rinse and repeat

"Cyber attacks are not a once in a blue moon occurrence, they are a daily reality, and infrastructure targets are tantalizing morsels to a wide range of attackers. The world of cyber threats also never stands still, with hackers constantly honing their techniques and improving their payloads. That’s why regular cyber threat assessments and penetration testing are so important. What worked yesterday from a cyber security perspective may not work today, and will probably work even worse tomorrow."

"By establishing a regular routine of having experienced cyber security professionals like Global Digital Forensics assess the cyber threat landscape as it pertains to your particular organization and digital infrastructure, including advancements in technologies and how those new technologies are implemented and used internally, like smartphones and tablets, and regularly simulating real-world attacks with comprehensive penetrations testing, not only are weaknesses in the client’s cyber security posture revealed, but cyber security awareness for employees, managers and executive is substantially improved as well. And remember, even if you are not part of our nation’s critical infrastructure as an organization, you could very easily be used as a springboard for an attacker if they can gain access to your clients or vendors, who just may be the “in” an attacker needs to move on to bigger and better targets. So our collective safety is actually everyone’s responsibility that does business in our cyber world, making the real question, are you doing your part too?"

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit

Read the full story at

Source: PRWeb
Copyright©2012 Vocus, Inc.
All rights reserved

Related medicine news :

1. DNA Testing Finds Allergens, Toxins in Traditional Chinese Medicines
2. EB-5 Expert Brian Su Explores Chinese Inbound Investments in Southern California
3. Tai Chi increases brain size, benefits cognition in randomized controlled trial of Chinese elderly
4. San Francisco EB-5 Conference explores inbound Chinese investments
5. Chinese Drywall Complaint Center Now Demands Leadership From Obama & EPA, For Homeowners In Florida And In The US Southeast Stuck In Toxic Chinese Drywall Hell-Forward?
6. Feinstein Institute researchers discover that bean used in Chinese food could protect against sepsis
7. Chinese Herbal Medicine Can Reach into Prostate Gland and Treat Prostatitis Successfully As A New Option for Prostatitis Sufferers, States Wuhan Dr.Li's Clinic
8. Residents near Chinese e-waste site face greater cancer risk
9. Indoor air puts Chinese women nonsmokers at risk
10. Launch of Chinese-German Center for Bio-Inspired Materials at Mainz University Medical Center
11. Traditional Chinese Medicine Hospitals in China Industry Research Report – Now Available from IBISWorld
Post Your Comments:
(Date:10/13/2017)... ... 13, 2017 , ... Many families have long-term insurance that covers care for ... a waiver for care if the client has a cognitive impairment diagnosis. , ... care, is often waived, so the benefits from their insurance start immediately,” said Mechell ...
(Date:10/13/2017)... (PRWEB) , ... October 13, 2017 , ... Global Healthcare ... scenic Alexandria Park in Milford, NJ. This free event, sponsored by Global Healthcare ... activity. The fun run is geared towards children of all ages; it is ...
(Date:10/13/2017)... ... 2017 , ... Coveros, a leader in agile coaching services ... by the Center for Medicare and Medicaid Services (CMS). The Enterprise Agile Transformation ... Agile methodologies in a consistent and high value manner across CMS programs. Coveros ...
(Date:10/12/2017)... Del. (PRWEB) , ... October 12, 2017 , ... ... and advisory services for healthcare compliance program management, will showcase a range of ... National Association for Assisted Living (NCAL) Convention and Expo to be held October ...
(Date:10/12/2017)... ... October 12, 2017 , ... ... meet the demand of today’s consumer and regulatory authorities worldwide. From Children’s to ... and tested to meet the highest standard. , These products are also: ...
Breaking Medicine News(10 mins):
(Date:10/2/2017)... INDIANAPOLIS , Oct. 2, 2017  Eli Lilly ... its financial results for the third quarter of 2017 ... a conference call on that day with the investment ... performance. The conference call will begin at ... public can access a live webcast of the conference ...
(Date:10/2/2017)... Oct. 2, 2017 The Rebound mobile app is ... to reverse the tide of prescription drug addiction. The app ... medicine intake and stepping down their dosage in a safe, ... in December 2017; the first 100,000 people to sign up ... ...
(Date:9/27/2017)... -- Commended for their devotion to personalized service, SMP Pharmacy Solutions ... in the South Florida Business Journal,s 50 Fastest-Growing Companies, and ... the national specialty pharmacy has found its niche.  To that ... be honored by SFBJ as the 2017 Power Leader in ... receive his award in October, Bardisa said of the three ...
Breaking Medicine Technology: