Navigation Links
Dam it! Chinese Hackers Tangling with US Infrastructure Again?
Date:5/7/2013

New York, NY (PRWEB) May 07, 2013

Last week, The Washington Free Beacon reported the US Army Core of Engineers suffered a potentially devastating cyber intrusion and data breach which US Intelligence agencies say was a China-based cyber attack. And the booty? How about sensitive information related to the vulnerabilities of every major dam in the US, all roughly 8,100 of them. Joe Caruso, founder and CEO/CTO of Global Digital Forensics, talks about the dangers that these type of two-pronged cyber attacks that ultimately target SCADA (Supervisory Control and Data Acquisition) systems, which are an integral part of the US infrastructure, and how regularly and professionally performed cyber threat assessments and penetration testing can play a vital role in shoring up defenses against cyber intruders, both foreign and domestic.

Cyber-spies are everywhere.

“Success on the battlefield has historically favored the side that is technologically advanced. And when you boil down technology today, at the core you always find data. Designs, simulations, production machines, delivery systems, transportation control, weapons systems, robotics, finances, healthcare, space-based systems, engineering, communications, it’s all run on data, and that makes it one precious commodity. In a technology-reliant society like ours, that also makes it a prized target for a multitude of attackers, each with their own agenda. Some attackers are politically motivated, some are driven by pure greed, some by ego, some are thrill-seekers, and yes, for some it’s about shifting the balance of power on a grand scale by using chaos and mayhem as their tools of choice. And when it comes to SCADA systems and critical infrastructure, the latter can pose a monumental threat that could actually put real lives at stake. Focusing more attention and resources on these dangerous cyber threats has never been more important for US organizations essential to our daily way of life.”

An infrastructure hack - a cascade of access

“The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) database is not only a pretty scary situation, it could also serve as a text-book example of how a cyber attack on our infrastructure can be realized. Though details have not been revealed yet about the particulars of the initial intrusion, to date the most common form of initial entry is through a successfully executed phishing or spear phishing campaign. Getting just one person in the organization to click on a link leading to a malicious site or opening an infected attachment is all it takes to get the snowball started downhill. And that’s what’s highly frustrating, it’s cyber security awareness 101, and so many organizations we go into to perform cyber threat assessments seem to be trying to get ahead of themselves, worrying primarily about the super advanced threats, which only account for a small percentage of actual intrusions, while forgetting the basics which can stop 90% or better of the cyber threats they are faced with on a daily basis. After one person is compromised an intruder uses that foothold to gain further access in a number of ways, whether it’s by nabbing network credentials, gaining access to other employees, to different internal systems, to other employees, or just navigating from there to exfiltrate precious data, like the mother load in this case, a breakdown of vulnerabilities which can be put to destructive use in the future. It’s really a cascade effect for the intruder, as they gain more and more access every step of the way.”

What can an intruder do with access to a SCADA system?

“An attack on a SCADA system is about affecting critical system and machines in the physical world by taking over low level control and functions. Stuxnet was a famous example of what can be done when an intruder gains access to a SCADA system, a switch changed here, a setting changed there, and presto, they had the Iranian centrifuges spinning so fast they broke, setting their entire uranium enrichment program back almost to the starting blocks. Now imagine what a cyber warrior, state-sponsored or otherwise, could do with control of our dams and the trillions upon trillions of gallons of water they are holding back from populations across the country, not to mention all the hydroelectric power they generate. It could certainly fall into the chaos and mayhem category, that’s for sure.”

Assess, test, rinse and repeat

"Cyber attacks are not a once in a blue moon occurrence, they are a daily reality, and infrastructure targets are tantalizing morsels to a wide range of attackers. The world of cyber threats also never stands still, with hackers constantly honing their techniques and improving their payloads. That’s why regular cyber threat assessments and penetration testing are so important. What worked yesterday from a cyber security perspective may not work today, and will probably work even worse tomorrow."

"By establishing a regular routine of having experienced cyber security professionals like Global Digital Forensics assess the cyber threat landscape as it pertains to your particular organization and digital infrastructure, including advancements in technologies and how those new technologies are implemented and used internally, like smartphones and tablets, and regularly simulating real-world attacks with comprehensive penetrations testing, not only are weaknesses in the client’s cyber security posture revealed, but cyber security awareness for employees, managers and executive is substantially improved as well. And remember, even if you are not part of our nation’s critical infrastructure as an organization, you could very easily be used as a springboard for an attacker if they can gain access to your clients or vendors, who just may be the “in” an attacker needs to move on to bigger and better targets. So our collective safety is actually everyone’s responsibility that does business in our cyber world, making the real question, are you doing your part too?"

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.

Read the full story at http://www.prweb.com/releases/2013/Critical-Data-Breach/prweb10706819.htm.


'/>"/>
Source: PRWeb
Copyright©2012 Vocus, Inc.
All rights reserved

Related medicine news :

1. DNA Testing Finds Allergens, Toxins in Traditional Chinese Medicines
2. EB-5 Expert Brian Su Explores Chinese Inbound Investments in Southern California
3. Tai Chi increases brain size, benefits cognition in randomized controlled trial of Chinese elderly
4. San Francisco EB-5 Conference explores inbound Chinese investments
5. Chinese Drywall Complaint Center Now Demands Leadership From Obama & EPA, For Homeowners In Florida And In The US Southeast Stuck In Toxic Chinese Drywall Hell-Forward?
6. Feinstein Institute researchers discover that bean used in Chinese food could protect against sepsis
7. Chinese Herbal Medicine Can Reach into Prostate Gland and Treat Prostatitis Successfully As A New Option for Prostatitis Sufferers, States Wuhan Dr.Li's Clinic
8. Residents near Chinese e-waste site face greater cancer risk
9. Indoor air puts Chinese women nonsmokers at risk
10. Launch of Chinese-German Center for Bio-Inspired Materials at Mainz University Medical Center
11. Traditional Chinese Medicine Hospitals in China Industry Research Report – Now Available from IBISWorld
Post Your Comments:
*Name:
*Comment:
*Email:
(Date:5/26/2016)... ... ... MadgeTech will be showcasing its line of data logging products , ... MadgeTech headquarters. With products sold in more than 100 countries around the world, MadgeTech ... , In 2012, NASA strategically set up 17 RHTemp101A MadgeTech data loggers around ...
(Date:5/26/2016)... ... May 26, 2016 , ... An April Gallup survey found rising health care ... of Sun Health Senior Living (SHSL) may not share those same worries ... prescription copays for the year, while holding the line on increasing their contributions, including ...
(Date:5/26/2016)... ... May 26, 2016 , ... Leadership of ... today announced the organization has earned its ISO 13485 certification, indicating the company’s ... with all rules and policies associated with ISO quality standard 13485. , ...
(Date:5/26/2016)... ... 2016 , ... North Cypress Medical Center hosted its 9th Annual ... With the help of community partners, the event organizers raised $45,000 for the ... service members and their families through health, wellness, and therapeutic support. , A ...
(Date:5/26/2016)... FL (PRWEB) , ... May 26, 2016 , ... The ... of events featuring guest speaker Dr. Adonis Maiquez MD, ABAARM. Dr. Adonis , ... and Regenerative Medicine, and a member of the Institute for Functional Medicine. , He ...
Breaking Medicine News(10 mins):
(Date:5/25/2016)... 25, 2016 Digital Health Dialog, LLC ... by the US Patent and Trademark Office of ... proprietary processes for electronic opt-­in and processing of ... programs, HIPAA compliance and otherwise. Logo - ... "Our technology allows for individuals to ...
(Date:5/24/2016)... 24, 2016 Niederländische Chirurgen ... die es Ärzten erlaubt, ihre Expertise weltweit zu ... kombiniert Live Streaming mit einer Instant-Messaging-Funktion und der ... Mediziner in Europa, Afrika, Asien und den ... die Plattform registriert. Information und Weiterbildung   ...
(Date:5/24/2016)... May 24, 2016  Diana Russell suffers from a ... from the inside out.  This disease has put her ... her children and grandchildren to leave her home.  Because ... family cannot haul the wheelchair.  So if there is ... and Diana is left to wait for the bus. ...
Breaking Medicine Technology: