Havex Trojan Help Hackers Target Critical Infrastructure SCADA Systems

By CIOReview | Monday, June 30, 2014
905
1615
336

NEW YORK, NY:  The Department of Homeland Security (DHS) is tasked with helping maintain the safety and continuity of the nation’s critical infrastructure. So it is a big deal when they issue an alert about a coordinated cyber attack which could jeopardize Industrial Control Systems (ICSs), like they did on Wednesday, June 25th, about a Remote Access Trojan (RAT) malware package known as Havex.

“We are past the days when cyber security was strictly considered an in-house issue. The reality today is that every “trusted” entity you deal with in the digital world should be checked out as far as their cyber security posture too, because like Havex shows, if hackers can infiltrate any one of your “trusted” suppliers, vendors, application providers, or any other entity you share digital information and/or assets with, enemies can covertly find their way inside the gates to do as they please,” says Joe Caruso, founder and CEO/CTO, Global Digital Forensics (GDF.)

“SCADA systems (Supervisory Control and Data Acquisition) of critical infrastructure targets are tantalizing for hackers in many arenas, from state-sponsored saboteurs from other nations looking for a cyber-warfare advantage, to activists trying to make a political or ideological statement, or even a lone wolf hacker just looking for some notoriety in underground hacker circles, and by compromising a system or network of a vendor, partner or other entity doing business with our infrastructure organizations, they can get their foot in the door for full access even if the targeted organization has gone through great pains and resources to secure their digital assets. Our experts can help clients not only test and secure their own networks, systems and devices, but can also significantly raise awareness as to potential problems they may be facing from those other trusted outside entities they are involved with, and we can help review any cyber security documentation, policies and procedures they have to spot dangers and deficiencies before it’s too late,” stated Caruso.