Hackers Target Critical Infrastructure SCADA Systems with Havex Trojan

Know the threats you are facing in the cyber world

Know the threats you are facing in the cyber world

The Department of Homeland Security issued an alert regarding a remote access Trojan called Havex that is being used to target Industrial Control Systems. Global Digital Forensics’ founder offers some industry insight into how malware like Havex is introduced to a network and the importance of taking the time to check into the cyber security posture of vendors and other “trusted” business relationships which could become a gateway for attackers.

Wreaking “Havex”

The Department of Homeland Security (DHS) is tasked with helping maintain the safety and continuity of the nation’s critical infrastructure. So it is a big deal when they issue an alert about a coordinated cyber attack which could jeopardize Industrial Control Systems (ICSs), like they did on Wednesday, June 25th, about a Remote Access Trojan (RAT) malware package known as Havex. Joe Caruso, Global Digital Forensics (GDF) founder and CEO/CTO, hopes it serves as a wakeup call. “We are past the days when cyber security was strictly considered an in-house issue. The reality today is that every “trusted” entity you deal with in the digital world should be checked out as far as their cyber security posture too, because like Havex shows, if hackers can infiltrate any one of your “trusted” suppliers, vendors, application providers, or any other entity you share digital information and/or assets with, enemies can covertly find their way inside the gates to do as they please.”

New fears from old tricks

“When Stuxnet wreaked havoc on the Iranian nuclear program back in 2010 by causing their enrichment centrifuges to malfunction and set them back months, if not years, it showed what kind of crippling chaos can be unleashed when ICSs (Industrial Control Systems) are successfully targeted and attacked by hackers. It was only a matter of time before that same kind of power found its way to the doorstep of our own critical infrastructure industries as well. What should really get attention in this case is the fact that vendors were first infiltrated and the Havex malware was built right into the software they had available for download, giving them a back door into every infrastructure ICS that downloaded it. It may sound like a clever new tactic to the uninitiated, but it is just another classic watering hole attack that we see all the time. Trust is the weapon; unauthorized access and all the costly consequences that come with it are the aftermath,” warned Caruso.

Depending on luck is not an effective security strategy – Vetting a vendor’s cyber security posture is a much better idea

“SCADA systems (Supervisory Control and Data Acquisition) of critical infrastructure targets are tantalizing for hackers in many arenas, from state-sponsored saboteurs from other nations looking for a cyber-warfare advantage, to hacktivists trying to make a political or ideological statement, or even a lone wolf hacker just looking for some notoriety in underground hacker circles, and by compromising a system or network of a vendor, partner or other entity doing business with our infrastructure organizations, they can get their foot in the door for full access even if the targeted organization has gone through great pains and resources to secure their digital assets. That’s why is it essential today to find out how those outsiders’ security posture stacks up. Have regular vulnerability assessments been performed by experienced cyber security professionals? Has regular penetration testing been done to identify and rectify weaknesses in their security chain? Have applications been tested for unwanted malware and/or other vulnerabilities? Have deep scans been regularly performed to identify and neutralize any resident malware like rootkits and RATs? Do they have detailed documentation from trusted professionals to back up their claims? These are the things we do for our clients, and if an outside entity is to be trusted in today’s threat landscape, they should have to be up to snuff, and be able to prove it too,” said Caruso. “Our experts can help clients not only test and secure their own networks, systems and devices, but can also significantly raise awareness as to potential problems they may be facing from those other trusted outside entities they are involved with, and we can help review any cyber security documentation, policies and procedures they have to spot dangers and deficiencies before it’s too late.”

Experienced Cyber Security Experts

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics , cyber security and emergency incident response , with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.