gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
74991 Posts in 13106 Topics by 2619 Members - Latest Member: rjvdmeijden December 06, 2016, 02:05:07 PM
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Ukraine Electric Grid Attack Techniques Revealed and Explained
gfx
gfxgfx
 

Author Topic: Ukraine Electric Grid Attack Techniques Revealed and Explained  (Read 463 times)

0 Members and 1 Guest are viewing this topic.

The first in-depth report on the Ukraine hack was published this morning by NERC's Electricity Sector Information Sharing and Analysis Center.
Infrastructure companies can use the report to perform gap analyses matching their defenses against the attack vectors that have now been clarified by the three top technical experts in industrial control systems security: Assante, Conway and Williams.
Given that level of expertise and transparency, regulatory agencies will quickly begin asking utility CEOs to demonstrate how they are closing the gaps that would make their companies vulnerable to life-changing power outages.
Without power, the economies and governments of developed countries would be immobilized. Suzanne Spaulding, DHS Undersecretary for National Protection concurs, saying she hopes the report will be a reality-check for US critical infrastructure owners. "I want ... [executives to say], 'what are we doing about this?'" to prevent similar attacks.

http://www.darkreading.com/vulnerabilities---threats/lessons-from-the-ukraine-electric-grid-hack/d/d-id/1324743

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Ukraine Electric Grid Attack Techniques Revealed and Explained
« Reply #1 on: March 25, 2016, 11:04:17 AM »
Quote
Like most targeted attacks, the Ukraine power grid attack began with a phishing email containing a malware-rigged attachment. In this case, Word Documents and Excel spreadsheets that when opened by users in the companies’ business network, dropped BlackEnergy3 malware

so.. once again... it was microsoft epic fail and pebkac...

Re: Ukraine Electric Grid Attack Techniques Revealed and Explained
« Reply #2 on: March 25, 2016, 09:00:31 PM »
couldn't a .zip file do the same?

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Ukraine Electric Grid Attack Techniques Revealed and Explained
« Reply #3 on: March 25, 2016, 11:23:36 PM »
if you found a flaw in the archive program that was used... still has to pop out of user space and into administrator to do anything effective tho... this is where microsoft epic fails

http://arstechnica.com/information-technology/2010/03/half-of-windows-flaws-mitigated-by-removing-admin-rights/

Quote
After tabulating all the vulnerabilities published in Microsoft's 2009 Security Bulletins, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights, according to a report by BeyondTrust. As for the published Windows 7 vulnerabilities through March 2010, 57 percent are no longer applicable after removing administrator rights. By comparison, Windows 2000 is at 53 percent, Windows XP is at 62 percent, Windows Server 2003 is at 55 percent, Windows Vista is at 54 percent, and Windows Server 2008 is at 53 percent. The two biggest exploited Microsoft applications also fare well: 100 percent of Microsoft Office flaws and 94 percent of Internet Explorer flaws (and 100 percent of IE8 flaws) no longer work.

(emphasis mine)

old article is old but the fact that, at least at its publication, 40 to 50% of flaws could bypass user is sickening (hence epic fail) but at least the browser and office suite is (was?) pretty well protected... disabling things like powershell (an apparent malware magnet that has no business being on a workstation) and wow64 (ability to run 32bit code on 64bit windows) would be good ideas... for starters...

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Ukraine Electric Grid Attack Techniques Revealed and Explained
« Reply #4 on: March 26, 2016, 03:17:34 AM »
...and after some research apparently only windows server 2008 actually allows disabling wow64 ... huge missed opportunity

Macro Blocking Now Available in Office 2016
« Reply #5 on: March 26, 2016, 09:32:27 AM »
Microsoft has added a feature to Office 2016 that allows enterprise
administrators to block macros from executing. The feature can be
configured for each application and is controlled through Group Policy.
It can be used to disable macros in documents that come from the
Internet zone.
http://www.theregister.co.uk/2016/03/23/ms_macro_blocking_tech/

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Ukraine Electric Grid Attack Techniques Revealed and Explained
« Reply #6 on: March 26, 2016, 11:33:43 AM »
Microsoft has added a feature to Office 2016 that allows enterprise
administrators to block macros from executing. The feature can be
configured for each application and is controlled through Group Policy.
It can be used to disable macros in documents that come from the
Internet zone.
http://www.theregister.co.uk/2016/03/23/ms_macro_blocking_tech/


took them long enough ... what about all the previous versions still in use tho?

Re: Ukraine Electric Grid Attack Techniques Revealed and Explained
« Reply #7 on: March 26, 2016, 08:30:43 PM »
i guess they want you to upgrade...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Ukraine Electric Grid Attack Techniques Revealed and Explained
 

gfxgfx
gfx
©2005-2016 WinMXWorld.com. All rights reserved.
SMF 2.0.12 | SMF © 2016, Simple Machines
Page created in 0.076 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!