Received the following email, kindly advise (1) if this is for real (2) is there anything we need to to ensure we safe, we currently run Sophos AV for our 60 odd XP/Windows 7 PC's and Server 2003,
From: ID EMEA [mailto:ID_EMEA@mail.vresp
Sent: Thursday, 17 February 2011 1:11 a.m.
Subject: Night Dragon - Remote Control of your Control System?
McAfee has released a report describing a new Advanced Persistent Threat they dubbed “Night Dragon.” The attackers were able to take remote control of assets they compromised. In this attack, though, the motive was not sabotage, but the theft of competitive intelligence. What is distressing is that while the adversary behind the attack seems very capable, the technology of the attacks was not very sophisticated. These adversaries were able to take over control system assets and energy-industry infrastructure using fairly unsophisticated “remote administration” toolkits.
Why Night Dragon Matters
Night Dragon demonstrates that simple techniques, applied by a skillful and persistent adversary, are enough to break into energy-sector firms, even to the extent of compromising their control system assets. Worse, the tools used by these adversaries let them take complete control of compromised machines, through remote-desktop-like facilities. Night Dragon used these tools to steal valuable information, but could just as easily have used them to take control of the user interface on any machine they compromised, including the control system assets.
The McAfee report doesn’t say it outright, but it seems very likely that this same adversary could have taken over and sabotaged the physical processes behind the control systems they compromised, if they had been given that objective. The team had remote control of all the control system assets they compromised, and a remote-control tool on a computer with HMI capabilities gives the attacker control of the physical process through the HMI.
Read more at our blog "Findings from the Field" http://findingsfromthefield.com/?p=725
What Needs to be Done
How do we prevent persistent adversaries using well-understood attack tools from taking over our control systems? The answer is a defense-in-depth security posture. In fact, since the Night Dragon APT was focussed entirely on remote control, protecting against that threat is somewhat easier than protecting against the USB-capable and S7-project-infecting Stuxnet:
Find our comments on how best to protect your Critical Control Systems here http://findingsfromthefield.com/?p=725
Forward this message to a friend
If you would like any further information, or would like to discuss how we could help you to ensure your organisation is protected against this type of attack, please contact me.
European Sales Director
Direct: +44 (0)1933 419866
Mobile: +44 (0)7880 528350
Industrial Defender, Inc.
The Global Leader in Automation System Security Management
Industrial Defender, Inc.
16 Chestnut Street - Suite 300
Foxborough, MA USA 02035