https://www.securityweek.com/report-dhs-requested-gas-pipeline-companies-let-attackers-lurk-inside-networks By Steve Ragan SecurityWeek.com May 07, 2012 According to reports, which were confirmed Friday by ICS-CERT, an active Phishing campaign is responsible for the U.S. Department of Homeland Security (DHS) issuing three warnings since the end of March that the natural gas industry has been under ongoing cyber attack. However, it’s the advice that the DHS is giving that should raise some red flags. The specter of a cyber attack against critical infrastructure is a reality, but not because the DHS is guarding the Internet, but because the networks running the critical infrastructure are so poorly protected. It’s gotten to the point that simple Phishing attacks, things that proper email protection and awareness training cover, rate three separate warnings and alerts. “Various sources provided information to ICS-CERT describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations. Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign. The campaign appears to have started in late December 2011 and is active today,” the CERT alert advised. As reported by the DHS though the Transportation Security Administration’s Office of Intelligence, the U.S. pipeline system is comprised of 161,189 miles of liquid pipelines with more than 200 operators; 309,503 miles of natural gas transmission pipelines with more than 700 operators; and 1.9 million miles of natural gas distribution pipelines with more than 1,300 operators. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Tue May 08 2012 - 02:19:54 PDT
This archive was generated by hypermail 2.2.0 : Tue May 08 2012 - 02:17:38 PDT