SITUATIONAL AWARENESS ALERT - "HEARTBLEED" OPENSSL:
The following is a signature issued by several entities, including ICS-CERT to detect attempted attacks against the "Heartbleed" OpenSSL vulnerability. It is written using the SNORT PERL language for IDS/IPS signatures.
alert tcp any [!80,!445] -> any [!80,!445]
(msg:"FOX-SRT - Suspicious - SSLv3 Large Heartbeat Response";
content:"|18 03 00|"; depth: 3;
byte_test:2, >, 200, 3, big;
byte_test:2, <, 16385, 3, big;
threshold:type limit, track by_src, count 1, seconds 600;
reference:cve,2014-0160; classtype:bad-unknown; sid: 1000000; rev:4;)
EUROPE TRAINING UPDATE:
The next 5-day Advanced course for Europe will be offered June 16-20, 2014 at the Mercure Den Haag Centraal. Registration is being handled with my Training Partner clicking here. Space is limited, so register now.
SCADAhacker was conceived with the idea of providing relevant, candid, mission-critical information relating to industrial security of Supervisory Control and Data Acquisition (SCADA), Distributed Control (DCS) and other Industrial Control Systems (ICS) in a variety of public and social media forums. Since its launch in December 2011, SCADAhacker now has thousands of readers and followers from over 50 countries around the world, making it one of the leading sources for information sharing and knowledge development specifically devoted to industrial security.
The idea is simple - provide a single point of contact for a wide range of readers covering multiple industry segments for everything related to industrial security.
|INTENDED AUDIENCE||INDUSTRY SECTORS|
An important aspect of cyber security for critical infrastructure protection focuses on a basic understanding and awareness of real-world threats and vulnerabilities that exist within the industrial automation and control system architectures used in most process industries and manufacturing facilities. These issues face the Distribution Control Systems (DCS) and Supervisory Control and Data Acquisition Systems (SCADA) that comprise most industrial environments, and impact not on the common IT infrastructure like Windows-based computers and network appliances (switches, routers and firewalls), but also embedded "proprietary" equipment such as programmable logic controllers (PLC), remote terminal units (RTU), intelligent electrical device (IED), basic process controllers (BPCS, safety instrumented systems (SIS), operator panels, and ancillary systems that are the basis of most integrated ICS architectures.
One key objective of the SCADAhacker website is to provide vital information that helps visitors understand and secure ICS systems used within most process and manufacturing environments. SCADAhacker provides visitors with a comprehensive collection of security-related resources including tools commonly used to secure and test ICS architectures, information on the latest threats, vulnerabilities, and exploits that exist for ICS architectures, and a comprehensive library of the latest in standards, best practices, guidelines, and ICS-related information that can be used to help improve the security of any ICS system.
Some of the research performed during work on the second edition of "Industrial Network Security" by Eric Knapp and Joel Langill has confirmed some "eye opening" facts that industrial systems are gaining the attention of not only security researchers, but also potential attackers. Data obtained from the Open-Source Vulnerability Database (OSVDB) shows that through the end of 2013, 80% of all ICS vulnerabilities have been disclosed since 2011 - the year following the discovery of Stuxnet. The OSVDB database currently tracks a total of 790 ICS vulnerabilities, with 57 added in 2014. The days of "security by obscurity" are gone, and it is now time to realize the importance of implementing security programs specifically tailored for industrial systems and the operational technologies they utilize.
Several dashboards are now available that provide visitors
with a real-time look into the global security landscape
looking at current threat intelligence, the vectors used to
launch attacks, as well as the origin of leading threat
In addition to an extensive library of online information, SCADAhacker also offers public and private awareness and advanced training programs to learn, improve and apply the skills needed in industry today - those skills necessary to specify, design, assess, correct, monitor and maintain vitial industrial automation and control systems.
SCADAhacker is organized into several categories as described below.
|ADVANCED CYBER SECURITY TRAINING|
|One of the biggest challenges facing industry is the shortage of resources that understand not only traditional IT security concepts, but possess knowledge of the design and operation of industrial control systems. An extensive training curriculum is available to improve the knowledge of your team in both offensive (assessments and penetration) and defensive (security controls and audits) roles, covering basic awareness workshops to complete build-assess-secure courses specifically focused in ICS technologies.|
|Organizations, and even departments within organizations, possess varying levels of understanding with respect to industrial systems and how these operational technologies differ from more common information technologies. Experienced and inexperienced alike need to have easy access to relevant information regarding the latest standards, best practices and technologies available for Industrial security.|
|SECURITY RESEARCH TOOLS|
|Equally important to securing control systems from cyber threats is the research that takes place to both uncover and understand vulnerabilities and other latent weaknesses that could impact the availability of the control system and the manufacturing facility that it controls. A variety of software tools and environments are available to allow visitors to build test platforms and security labs upon which offensive research and defensive strategies can be analyzed.|
|ICS (DCS / SCADA) SECURITY SERVICES|
|Professional services are available to cover the complete lifecycle of control system security including risk assessment, risk classification, threat identification, security control selection, standards compliance, pre-commissioning testing, commissioning assistance, site audits and assessments. In 2014, a separate business entity is being created to support the increasing demand for specific services relating to ICS deployments. All services are performed using a unique "hard hat" approach to ICS security.|