http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/
By Dan Goodin
Ars Technica
June 24 2014
Corporate spies have found an effective way to plant their malware on the
networks of energy companies and other industrial heavyweights—by hacking
the websites of software companies and waiting for the targets to install
trojanized versions of legitimate apps.
That's what operators of the Havex malware family have done with aplomb,
according to a report published Tuesday by researchers from antivirus
provider F-Secure. Over the past few months, the malware group has taken a
specific interest in the types of industrial control systems (ICS) used to
automate everything from switches in electrical substations to sensitive
equipment in nuclear power plants. In addition to the normal infection
channels of spam e-mail, the malware operators have added a new
tack—replacing the normal installation files of third-party software with
tainted copies that surreptitiously install a remote access trojan (RAT)
on the computers of targeted companies.
"It appears the attackers abuse vulnerabilities in the software used to
run the websites to break in and replace legitimate software installers
available for download to customers," F-Secure researchers Daavid Hentunen
and Antti Tikkanen wrote. "Our research uncovered three software vendor
sites that were compromised in this manner. The software installers
available on the sites were trojanized to include the Havex RAT. We
suspect more similar cases exist but have not been identified yet."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
