Windows exploit puts critical infrastructure at risk
Sophos has issued new guidance and research on a Windows Zero Day vulnerability that is already being used to target critical infrastructure systems, and for which exploit code has been made widely available. The issue has also prompted the SANS Institute to take the uncommon step of raising its industry Infocon vulnerability alert level.
Termed the “CPLINK” vulnerability by SophosLabs, researchers have found that the vulnerability is present in all Windows platforms – including Windows 2000 and Windows XP SP2, both of which Microsoft ceased official support for this week.
Initially associated with removable USB storage devices, the CPLINK vulnerability requires no direct user interaction to deliver its payload, which Sophos has named the Stuxnet-B Trojan. Early versions of the malware have been programmed to seek out SCADA software (Supervisory Control And Data Acquisition) by Siemens Corporation, which is used in managing industrial infrastructures, such as power grids and manufacturing.
“It is very easy to exploit. All a user has to do is open a device or folder – without clicking any icon – and the exploit will run. Additionally, any criminal with the most basic of skills can take advantage of this flaw. It is also not hard to adapt beyond removable storage devices and add in different malicious payloads. With public exploit code available, this is only going to get worse,” says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
The issue was compounded by the revelation that default passwords, hard-coded into the Siemens SCADA system, have been widely available on the Net since 2008, and Siemens has issued guidance that operators should not change the passwords in response to close the exposure.
“Hackers have the passwords, yet providers are being told if they change the default settings they could put operations at risk. This raises more questions about the security of systems we rely on to keep us safe,” Myroff says.
Sophos has updated its protection for customers to detect the attacks that have been seen to date. While Microsoft races to fix the issue and has proposed somewhat drastic measures for interim protections, Sophos researchers have also posted alternative methods of system protection in addition to updated anti-malware.
Exdploiting Windows and SCADA security << comments and views
Loading ...