http://www.computerworld.com/article/2854434/whitelisting-project-helps-industrial-control-systems-owners-find-suspicious-files.html
By Lucian Constantin
IDG News Service
Dec 2, 2014
Industrial control systems have been at the center of some scary security
stories recently, but investigating malware infections in such
environments isn't easy because analysts often having a hard time telling
good files from suspicious ones.
Security researchers have identified two malware campaigns this year that
targeted SCADA (supervisory control and data acquisition) systems -- Havex
and BlackEnergy. Such attacks are expected to grow in number, as new
reports show that state-sponsored hackers are increasingly interested in
critical infrastructure companies.
A newly launched service called WhiteScope provides industrial control
system owners and investigators with a list of good files from SCADA
products and related software. The "whitelist" can be used to pin down
potentially suspicious files when investigating possible compromises.
"While participating in a few incident response engagements, I realized
it's fairly difficult to know what is a 'legitimate' ICS/SCADA file and
what is not," Billy Rios, the security researcher who created the new
service, said on the WhiteScope site. "Given the overwhelming majority of
ICS/SCADA vendors refuse to sign their software, we're stuck with
determining whether files like 'FTShell.dll' or 'WFCU.exe' (both
legitimate files by the way) are really supposed to be there."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
