Tolerância a intrusões e diversidade na prática

Navy Diversifies Ships' Cyber Systems to Foil Hackers
IEEE Spectrum online

Cyber attacks could prove just as deadly to technologically advanced warships as missiles and torpedoes in the future. That is why the U.S. Navy has been developing a defense system to protect its ships against hackers who threaten to disable or take control of critical shipboard systems.

The Resilient Hull, Mechanical, and Electrical Security (RHIMES) system aims to prevent cyber attackers from compromising the programmable logic controllers that connect a ship’s computers with onboard physical systems. RHIMES uses slightly different versions of core programming for each physical controller so that a cyber attack can’t disable or take over all shipboard systems in one fell swoop.

“In the event of a cyber attack, RHIMES makes it so that a different hack is required to exploit each controller,” said Ryan Craven, a program officer of the Cyber Security and Complex Software Systems Program in the Office of Naval Research, in a press release.“The same exact exploit can’t be used against more than one controller.”

SYNful Knock: backdoor para routers

Mais desenvolvimentos sobre a backdoor SYNful Knock para routers Cisco. Vários routers com a backdoor foram descobertos pelo mundo fora:

Malicious Cisco router backdoor found on 79 more devices, 25 in the US

The highly clandestine attacks hitting Cisco Systems routers are much more active than previously reported. Infections have hit at least 79 devices in 19 countries, including an ISP in the US that's hosting 25 boxes running the malicious backdoor.

That discovery comes from a team of computer scientists who probed the entire IPv4 address space for infected devices. As Ars reported Tuesday, the so-called SYNful Knock router implant is activated after receiving an unusual series of non-compliant network packets followed by a hardcoded password. By sending only the out-of-sequence TCP packets but not the password to every Internet address and then monitoring the response, the researchers were able to detect which ones were infected by the backdoor.

satlink hijacking

It's Turla Hackers | Satellite Turla Still Alive And Hiding In The Sky

Law enforcement agencies, with the help of leading IT security providers, are keen on blocking all the malware Command & Control servers they find. Sometimes, they efficiently shut down massive botnets by putting their controlling structure out of business. But one of the most advanced threat actors is still out there.

One of the reasons for Turla’s success, besides the group’s obvious professionalism, is their ability to hide the ends – namely, the above-mentioned C&Cs. Research by Kaspersky Lab experts reveals that they’re achieving this using a trick known as satlink hijacking – a technique this Russian-speaking group has been using since 2007. It involves exploiting the vulnerability of asynchronous satellite internet connections to sniff traffic, distilling the IP addresses of satellite subscribers. All the attackers need then is to set up their servers with the same IPs, configure these addresses into their malware and, after a successful infection, wait for its call for C&C.

artigo original