Whitelisting project helps industrial control systems owners find suspicious files

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/article/2854434/whitelisting-project-helps-industrial-control-systems-owners-find-suspicious-files.html

By Lucian Constantin
IDG News Service
Dec 2, 2014

Industrial control systems have been at the center of some scary security 
stories recently, but investigating malware infections in such 
environments isn't easy because analysts often having a hard time telling 
good files from suspicious ones.

Security researchers have identified two malware campaigns this year that 
targeted SCADA (supervisory control and data acquisition) systems -- Havex 
and BlackEnergy. Such attacks are expected to grow in number, as new 
reports show that state-sponsored hackers are increasingly interested in 
critical infrastructure companies.

A newly launched service called WhiteScope provides industrial control 
system owners and investigators with a list of good files from SCADA 
products and related software. The "whitelist" can be used to pin down 
potentially suspicious files when investigating possible compromises.

"While participating in a few incident response engagements, I realized 
it's fairly difficult to know what is a 'legitimate' ICS/SCADA file and 
what is not," Billy Rios, the security researcher who created the new 
service, said on the WhiteScope site. "Given the overwhelming majority of 
ICS/SCADA vendors refuse to sign their software, we're stuck with 
determining whether files like 'FTShell.dll' or 'WFCU.exe' (both 
legitimate files by the way) are really supposed to be there."

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/