Grid Security Is Top of Mind in 2016 – NERC CIP and the Ukrainian Grid Attack

posted by: and on February 5, 2016 2:00 PM

filed in: Cybersecurity, Malware
tagged: ,

The discussions around electric grid cybersecurity in 2016 have already started off with a lot of buzz with two important industry developments in play.

The first is around the NERC CIP regulation. With just a few months left until the NERC CIP version 5 enforcement deadline of April 1, 2016, many utilities subject to the regulation are scrambling to put their remaining provisions in place to ensure that they meet their compliance obligations. We’ll know soon enough how industry fares. However, if that weren’t enough on the regulatory side, on January 21, FERC released Order 822, which basically explains how they approved version 6 of the NERC CIP standards. It’s a bit too much to get into the details of Version 6/Order 822 here; but, basically, new compliance considerations have emerged around supply chain security, transient electronic devices, inter-control center communications, remote access, and low-impact external routable connectivity (LERC). Phew! It’s clear utilities will be very busy in 2016 on the compliance side. …Continue reading

Channel Scoop – February 5, 2016

posted by: on February 5, 2016 9:00 AM

filed in: Channel Scoop, Partners
tagged: , , ,


Sit back and relax. Let us do the information gathering and give you the channel scoop.

1454466819106 …Continue reading

T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques

posted by: and on February 4, 2016 1:00 PM

filed in: Malware, Threat Prevention, Unit 42
tagged: , , ,

Most custom backdoors used by advanced attackers have limited functionality. They evade detection by keeping their code simple and flying under the radar. But during a recent investigation we found a backdoor that takes a very different approach. We refer to this backdoor as T9000, which is a newer variant of the T5000 malware family, also known as Plat1.

In addition to the basic functionality all backdoors provide, T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users. The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed. It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher. …Continue reading

Older posts →