Contractors, mobile users pose threat to critical infrastructure
Web-based support forums — intended to help customers report and resolve problems — could be a breeding ground for viruses and spyware at critical infrastructure facilities, according to an industry expert, writes Threatpost’s Paul Roberts.
Concerns of devastating, wide-scale cyberattacks on the United States’ critical infrastructure have percolated throughout Congress and the media in the past decade as people speculate how enemies might try to launch an attack that rivals the 2001 terrorist attacks. Stuxnet is a prominent example of a virus that can wreak havoc at energy facilities.
Roberts writes that the industrial control systems expert found a case of a UK-based energy company that had its user forum site infected with malware. The Trojan sent users to Ukranian servers that then installed more malware on their computers. The expert analyzed a sampling of log files from online forums to find such malware, and he determined that the system vulnerabilities leave critical infrastructure providers at risk if a contractor or employee connects a compromised device to as secure network.
Connect with the GCN staff on Twitter @GCNtech.