01.07.2015 14:10

Researchers from Kaspersky Labs, at their annual Security Analyst Summit (SAS), presented detailed findings of pervasive malware and embedded surveillance tools that have largely gone undetected for over a decade.  The report implies that the surveillance tools were developed and deployed by the US National Security Agency. 

Some of the more startling revelations were:

• A program to systematically penetrate and map air-gapped systems
• Malware operating at the firmware level that enabled discovery of encryption keys, cracking encryption algorithms and that could remain in place through an operating system reinstall
• Malware that replaced hard-drive firmware to create a secret storage area on a hard disk that would survive drive reformatting
• Some of this malware has existed since around 2001 and has gone undetected until now

What is new in this report is the extent to which these tools were aimed at non-IT assets.  Much of the report details efforts to penetrate air-gapped systems and other industrial control and critical infrastructure systems. 

These findings raise some interesting, and troubling questions for the CyberSecurity industry, and specifically for those of us developing the systems used in industrial automation, factory control and other critical operations.  Chief among them is; what are we doing to protect our systems?

Read the entire article here 

mag.electronics-eetimes.com