Rainblog

We live in the future. More specifically, we live in William Gibson’s cyberpunk future.

Microsoft has acknowledged the existence of a bug affecting ‘all versions of Windows’, that allows attackers to trigger execution of malicious software via a shortcut link. It’s a serious bug, and one that’s apparently ripe for exploitation.

The flaw is already being exploited, and experts predict more attacks will follow. What’s interesting, however, is that the first observed attacks using the exploit have an unusual goal. Instead of trying to turn the hijacked home or office PCs into spam relays, pestering their unlucky owners with ads, or trying to steal passwords and credit card numbers - the standard repertoire - the attack targeted systems used as controllers for industrial machinery. Moreover, according to information put out by Siemens, the goal of the malware wasn’t to disrupt the connected systems (a recurrent nightmare scenario in a world where heavy machinery and essential utilities are increasingly controlled by computers running mass-market OS’s), but to “steal secrets from manufacturing plants and other industrial facilities”.

Computer hackers using sophisticated malware to conduct corporate espionage? This is the stuff of cyberpunk fiction. The future’s so bright, we gotta wear mirrorshades.

This is a personal tumbleblog, intended for random musings and snippets. I have a somewhat more structured travel and photo blog at disoriented.net, and a neglected vanity site at raingod.com.

Zero-day exploit targets SCADA for espionage