Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Does SFG malware has enough smarts to target SCADA systems?

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 19, 2016

According to internet security firm Damballa, specific malware aimed at the core of power plants spread around the world is nothing of the sort.

The Damballa analysis claims the SFG malware is run-of-the-mill code without sufficient smarts to target SCADA systems.

The so-called SFG malware is the spawn of Furtim, and hit headlines as targeting industrial control systems when all it does is creates backdoors for regular data exfiltration and payload dropping.

This is a small reference to the Stuxnet Virus which reared its ugly head in 2012 and also in 2013.

Security firm SentinelOne Labs also found SFG and said it spotted the code infecting systems owned by a European energy company. SentinelOne said those attacks looked like the work of a nation-state. Think of Iran...

But Damballa says the malware is a regular financially-driven menace that lacks SCADA (supervisory control and data acquisition) targeting, the kind that Siemens is best known for.

"SFG is just another so-called Furtim build," Damballa researchers added. "There is no code specific to attacking industrial control systems or SCADA systems.

"To be sure, SFG does not appear to be a nation-state operation (at least not for now) and there is no specific threat to any particular sector."

SentinelOne has since backtracked on its claims after getting some criticism for its analysis, saying it does not have evidence that the malware was targeting SCADA systems.

"There has been a number of stories published since the posting of this blog that have suggested this attack is specifically targeting SCADA energy management systems," the company says in an update.

"We want to emphasise that we do not have any evidence that this is in fact the case. The focus of our analysis was on the characteristics of the malware, not the attribution or target," it added.

Comparison of the original post found in Bing's cache against the updated reveals claims that the targeted energy was European deleted, along with a footer marketing call that readers within the energy sector should reach out to the firm.

Researchers say it uses a 'kitchen sink' approach to detecting the sandboxes, honeypots, and analysis efforts of white hats in a "cobbled together" mash taken from years-old malware code.

Damballa finds the malware is also impressive in its use of the new 'fluxxy' fast flux infrastructure in which carding sites are built on a network of bot-ritten Russian and Ukrainian home computers that constantly shifts site IP addresses.

That fluxxy network powers malware campaigns including Carberp; Gozi ISFB; Pony; TeslaCrypt; GameOver ZeuS/Zbot, and Tinba.

"We should focus our intelligence efforts on mapping this fast-flux infrastructure and working with authorities to disrupt, degrade, and destroy it," Damballa added.

Source: SentinelOne Labs.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer