Russian BlackEnergy Malware Story Hidden by White House Breach

Sue Marquette Poremba
Slide Show

IT Industry Shellshocked in Q3: How to Plan for What's Next

It was announced yesterday that White House computers were hacked, most likely by Russian hackers. White House officials have stated that it was non-classified computers that were attacked and there is no cause for alarm. As Government Technology pointed out, staffers were given the typical “change your password” advice, and little else.

In terms of national security, the good news is that it is likely no government secrets were revealed. Should we be concerned that hackers were able to infiltrate what should be the safest networks in the country? Perhaps, but we shouldn’t be surprised that it happened. As Zach Lanier, senior security researcher at Duo Security, told me in an email:

U.S. government and defense networks are often the target of attackers—and the White House is without a doubt very high on that list, regardless of the breached network reportedly being "unclassified." Everyone from hacktivists to foreign intelligence agencies have sought after access to these networks and systems, so this intrusion isn't a huge surprise.

White House

However, what the White House attack shows is that even when we think security is top-notch, networks are still vulnerable. And remember, non-classified networks are not going to have the level of security that classified networks have. When the classified networks are breached, then we will have a very different, very disturbing security story to worry about. Suffering a security incident is going to happen to even the best network sooner or later, considering there are more than 117,000 attacks of some sort per day.

So while it is a concern, the White House breach isn’t as huge a deal as it might sound. It was the location of the breach and the Russian connection that made it news. On the other hand, getting less airplay and probably more significant is that a piece of malware that is attacking government entities outside the U.S. has been found on networks of  U.S.-based SCADA industrial control system suppliers. According to SC Magazine, no activity to disrupt processes has been discovered:

[T]he US Government's ICS-CERT (Computer Emergency Response Team) revealed that users of industrial systems made by GE, Advantech and Siemens have all been infected by Russian BlackEnergy malware, in a campaign that stretches back at least three years and is ongoing.


SCADA systems are used to monitor industrial processes that include the critical infrastructure, like nuclear power plants. This could be a more important story that has been buried because it isn’t as sexy as a White House hit. But these are the types of incidents that we need to start paying more attention to.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.