Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran?
-
@cR0w I'm going to put on my tin foil hat for a second, but I occasionally wonder if security firms sometimes try to drum up PR like this to sell services.
@nerdpr0f I don't think that's tin foily, I thought it was understood that some of them do that. But what I don't get is how they specifically say the systems are vulnerable to attacks from Iran when they're open to attacks from anyone with minimal skillsets.
-
@cR0w I not so long ago encountered ICS systems just casually using Iranian public IP addresses instead of private IP addresses for internal communication soooooo??
@BabblingGeek That doesn't surprise me at all. Like how many Cisco networks out there are using IP space allocated to Chinese networks.
-
@nerdpr0f I don't think that's tin foily, I thought it was understood that some of them do that. But what I don't get is how they specifically say the systems are vulnerable to attacks from Iran when they're open to attacks from anyone with minimal skillsets.
@cR0w Eh, that's just contextualizing to make the risk seem more immediate. Everyone is worried about Iran right now, so it makes sense for articles intended to increase anxiety to be oriented around them.
-
@cR0w Eh, that's just contextualizing to make the risk seem more immediate. Everyone is worried about Iran right now, so it makes sense for articles intended to increase anxiety to be oriented around them.
@nerdpr0f whispers Iran is not a top concern of mine right now and I'm blue team for US critical infra.
-
@nerdpr0f whispers Iran is not a top concern of mine right now and I'm blue team for US critical infra.
@cR0w Fair enough, but a) I suspect that's probably not universal and b) I rather suspect this is more targeted at higher-level, budget-deciding folks.
-
@nerdpr0f I don't think that's tin foily, I thought it was understood that some of them do that. But what I don't get is how they specifically say the systems are vulnerable to attacks from Iran when they're open to attacks from anyone with minimal skillsets.
-
@cR0w Fair enough, but a) I suspect that's probably not universal and b) I rather suspect this is more targeted at higher-level, budget-deciding folks.
@nerdpr0f For sure. But it's so distracted boyfriend meme that it actually bugs me this time.
-
-
@nerdpr0f For sure. But it's so distracted boyfriend meme that it actually bugs me this time.
@cR0w All the AI crap has really drove home to me that the entire tech industry is just the distracted boyfriend meme 24/7. All of it.
-
-
-
-
@da_667 @cR0w @nerdpr0f I mean I think the point was that this is a pattern observed in the past by specifically these actors, and that in this moment, it's worth reconsideration.
Now granted, CISA does not cite their sources, but the claim was this exploitation was happening anew. And if it was similar to the CyberAv3ngers situation, they wouldn't be shy about claiming credit.
-
-
-
-
@da_667 @cR0w @nerdpr0f I mean I think the point was that this is a pattern observed in the past by specifically these actors, and that in this moment, it's worth reconsideration.
Now granted, CISA does not cite their sources, but the claim was this exploitation was happening anew. And if it was similar to the CyberAv3ngers situation, they wouldn't be shy about claiming credit.
@mttaggart @da_667 @nerdpr0f CISA appears to no longer be any more than three DOGE kids in a trenchcoat with a pile of cocaine. I don't expect citations from them anymore as I don't hardly trust them anymore. We can discuss some of that elsewhere when I get my brain in that mode, but there has been so much advice from CISA that appears to just be "Grok, search for Iran and rehash something to make it sound current and relevant."
-
@da_667 @rootwyrm @cR0w @nerdpr0f
oh like target!
some hvac vendor came in and thats how they got all their registers infected.yeah every time theres "big news"(tm) with nation state attackers everyone goes OH NO THEY CAN GO AFTER HYDRO AND POWER AND BANKS AND HOSPITALS
of course thats where they would go
all those verticals intentionally avoid security at nearly all cost all the time.
they're the lowest hanging fruit
-
@mttaggart @da_667 @nerdpr0f CISA appears to no longer be any more than three DOGE kids in a trenchcoat with a pile of cocaine. I don't expect citations from them anymore as I don't hardly trust them anymore. We can discuss some of that elsewhere when I get my brain in that mode, but there has been so much advice from CISA that appears to just be "Grok, search for Iran and rehash something to make it sound current and relevant."
-
@da_667 @rootwyrm @cR0w @nerdpr0f
oh like target!
some hvac vendor came in and thats how they got all their registers infected.yeah every time theres "big news"(tm) with nation state attackers everyone goes OH NO THEY CAN GO AFTER HYDRO AND POWER AND BANKS AND HOSPITALS
of course thats where they would go
all those verticals intentionally avoid security at nearly all cost all the time.
they're the lowest hanging fruit
@da_667 @rootwyrm @cR0w @nerdpr0f when i worked at sempra energy, one of the things i got to do was "vendor security reviews". that means doing assessments on shit rando business units wanted to buy or setup.
they would OPEN THE DISCUSSION with the phrase:
"tell me when youre done with your assessment, so we can file the risk acceptance forms".
meaning they had zero interest in the report, because they were gonna bypass it no matter what was in it
