Brian Krebs at the Washington Post’s Security Fix has more detail on a recent utility hack and some grim predictions for 2007 Microsoft Office.
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. This PowerPoint file, which resembled an innocuous version that was being forwarded around the Web by many sentimental e-mail users, had been modified to include a Trojan horse program designed to open a secret backdoor into the utility’s internal computer network.
The company called in to investigate the attack, Verisign‘s iDefense Labs in Sterling, Va., also found two separate Microsoft Word files on computers inside the company’s network that had also been tainted with malicious software code designed to give attackers control over the machines. None of the files were detected as malicious by the anti-virus software used by the company.
Read the whole post for the Office predictions and assessment this came from a Chinese hacking group for hire.
That final sentence in the excerpt is very troubling as anti-virus is the last line of defense on many SCADA workstations and servers today. Clearly a PowerPoint file with “holiday illustrations and heartwarming reflections” has no business being on a control center network, but can we rely on 100% good judgement by SCADA operators and engineers even with a rigorous security awareness program?
The bigger risk is a more directed attack. For example, an adversary places the Trojan in an Office document that appears to be a valid document from a SCADA vendor. Maybe the vendor is penetrated and the Trojan is in a useful document from the vendor.