Critical Infrastructure: Hackers Successfully Target German Steel Mill

Uploaded on 2015-01-22 in BUSINESS-Production-Manufacturing, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers infiltrated a German steel mill and made it impossible to safely shut down a furnace, according to a German security report quietly published before the new year. The breach, which caused “massive” damage, marks just the second time a digital attack caused physical damage, highlighting growing fears that cyberwarfare will soon impact more than computers and networks.

German Steel MillFew specifics are provided in Germany’s Federal Office for Information Security report, first obtained by Wired, other than that the hackers obtained access via a spearphishing attack before quickly moving across a “multitude” of sensitive corporate networks. Who the hackers were, how long they were in the system, whether they intended to destroy the furnace and what, if any, other equipment they accessed all remains unclear.

“The know-how of the attacker was very pronounced not only in conventional IT security but extended to detailed knowledge of applied industrial controls and production processes,” said the German-language report, according to a Wired translation.

This hack comes after the U.S. and Israeli governments deployed the Stuxnet worm against the Iranian government, which is believed to have destroyed nearly one-fifth of the country’s uranium enrichment facilities used to make nuclear weapons. When that malware was discovered in 2010, cybersecurity experts warned that it would only be a matter of time before civilian infrastructure – like hospitals, banks, power grids or any number of possibilities – would be targeted by malicious actors.

“Countries realize that cyber espionage is a heck of a lot easier than anything else,” Chris Bronk, a former U.S. State Department official, told Ars Technica in 2012. “Now the question is: To what degree [will we have] malware that is designed to impact the physical world? When is that going to become a more widely utilized capability?”

http://cyberwar.einnews.com/article/243380090/40jq3CtBpWs7_wui

http://www.wired.com/2015/01/german-steel-mill-hack-destruction/

« How Fraud & Cyber Security Will Evolve in 2015
UK Police Radios will be killed soon, but is 4G really the Solution? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Security Affairs

Security Affairs

Security Affairs is a blog covering all aspects of cyber security.

Cyber Security Network

Cyber Security Network

Cyber Security Network provide specialist cyber security recruitment services.

Polyverse

Polyverse

Polyverse offers application security, zero-day defense, proactive cyber resiliency and more. Protect your critical applications with moving target defense.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Nonprofit Cyber

Nonprofit Cyber

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.