USAF Predator control systems compromised by malware

Following on from the very high profile targeted attacks such as the Stuxnet worm that was used to target Siemens supervisory control and data acquisition (SCADA) systems such as those used in Iranian nuclear facilities;

http://www.google.co.uk/search?aq=f&gcx=c&sourceid=chrome&ie=UTF-8&q=stuxnet

 

 

and the RSA security breach that impacted many businesses earlier this year;

http://blogs.rsa.com/rivner/anatomy-of-an-attack/

It has emerged that some USAF (United States Air Force) computer systems have been infected by malware.

While the reports of this state that is it likely to just be a keylogger and not something that is co-opting control of armed military drones, this should be seen as yet another wake up call – any network attached systems or any systems that allow storage devices (e.g. USB drives) to be connected are vulnerable to attack by malware.  I am sure from reading the previous section you have realised that this means pretty much every computer system..

Details can be found here;

http://nakedsecurity.sophos.com/2011/10/10/malware-compromises-usaf-predator-drone-computer-systems/

One particularly worrying comment from the story is around the fact that they are not sure if the malware has been wiped from the systems properly and that it keeps coming back.  Best practice is always to do a clean rebuild of any infected machines, especially something as critical as this!

In short, if high profile security vendors and supposedly secure military computers can be successfully attacked and gaps exploited this should be a wake up call to anyone who does not yet take the security of their systems and data seriously.

Oh, and if in any doubt – reinstall, don’t keep trying to clean the malware from the system!

K

Advertisements

Author: Kevin Fielder

Innovative and dynamic security professional, with a passion for driving change by successfully engaging with all levels of the business. I am a determined individual with proven ability to provide security insights to the business, in their language. These insights have gained board buy in for delivering security strategy aligned to key business goals. This is achieved by understanding the need to drive change through people, process and technology, rather than focusing exclusively on any one area. I take pride in being a highly articulate, motivational and persuasive team-builder. I have a strategic outlook with the ability to engage with and communicate innovative and effective security solutions to all levels of management. Along with a proven ability to translate security into business language and articulate the business benefits I am also passionate about leading security innovations and making security a key part of the business proposition to its customers. Security should be made a key differentiator to drive sales and customer retention, not just a cost centre! Outside of work I am a proud husband and father to an awesome family, and a passionate CrossFit coach and athlete.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s