“While I noted that this type of stuxing would not require as much process knowledge as the classic Stuxnet attack, it is still a fairly sophisticated attack mode (at least until stuxing tools become readily available).”This evening I ran across an interesting Tweet ® that bears on that statement:
From @D1NI haven’t seen the Metasploit modules yet (actually I probably never will; after all, I wouldn’t know what to do with them in any case) but I doubt that they are really the ‘stuxing tools’ that I mentioned. They are almost certainly an important step to constructing such tools, and will probably be included in the tools, but they are not yet the tools.
“Finished testing all of the Siemens Simatic S7-300 and S7-400 aux modules for Metasploit. New attacks read/write/delete data blocks on PLC.”
Don’t get too comfortable, though. No telling what the blackhats are doing.
Posts
No comments:
Post a Comment