Kaspersky named “Red October” this years top cybersecurity threat. Red October was a large scale cyber-espionage network that target various international diplomatic service agencies. This cyber-espionage network was used to analyze and reveal various aspects of the the global critical infrastructure. Initial it was thought that the network was largely focused on Eastern Europe and Central Asian countries recent disclosures have shown Red October was much more throughly developed and information derived from Red October was used to target Western Europe and the US. This included a recently disclosed shutdown of the turbine control system of a major US Electric generation facility.
The earliest evidence indicates that the cyber-espionage campaign was active since 2007 and is still active at the time of writing (January 2013). Besides that, registration data used for the purchase of several Command & Control (C&C) servers and unique malware filenames related to the current attackers hints at even earlier time of activity dating back to May 2007.
Over the past two years, an alarming number of headline-grabbing cyber attacks, viruses and data breaches have targeted critical infrastructure – Stuxnet, Flame, Shamoon, and Red October to name just a few.
These attacks have kept many organizations dealing in critical infrastructure on high alert. Recently, for example, researchers uncovered that the industrial control system used to manage Google’s Australian offices had several security vulnerabilities that would enable hackers to adjust the heating and cooling controls in their offices (which could potentially damage equipment sensitive to heat and humidity). Subsequent research showed that hundreds of businesses across Australia are just as susceptible to attack – they have similar vulnerabilities in their building control systems as well.