The attack on the Israeli power grid much discussed yesterday turns out to amount to less than first thought. The Israel Electric Authority, which sustained the attack, is a regulatory body whose network is unconnected to utility control systems. The attack apparently amounted to spearphishing with ransomware payloads.
The Ukrainian power grid story continues to develop. Reuters reports that another, unnamed, utility was compromised in October, and that attackers were able to gain access by exploiting, first, naïveté about phishing, and, second, by utility operators' willingness to network control systems better left air-gapped.
The BlackEnergy3 malware dropped on the utilities still seems not directly implicated in control system manipulation, but SentinelOne has determined that the malware included a network sniffer.
A Ukrainian telecoms engineer tells the Register that attributing the attack to Russia is a provocation by Ukrainian authorities. ESET points out, sensibly, that attribution is a slow, difficult, and in this case circumstantial. (But evidence for Ukrainian provocation is less-than-circumstantial, amounting to a priori possibility.)
The ISIS-affiliated "Cyber Caliphate" is said to be working on attacking Google, but ISIS cyber capabilities are generally regarded as aspirational. ISIS information operations, however, remain very real, and US policymakers and advisers mull how to defeat the ISIS narrative.
FireEye warns that JSPatch, a hot-patching tool for the Apple App Store, could be used to circumvent protective reviews.
New strains of ransomware emerge.
Oracle will deprecate the Java browser plugin.
The US Congress wants an accounting of Federal exposure to Juniper's ScreenOS backdoor.