Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Whitelist spares users from ICS malware

Posted: 05 Dec 2014 ?? ?Print Version ?Bookmark and Share

Keywords:cyberattacks? malware? ICS? SCADA? WhiteScope?

With the discovery of BlackEnergy and Havex malware, industrial control systems (ICS) such as SCADA have been vulnerable to cyberattacks. ICS cyberattacks have surged by 600 per cent since 2010, based on a report from NSS Labs.

According to Billy Rios, a security specialist and the founder of Laconicly, much of the binary code in ICS is not digitally "signed," making it difficult to determine which code segments have been corrupted or simply do not belong. To ease that determination task, Rios started a personal project to create a whitelist of SCADA installation files that are known good, gathered from original installation media and running systems. He has released that whitelist as a free online service under the name WhiteScope.

The WhiteScope project gives users the ability to compare the file contents in their systems against the files in the whitelist using file hashes. It can be a tedious process, Rios admits in his blog post announcing the project, but it is effective. Eliminating the known good files from consideration substantially reduces the analysis needed to identify and characterise malware.

However, Rios says that WhiteScope is not a fully comprehensive database, so a miss when seeking to compare a file does not necessarily mean that the subject file is invalid. Users should check first to see if the file is signed, and if the product it came from is on the supported product list. If the code is unsigned and the product is on the list, then you can start treating it with increased suspicion.

The WhiteScope project contains more than 300,000 files, with plans to increase that to 500,000+ by yearend and one million or more in the first quarter of next year. To achieve this goal, the project invites users who do not find the software they are using to add it to the database. Sponsorship support would also be welcome.

-Rich Quinnell
??EE Times U.S.

Article Comments - Whitelist spares users from ICS malw...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top