as Scada developers refuse to sign their files, some think this is an alternative

"A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones.

 

The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, from dozens of vendors. Among the vendors represented in the database are Advantech, GE, Rockwell, Schneider and Siemens. The project is the work of Billy Rios, a former Google security researcher who has worked extensively on ICS and SCADA security issues. WhiteScope is a kind of reverse VirusTotal for ICS and SCADA files, allowing people to determine which files are known to be good, rather than which are detected as malicious.

 

“While participating in a few incident response engagements, I realized it’s fairly difficult to know what is a ‘legitimate’ ICS/SCADA file and what is not. Given the overwhelming majority of ICS/SCADA vendors refuse to sign their software, we’re stuck with determining whether files like ‘FTShell.dll’ or ‘WFCU.exe’ (both legitimate files btw) are really supposed to be there. With this problem in mind, I started a database of all the files I’ve seen on ICS/SCADA systems, so that others can compare notes,” Rios wrote in the FAQ for the site.https://threatpost.com/researcher-releases-database-of-known-good-ics-and-scada-files/109652

well, the governments will need to oblige the developers to sign their code and to make it possible to control the signatures of these signatures

otherwise this makes no sense

what if this database gets hacked, penetrated or is impersonated ? 

this is an enormous honeypot 

and even if you don't hack it, you can penetrate the server or any other routing installation before it just to get network and other for the people who are responsable for those highly critical networks

The comments are closed.