Attackers are starting to target the critical infrastructure that runs industrial and manufacturing facilities. That may not sound like a new thing but the speed and sophistication with which they’re increasing their attacks is. Security firm Dragos hast noted in a recent post that there has been a significant increase in the number of people using password cracking tools on industrial equipment such as programmable logic controllers (PLCs). Where the real devilish genius comes into play is not tha these attackers are trying to corrupt them. Instead, they’re converting these machines into nodes in large botnets to amplify attacks. And if you think it’s hard to clean a malware infection from a PC try doing it on a PLC that can’t be shut down. Dragos noted that while they only tested one particular kind of PLC many other samples had traces of malware infections. Stephen, is this going to cause issues for our already strained supply chain?
0:43 | MinIO Goes to Market with Google Cloud
Object storage platform MinIO is now available in the Google Cloud Platform (GCP) Marketplace. You could roll your own MinIO instance the old fashioned way up to now, but the GCP Marketplace makes it much more attractive for businesses. Given the focus that Kubernetes has in Google Cloud you can expect that MinIO is going to provide great performance for any applications you want to deploy. Stephen, you’ve heard from MinIO before. Why would someone want to use them in GCP?
Read More: MinIO Object Storage Running on the Google Cloud Platform
3:38 | FCC Looks to Bump Broadband Minimums
FCC Chair Jessica Rosenworcel is ready for faster broadband. Most specifically she has indicated that during the next annual evaluation of the country’s broadband infrastructure she would like to increase the minimum speed to 100 down and 20 up. That may sound like a basic connection for us now but the current minimum speed is 25/3. The minimum speed requirements typically come into play in low income areas or rural communites were existing infrastructure is out-of-date or non-existant. Also included in the Notice of Inquiry sent out is a future goal for 1 Gbps down and 500 Mbps up in a few years. Tom, is the FCC trying to make everything faster? Or just making rules that can’t be followed?
Read More: Chairwoman Rosenworcel Proposes to Increase Minimum Broadband Speeds
7:37 | Intel Warning of Pricier Chips
The supply chain has finally caught up to the suppliers. Intel has begun informing their customers that the price increases discussed in the April 28th earnings call are finally here. The increases are variable depending on the unit, with some seeing very slight bumps and others getting hiked almost 20%. For now these haven’t been confirmed but given the number of components Intel supplies are we in for even higher computer prices in the coming months? And given that the US Senate just passed the CHIPS Act, will this have any bearing?
Read More: Chipmaker Intel starts informing customers of price-hike plan
Read More: US Senate Passes CHIPS Act Temperature Check, but Challenges Linger
11:22 | FCC Budget for Hardware Swap Balloons
If the FCC thought that replacing hardware was going to be cheap they obviously haven’t gone shopping recently. The organzation announced that their proposal to compensate US compnaies to remove and replace Huawei and ZTE gear is now $3 billion over budget. The original approval was for $1.9 billion and the current cost is just shy of $5 billion. The original funding commitment won’t even cover the initial applicants in the service provider space. There is very little money left for the second category of education and healthcare. Tom, how did they miss the mark?
Read More: Bill for US telcos to bin Chinese kit blows out by $3 billion
15:54 | Just a Bunch of Wires?
Chiplets are the technology that seems to be taking over CPU design in 2022. Specialized units that can perform at peak function might break through some of the barriers being faced. But how do you connect those chiplets together to ensure there are no bottlenecks? The Open Compute foundation may have an answer. They released the new BoW specification this week. BoW naturally stands for Bunch of Wires. There’s a bit more complexity to it than that, including diagrams for proper copper layouts and PHY specifications. Stephen, why is this important?
Read More: OCP BoW or Bunch-of-Wires Specification Announced
22:12 | Industrial Systems Coming Under Siege
Attackers are starting to target the critical infrastructure that runs industrial and manufacturing facilities. That may not sound like a new thing but the speed and sophistication with which they’re increasing their attacks is. Security firm Dragos hast noted in a recent post that there has been a significant increase in the number of people using password cracking tools on industrial equipment such as programmable logic controllers (PLCs). Where the real devilish genius comes into play is not tha these attackers are trying to corrupt them. Instead, they’re converting these machines into nodes in large botnets to amplify attacks. And if you think it’s hard to clean a malware infection from a PC try doing it on a PLC that can’t be shut down. Dragos noted that while they only tested one particular kind of PLC many other samples had traces of malware infections. Stephen, is this going to cause issues for our already strained supply chain?
Read More: Hackers are targeting industrial systems with malware
29:39 | Router Flaws Lead to Massive Exploitability
If you smell a rat, it’s likely because your SMB/SME devices are vulnerable. Lumen Technologies has announced a wide range of devices from multiple manufacturers that have been infected with ZuoRAT, a remote access trojan that has been in the wild since late 2020. The particularly nasty part is that this malware targets MIPS processors, such as the ones found in SMB and remote office routers. Gear from Cisco, Asus, Netgear, and others has been observed to be compromised. ZuoRAT is also a leverage point to load more nasty things into the data stream to infect Windows systems on the inside through DNS hijacking. Lumen was able to track a cluster of these infected devices back to command and control servers overseas. The current fix is to reboot the device to clear the infection and also to factory reset them as well as patching them. Tom, why target these small systems?
Read More: A wide range of routers are under attack by new, unusually sophisticated malware
37:42 | The Week Ahead
Networking Field Day Service Provider 2 – August 3 – August 4, 2022
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.
