Busy week this week so just a quick update. We are at both the ICSJWG and the International Pipeline Security Forum. We will have updates from both next week. However I can tell you that Duqu is still very much in the front of everyone’s minds. Lots of buzz despite the fact that Duqu is not as “scary” as everyone might have first thought. (Read excerpt below from a recent e-mail that came across my desk. Author intentionally anonymous.)
Please note that ICS-CERT’s latest alert, issued on October 21, 2011, indicates that in close coordination with Symantec and the original researchers, they have determined after additional analysis that neither industrial control systems nor vendors/manufacturers were targeted by Duqu. In addition, as of October 21, 2011, there have been very few infections and there is no evidence based on current code analysis that Duqu presents a specific threat to industrial control systems.
What do you think? Should we all breathe deeply and relax again? Or is this a shot across the bow that should serve to remind us that the next big thing might be right around the corner? Let me know your thoughts and see you next week.