02-06-18 – News This Past Month

Verizon Boards the NB-IoT Train
Unlike consumer LTE, NB-IoT offers an efficient option for hooking up smart sensors and other machine-to-machine applications because it uses very little power for its 200 Kbit/s connections and very little spectrum, which gives devices a battery life that can be measured in years.
http://www.lightreading.com/iot/nb-iot/verizon-boards-the-nb-iot-train/d/d-id/740257

DT, Nokia Put 5G to the Industrial Test
Deutsche Telekom AG (NYSE: DT) and Nokia Corp. (NYSE: NOK) are to embark on the joint testing of 5G technology in the Port of Hamburg, carrying out various trials of 5G functionality — such as so-called “network slicing” — within an industrial context. Applications of the technology within the 8,000-hectare port area will include traffic lights management, data processing from mobile sensors and virtual reality. To facilitate the test program, an antenna has already been installed on the Hamburg TV tower, at a height of more than 150 meters.
http://www.lightreading.com/mobile/services-apps-mobile/eurobites-dt-nokia-put-5g-to-the-industrial-test/d/d-id/740262

Does The U.S. Need a National Cybersecurity Safety Board?
It is time, suggest two academics from Indiana University-Bloomington, for Congress to establish a National Cybersecurity Safety Board (NCSB) as an analogue of the National Transportation Safety Board (NTSB), to improve the level of cybersecurity in the U.S.
http://www.securityweek.com/does-us-need-national-cybersecurity-safety-board

Number of Internet-accessible ICS components is increasing every year
The number of industrial control system (ICS) components – which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. In Germany, for example, researchers from Positive Technologies found 13,242 IP addresses for ICS components, up from 12,542 in 2016.

Number of Internet-accessible ICS components is increasing every year

Critical Infrastructure More Vulnerable Than Ever Before
The PT research team also noted that more and more Internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented 12.86% of detected components in 2017, up from 5.06% in 2016.
https://www.infosecurity-magazine.com/news/critical-infrastructure-more/

Increasing Number of Industrial Systems Accessible From Web
The number of industrial control systems (ICS) accessible from the Internet has increased significantly in the past year, reaching more than 175,000 components, according to a new report from Positive Technologies
http://www.securityweek.com/increasing-number-industrial-systems-accessible-web-study

Hospital MRI and CT scanners at risk of cyberattack
Last year’s WannaCry attack had many disruptive effects across the world but the one that sticks in the minds of many security experts is the damage it did to the UK’s National Health Service (NHS).
Hospital MRI and CT scanners at risk of cyberattack

Siemens Patches Flaws in Plant Management Product
Siemens has informed customers that a component of its TeleControl Basic product is affected by several vulnerabilities that can be exploited by an attacker to escalate privileges, bypass authentication, and launch denial-of-service (DoS) attacks
http://www.securityweek.com/siemens-patches-flaws-plant-management-product

IoT Botnets by the Numbers
Even before Mirai burst onto the scene a year-and-a-half ago, security experts had been warning anyone who listened about how juicy Internet of things (IoT) devices were looking to criminal botnet herders. Proliferating faster than black t-shirts at a security conference, IoT sensors have spread throughout our personal and business lives inside cameras, automobiles, TVs, refrigerators, wearable technology, and more
https://www.darkreading.com/perimeter/iot-botnets-by-the-numbers/d/d-id/1330924

Forget cyber crims, it’s time to start worrying about GPS jammers – UK.gov report
The UK must reduce the dependency of its critical infrastructure and emergency services on GPS technology to mitigate against the potentially disastrous impact of signal jamming, a government report has warned.
https://www.theregister.co.uk/2018/01/31/gps_signal_jammers_critical_infrastructure/

An Infrastructure Plan in the 21st Century Needs to Address Cybersecurity
U.S. President Trump is expected to discuss his long-awaited infrastructure plan in tonight’s State of the Union address, but we should not expect full details for a few more weeks. The focus on upgrading our roads, bridges, tunnels and other physical infrastructure is welcome. But we need to do more than address these weak brick-and-mortar foundations.
https://www.tenable.com/blog/an-infrastructure-plan-in-the-21st-century-needs-to-address-cybersecurity

UK Warns Critical Industries to Boost Cyber Defense or Face Hefty Fines
NISD is designed to ensure the security of network systems not already covered by the GDPR — but its primary purpose is to ensure the security of the industries that comprise the critical infrastructure (such as power and water, healthcare and transport). These companies, or covered entities, are defined within the directive as ‘operators of essential services’ (OES), and ‘digital service providers’ (DSPs).
http://www.securityweek.com/uk-warns-critical-industries-boost-cyber-defense-or-face-hefty-fines

Parrot 3.11 Security OS Brings New “Car Hacking” Menu
Coming one and a half months after Parrot Security OS 3.10, the Parrot Security OS 3.11 release sports a new “Car Hacking” menu that contains a great collection of open-source tools designed for testing real-world cars against hacks, as well as to simulate Controller Area Network (CAN bus) networks.
http://news.softpedia.com/news/parrot-3-11-security-os-brings-new-car-hacking-menu-meltdown-spectre-patches-519592.shtml

What do you press when flaws in Bluetooth panic buttons are exposed?
Wearsafe’s button was vulnerable to denial-of-service attacks. If flooded with connection requests, a hacker could lock the user out of the device until the battery is removed and reinserted. The device also continually broadcasts its Bluetooth radio, meaning it can be tracked
https://www.theregister.co.uk/2018/01/29/bluetooth_panic_buttons_hackable/

A series of new IoT botnets plague connected devices
The first of the IoT botnets causing trouble was discovered by security researchers at Bitdefender and is called Hide ‘N Seek, or HNS. HNS was first noticed on January 10, “faded away” for a few days and then reemerged on January 20 in a slightly different form, according to Bitdefender senior e-threat analyst Bogdan Botezatu
http://searchsecurity.techtarget.com/news/252433896/A-series-of-new-IoT-botnets-plague-connected-devices

Researchers warn of invisible attacks on electrical sensors
To simplify, transducers are electronic components that turn analogue signals such as radio, sound or light waves, or the physical movement of something like a gyroscope, into an electrical signal that can be digitised by a computer
Researchers warn of invisible attacks on electrical sensors

An Internet of Things ‘crime harvest’ is coming unless security problems are fixed
“All new technologies, all changes in the way that society is ordered — particularly if it is technology — always has a crime harvest. So, when cars were invented, people started drink-driving and stealing cars and it’s exactly the same with the Internet of Things,” said chief constable Michael Barton, head of the Durham Constabulary.
http://www.zdnet.com/article/an-internet-of-things-crime-harvest-is-coming-unless-security-problems-are-fixed/

Industrial Safety Systems in the Bullseye
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say
https://www.darkreading.com/operations/industrial-safety-systems-in-the-bullseye/d/d-id/1330912

Vulnerable industrial controls directly connected to Internet? Why not?
Yesterday, Siemens issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers (PLCs)—industrial control systems used to remotely monitor and operate manufacturing equipment. The alert, originally issued in December of 2016, was updated on Wednesday to include another version of the S7-400 line
https://arstechnica.com/information-technology/2018/01/the-internet-of-omg-vulnerable-factory-and-power-grid-controls-on-internet/

The moving target of IoT security
As the explosive growth of IoT continues, businesses, vendors and consumers all have to confront the issue that the world is more connected than ever before, with potentially gigantic consequences
https://www.networkworld.com/article/3250624/internet-of-things/the-moving-target-of-iot-security.html

Risks to ICS Environments From Spectre and Meltdown Attacks
The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010. Many AMD, ARM and other chipsets are also affected
http://www.securityweek.com/risks-ics-environments-spectre-and-meltdown-attacks

IoT Devices Fuel Complex DDoS Attacks: Report
According to the company’s 13th Annual Worldwide Infrastructure Security Report (WISR), attackers focused on increasing complexity in 2017, and the exploitation of IoT devices helped them achieve this goal. The frequency of attacks has increased as well, following a trend seen for the past several years
http://www.securityweek.com/iot-devices-fuel-complex-ddos-attacks-report

Gemalto Sentinel flaws could lead to ICS attacks
Researchers from Kaspersky Lab Industrial Control System Cyber Emergency Response Team (ICS CERT) said they decided to investigate Gemalto Sentinel USB tokens after penetration tests showed the “solution provides license control for software used by customers and is widely used in ICS and IT systems.”
http://searchsecurity.techtarget.com/news/252433668/Gemalto-Sentinel-flaws-could-lead-to-ICS-attacks

Serious ‘category one’ cyberattack not far off – warns security chief
This week, the head of Britain’s National Cyber Security Centre (NCSC), Ciaran Martin, said something rather alarming in a newspaper interview that generated plenty of headline heat – the UK has never suffered the most serious category one (C1) cyberattack but it is only a matter of time before it does
Serious ‘category one’ cyberattack not far off – warns security chief

Satori Botnet Malware Now Can Infect Even More IoT Devices
Latest version targets systems running ARC processors
https://www.darkreading.com/vulnerabilities—threats/satori-botnet-malware-now-can-infect-even-more-iot-devices/d/d-id/1330875

A silver bullet for the attacker
In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source of ICS security problems

A silver bullet for the attacker

Gemalto Licensing Tool Exposes ICS, Corporate Systems to Attacks
Gemalto Sentinel LDK is a software licensing solution used by many organizations worldwide on both their enterprise and industrial control systems (ICS) networks. In addition to software components, the solution provides hardware-based protection, specifically a SafeNet Sentinel USB dongle that users connect to a PC or server when they want to activate a product
http://www.securityweek.com/gemalto-licensing-tool-exposes-ics-corporate-systems-attacks

Trisis ICS malware was publicly available after attack
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors
http://searchsecurity.techtarget.com/news/252433492/Trisis-ICS-malware-was-publicly-available-after-attack

Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers
https://www.darkreading.com/vulnerabilities—threats/schneider-electric-triton-trisis-attack-used-0-day-flaw-in-its-safety-controller-system-and-a-rat/d/d-id/1330845

Triton Malware Exploited Zero-Day in Schneider Electric Devices
The recently discovered malware known as Triton and Trisis exploited a zero-day vulnerability in Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization
http://www.securityweek.com/triton-malware-exploited-zero-day-schneider-electric-devices

MENACING MALWARE SHOWS THE DANGERS OF INDUSTRIAL SYSTEM SABOTAGE
At the S4 security conference on Thursday, researchers from the industrial control company Schneider Electric, whose equipment Triton targeted, presented deep analysis of the malware—only the third recorded cyberattack against industrial equipment
https://www.wired.com/story/triton-malware-dangers-industrial-system-sabotage/

A NEW WAY TO TRACK DOWN BUGS COULD HELP SAVE IOT
ON A CLEAR day this summer, security researcher Ang Cui boarded a boat headed to a government biosafety facility off the northeastern tip of Long Island. Cui’s security company, Red Balloon, will spend the next year studying how its Internet of Things threat-scanning tool performs on the building control systems of Plum Island Animal Disease Center.
https://www.wired.com/story/a-new-way-to-track-down-bugs-could-help-save-iot/

Now Meltdown patches are making industrial control systems lurch
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.
https://www.theregister.co.uk/2018/01/15/meltdown_ics/

BlackBerry Launches Security Product for Automotive, Other Industries
Modern cars use hundreds of software components, including many provided by third-party vendors across several tiers. While this approach has some advantages, it also increases the chances of vulnerabilities making it into the software somewhere along the supply chain.
http://www.securityweek.com/blackberry-launches-security-product-automotive-other-industries

Vulnerability in ISC BIND leads to DoS, patch today!
The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network

Vulnerability in ISC BIND leads to DoS, patch today!

Researchers Offer a ‘VirusTotal for ICS’
Free online sandbox, honeypot tool simulates a real-world industrial network environment
https://www.darkreading.com/threat-intelligence/researchers-offer-a-virustotal-for-ics/d/d-id/1330833

What the OWASP IoT security project means for device creation
The OWASP IoT security project aims to get developers to incorporate security at the beginning of a device’s life. Expert Ernie Hayden outlines how it is tackling the issue
http://searchsecurity.techtarget.com/tip/What-the-OWASP-IoT-security-project-means-for-device-creation

Now Meltdown patches are making industrial control systems lurch
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains
https://www.theregister.co.uk/2018/01/15/meltdown_ics/

Are mass transit systems the next cybersecurity target?
Host Steve Ragan talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems — and what can be done
https://www.idg.tv/video/83915/are-mass-transit-systems-the-next-cybersecurity-target-salted-hash-ep-14

Internet of Things security issues bleed into 2018
In 2017 Internet of Things (IoT) devices rose to prominence as attackers have continued to target and use them to support various cyberattacks. IoT devices are almost the perfect target for cyberthieves. They sit on internal networks, have their own IP address, and allow communication with other internet connected devices and systems.

Internet of Things security issues bleed into 2018

IoT malware targeting zero-day vulnerabilities
First, they targeted IoT devices with default or weak passwords, and manufacturers and users began changing them. Then they used known vulnerabilities, and IoT vendor increased their efforts to push out patches. Now, some botmasters are making a concentrated effort to find unknown flaws they can exploit.

IoT malware targeting zero-day vulnerabilities

More SCADA app vulnerabilities found
Two years ago, they jointly found 50 weaknesses in the security of 20 mobile apps used by a plethora of SCADA Industrial Control Systems (ICS) sectors covering things like power, water, and manufacturing
More SCADA app vulnerabilities found

Shared Accounts Increasingly Problematic for Critical Infrastructure: ICS-CERT
Assessments conducted last year by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) showed that boundary protection remains the biggest problem in critical infrastructure organizations, but identification and authentication issues have become increasingly common
http://www.securityweek.com/shared-accounts-increasingly-problematic-critical-infrastructure-ics-cert

Serious Flaws Found in Phoenix Contact Industrial Switches
Researchers have discovered potentially serious vulnerabilities in industrial switches made by Phoenix Contact, a Germany-based company that specializes in industrial automation, connectivity and interface solutions
http://www.securityweek.com/serious-flaws-found-phoenix-contact-industrial-switches

Vulnerabilities in Phoenix Contact Industrial Switches Can Allow Hackers to Disrupt Operations
According to advisories published last week by ICS-CERT and its German counterpart CERT@VDE, Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. Ilya Karpov and Evgeniy Druzhinin of Positive Technologies have been credited for reporting the flaws.
http://www.securityweek.com/serious-flaws-found-phoenix-contact-industrial-switches

Posted in Uncategorized.