09-09-18 – News These Past Two Weeks

Malware Found on USB Drives Shipped With Schneider Solar Products
Schneider Electric recently informed customers that some of the USB flash drives shipped by the company with its Conext ComBox and Conext Battery Monitor products were infected with malware
https://www.securityweek.com/malware-found-usb-drives-shipped-schneider-solar-products

Finding the Middle Ground: Securing Smart Cities
High-profile cyberattacks and data breaches have become somewhat of a norm. You’ve likely heard this before: it’s no longer a question of if an attack will happen but when. We expect ‘always on’ connectivity with access to business data and this means that the clear boundaries of the traditional security perimeter are fading fast
https://www.securityweek.com/finding-middle-ground-securing-smart-cities

Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape
Industrial control systems (ICS) are increasingly being targeted as attackers take advantage of the Internet to target machines on organizations’ industrial networks
https://www.darkreading.com/risk/take-(industrial)-control-a-look-at-the-2018-ics-threat-landscape/d/d-id/1332754

ThreatList: Attacks on Industrial Control Systems on the Rise
The main source of infection was the internet – with 27 percent of attacks received from web sources. Another 8.4 percent arrived through removable storage media, and a surprisingly small 3.8 percent came from email clients
https://threatpost.com/threatlist-attacks-on-industrial-control-systems-on-the-rise/137251/

Malware on ICS Increasingly Comes From Internet: Kaspersky
Kaspersky Lab products installed on industrial automation systems have detected over 19,000 malware samples in the first half of 2018, and the company has determined that the Internet is an increasingly significant source of attacks
https://www.securityweek.com/malware-ics-increasingly-comes-internet-kaspersky

IT security teams are being locked out of IoT projects
Trend Micro revealed that organizations around the world are exposing themselves to unnecessary cyber risk by failing to give IT security teams a voice when planning IoT project deployments in enterprise environments
https://www.helpnetsecurity.com/2018/09/06/iot-projects-security/

Flaw in Schneider PLC Allows Significant Disruption to ICS
A vulnerability discovered in some of Schneider Electric’s Modicon programmable logic controllers (PLCs) may allow malicious actors to cause significant disruption to industrial control systems (ICS).
https://www.securityweek.com/flaw-schneider-plc-allows-significant-disruption-ics

Remotely exploitable flaw in Schneider Electric PLCs is a danger to OT networks
A vulnerability in the Schneider Electric Modicon M221, a programmable logic controller (PLC) deployed in commercial industrial facilities worldwide, can be exploited to remotely disconnected the device from communicating in the ICS network.
https://www.helpnetsecurity.com/2018/09/06/remotely-exploitable-flaw-schneider-electric-plc/

Threat Landscape for Industrial Automation Systems in H1 2018
In February, Kaspersky Lab ICS CERT published a report on an investigation into the initial infection tactics used by the notorious APT group Energetic Bear/Crouching Yeti, as well as the results of an analysis of several web servers compromised by the group in 2016 and early 2017, using information provided by the server owners
https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h1-2018/87913/

Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey
The SANS Institute recently published a research study of Industrial IoT (IIoT) security. The survey polled more than 200 security professionals from energy, utility, oil and gas, and manufacturing organizations. Among the key findings, the majority of respondents reported they are more concerned about endpoint device security, than network security
https://www.securityweek.com/endpoints-top-security-concern-industrial-organizations-iiot-survey

Phillips plugs security flaws in e-Alert tool
Dutch tech company Phillips has fixed several serious security flaws in Philips e-Alert, a tool that helps magnetic resonance imaging (MRI) systems work as intended
https://www.helpnetsecurity.com/2018/09/04/philips-e-alert-vulnerabilities/

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety
Flaws in the Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson (BD) Alaris TIVA Syringe Pump have been acknowledged by the vendors and publicly disclosed via ICS-CERT
https://threatpost.com/critical-flaws-in-syringe-pump-device-gateways-threaten-patient-safety/137067/

High-Severity Flaws Patched in Schneider Electric Products
The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221, can be exploited remotely, according to dual advisories released by ICS-CERT on Tuesday
https://threatpost.com/high-severity-flaws-patched-in-schneider-electric-products/137034/

How hard-coded credentials threaten industrial control systems
Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors. Expert Ernie Hayden explains the threat and what enterprises can do about it
https://searchsecurity.techtarget.com/tip/How-hard-coded-credentials-threaten-industrial-control-systems

Old “Misfortune Cookie” flaw opens medical gateway and devices to attack
A vulnerability in Qualcomm Life Capsule Datacaptor Terminal Server (DTS) can be easily exploited to allow attackers to execute unauthorized code to obtain administrator-level privileges on the device.
https://www.helpnetsecurity.com/2018/08/29/medical-gateway-device-vulnerability/

NIST’s New Advice on Medical IoT Devices
Medical infusion pumps, which deliver medications to patients, are archetypal examples of the expanding threat surface being delivered by connected devices. Connecting these pumps to clinical systems can improve healthcare delivery, but if not properly secured could endanger the patient and expose the health delivery organization (HDO) infrastructure to intrusion
https://www.securityweek.com/nists-new-advice-medical-iot-devices

Emerging consensus for an ICS security approach
An increasing body of experience with industrial control system (ICS) security, as well as the emerging Industrial Internet of Things (IIoT) are driving a new consensus as to the difference between information technology (IT) and operations technology (OT) / ICS security programs
https://www.helpnetsecurity.com/2018/08/27/ics-security-approach/

Posted in Uncategorized.