11-05-18 – News This Past Week

USB threat vector trends and implications for industrial operators
In an attempt to make industrial control systems less accessible to attackers, industrial players are limiting network access and increasingly using USB media devices to transfer patches, updates and files to those systems
https://www.helpnetsecurity.com/2018/11/02/industrial-usb-threats/

Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives
When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind
https://www.zdnet.com/article/almost-half-of-usb-drives-in-industrial-settings-pose-severe-security-risk/

USB Drives Deliver Dangerous Malware to Industrial Facilities: Honeywell
Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report published on Thursday by Honeywell
https://www.securityweek.com/usb-drives-deliver-dangerous-malware-industrial-facilities-honeywell

Sauter Quickly Patches Flaw in Building Automation Software
A serious vulnerability that allows an attacker to steal files from an affected system has been found by a researcher in a building automation product from Swiss-based Fr. Sauter AG. It took the vendor only 10 days to release a patch.
https://www.securityweek.com/sauter-quickly-patches-flaw-building-automation-software

ICS Devices Vulnerable to Side-Channel Attacks
Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek’s ICS Cyber Security Conference in Atlanta, GA
https://www.securityweek.com/ics-devices-vulnerable-side-channel-attacks-researcher

Cyberattacks Against Energy Sector Are Higher Than Average
Attacks against critical infrastructure industries such as those targeting the energy supply — actual and potential — are rarely out of the news. Russia and Russian state actors are the probable aggressors. But we are still in the Cold War era of attacks against energy utilities. There has been no cyber related-successful attack against the supply of energy in the United States.
https://www.securityweek.com/cyberattacks-against-energy-sector-are-higher-average-report

Cyberattacks against energy and utilities firms begin inside enterprise IT networks
New research from Vectra has revealed that while industrial control systems are being targeted by hackers, most cyberattacks against energy and utilities firms occur inside enterprise IT networks
https://www.techradar.com/news/cyberattacks-against-energy-and-utilities-firms-begin-inside-enterprise-it-networks

Many water and energy systems vulnerable to significant cyber risk
New Trend Micro research revealed how exposed human machine interface (HMI) systems in thousands of critical water and energy organizations around the world could be exploited, causing significant real-world impacts, such as contaminating the water supply.
https://www.helpnetsecurity.com/2018/10/31/vulnerable-critical-systems/

Internet-Exposed HMIs Put Energy, Water Facilities at Risk
Malicious actors could cause serious damage to organizations in the energy and water sectors by targeting their human-machine interfaces (HMIs), according to a report released by Trend Micro on Tuesday
https://www.securityweek.com/internet-exposed-hmis-put-energy-water-facilities-risk-report

IoT Flaw Allows Hijacking of Connected Construction Cranes
A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over.
https://threatpost.com/iot-flaw-allows-hijacking-of-connected-construction-cranes/138648/

IoT Now Top Internet Attack Target
A new threat analysis report shows that IoT devices are now the primary target of criminals working on the Internet. And those criminals are learning and adapting their tactics to meet the improved defenses being put into place
https://www.darkreading.com/attacks-breaches/new-report-iot-now-top-internet-attack-target/d/d-id/1333147

The Seven Leading Security Gaps in Industrial Environments
October is officially National Cyber Security Awareness month, and this year one of the program’s key messages is working together to secure critical infrastructure from cyber threats
https://www.securityweek.com/seven-leading-security-gaps-industrial-environments

Posted in Uncategorized.