11-4-19 – News This Past Week

Details of Attack on Electric Utility Emerge
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states
https://www.darkreading.com/attacks-breaches/details-of-attack-on-electric-utility-emerge/d/d-id/1336245

Cisco Firewall Exploited in Attack on U.S. Renewable Energy Firm
A report published earlier this year by the National Energy Technology Laboratory revealed that a cyber event caused problems at a utility in the western part of the U.S. on March 5. The incident affected California, Utah and Wyoming, but it did not result in any power outages.
https://www.securityweek.com/cisco-firewall-vulnerability-exploited-attack-us-renewable-energy-provider

ICS Attackers Set To Inflict More Damage With Evolving Tactics
While it remains difficult to attack critical infrastructure successfully, adversaries aim to use past experience to launch more destructive future attacks, according to analysis.

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Indian nuclear power plant’s network was hacked, officials confirm
In a press release today, NPCIL Associate Director A. K. Nema stated, “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In [India’s national computer emergency response team] when it was noticed by them on September 4, 2019.”
https://arstechnica.com/information-technology/2019/10/indian-nuclear-power-company-confirms-north-korean-malware-attack/

Critical Vulnerabilities Found in Rittal Cooling System
Rittal, a subsidiary of German manufacturing and services company Friedhelm Loh Group, specializes in making enclosure systems for industrial environments and data centers
https://www.securityweek.com/critical-vulnerabilities-found-rittal-cooling-system

Indian nuke plant’s network reportedly hit by malware tied to N. Korea
A former analyst for India’s National Technical Research Organization (NTRO) has tied a malware report published by VirusTotal to a cyber attack on India’s Kudankulam Nuclear Power Plant. The malware, identified by researchers as North Korea’s Dtrack, was reported by Pukhraj Singh to have gained “domain controller-level access” at Kudankulam. The attack has been reported to the government.
https://arstechnica.com/information-technology/2019/10/indian-nuke-plants-network-reportedly-hit-by-malware-tied-to-n-korea/

Pwn2Own Adds Industrial Control Systems to Hacking Contest
Vulnerability research competition Pwn2Own is expanding to include industrial control system (ICS), giving researchers an opportunity to hunt for bugs in popular ICS software and protocols.
https://www.darkreading.com/vulnerabilities—threats/pwn2own-adds-industrial-control-systems-to-hacking-contest/d/d-id/1336191

Industrial equipment to come under fire at the world’s largest hacking contest
Software for industrial equipment will be the primary focus of the next edition of Pwn2Own, the world’s largest and most well-known hacking contest.
https://www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/

Posted in Uncategorized.