01-14-19 – News This Past Couple Weeks

Medical Device Security Firm Cynerio Raises $7 Million
The company’s security platform provides visibility into clinical entities on a network and allows organizations to assess the risk associated with device behavior and detect anomalies with medical context consideration to stop malicious threats and increase patient safety and data security

IoT Community announces formation of Security, Privacy & Trust IoT Center of Excellence
The IoT Community (Internet of Things Community) unveiled the formation of its security, privacy and trust focused IoT Center of Excellence (SPTIoTCoE), which will be Co-Chaired by Nancy Shemwell, Chief Operating Officer of the IoT Community and Dipto Chakravarty, Chief Technology Officer at Exostar

IoT Community announces formation of Security, Privacy & Trust IoT Center of Excellence (SPTIoTCoE)

Strategies for expertly protecting industrial control systems
Andrew Ginter is the Vice President of Industrial Security at Waterfall Security Solutions. We sat down with him to learn more about his new book, Secure Operations Technology, a collection of affordable and practical approaches that thoroughly defeat control system cyber attacks from the mundane to the arcane

Strategies for expertly protecting industrial control systems

Trend Micro IoT Security 2.0 enhances end user protection and device makers’ reputation
Trend Micro launched Trend Micro IoT Security (TMIS) 2.0 to help manufacturers and managed service providers improve the security of their products and the wider IoT ecosystem, while enabling them to drive differentiation

Trend Micro IoT Security 2.0 enhances end user protection and device makers’ reputation

Your Life Is the Attack Surface: The Risks of IoT
Today, there are more connected devices than humans. The unprecedented growth of connected devices has created innumerable new threats for organizations, manufacturers, and consumers, while at the same time creating opportunities for hackers

Threat of a Remote Cyberattack on Today’s Aircraft Is Real
We need more stringent controls and government action to prevent a catastrophic disaster

BlackBerry Offers Its Security Technology to IoT Device Makers
BlackBerry on Monday announced that manufacturers of Internet of Things (IoT) devices can now use the company’s technology to improve the safety and security of their products.

Six IoT predictions for 2019
From security issues to skills shortages, these are the most important Internet of Things things to look for in the new year

ICS Security Experts Share Tales From the Trenches
SecurityWeek has reached out to several companies that offer products and solutions designed for protecting industrial control systems (ICS) against cyber threats and asked their experts to share some interesting stories from the field

12-31-18 – News To End The Year

US ballistic missile systems have very poor cyber-security
No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US’ ballistic missile system released on Friday by the US Department of Defense Inspector General

The US ballistic missile system is a cybersecurity nightmare
The auditors also found that three of the five missile locations didn’t apply patches for vulnerabilities discovered years and years ago, even as far back as 1990. In addition, at least one team didn’t protect their computers with an anti-virus or any other security product that can block intruders.

Delivering security and continuity for the cities of tomorrow
It is clear that the future benefits of IoT-enabled cities are enormous. However, these benefits come with a significant array of challenges and risks, one being security. Though city administrators undoubtedly attempt to prevent attacks, we would be naive to ignore the possibility of something falling through the cracks. History has shown us that security measures that have even the smallest of vulnerabilities will be quickly identified and exploited by criminals and smart cities are no different.

Delivering security and continuity for the cities of tomorrow

Automotive Security: It’s More Than Just What’s Under The Hood
The vulnerabilities that have come to light in the past four-to-five years are significant, but also generally harder to exploit for the average attacker. Over the past decade, vehicles have become even more digitally connected – with many of them now including always-on 4G connectivity. While driver and occupant safety have always been of paramount concern, the new technology has had its fair share of attention given to it, but not enough.

Automotive Security: It’s More Than Just What’s Under The Hood

Iranian APT Group Pegged for Shamoon Disk Wiping Attacks
The attacks targeted several energy, telecoms and government organizations in the Middle East, often via suppliers in Europe. They include version 3 of Shamoon, a malware family first used in the infamous destructive attack on Saudi Aramco in 2012 which wiped over 30,000 machines

12-17-18 – News This Past Week

Italian Oil Services Company Saipem Hit by Cyberattack
The company has shared few details about the attack – it’s unclear if it was ransomware or another type of intrusion – but its representatives told SecurityWeek that no data was stolen and that only some servers in its infrastructure were impacted

Claroty Adds New Capabilities to Industrial Security Platform
Industrial cybersecurity firm Claroty on Tuesday announced significant enhancements to its threat detection product, along with technology integrations with several cybersecurity, network infrastructure and industrial automation providers

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
McAfee finds malware associated with ‘Operation Sharpshooter’ on systems belonging to at least 87 organizations.

Remotely controlled EV home chargers – the threats and vulnerabilities
But from our point of view this sort of improvement can make chargers an easy target for a variety of attacks. To prove it we decided to take one of them, ChargePoint Home made by ChargePoint, Inc., and conduct some in-depth security research.

Remotely controlled EV home chargers – the threats and vulnerabilities

Ships infected with ransomware, USB malware, worms
The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups

Secure Critical Infrastructure Top of Mind for U.S.
Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency (NSA), said that while attacks targeting the systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors have been around for awhile, the trend “is going the wrong way.”

Secure Critical Infrastructure Top of Mind for U.S.

Operation Sharpshooter targets infrastructure around the world
Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies

Siemens Patches Several Critical Flaws in SINUMERIK Controllers
Siemens informed customers this week that its SINUMERIK controllers are affected by denial-of-service (DoS), privilege escalation and code execution vulnerabilities, including several flaws that have been classified as “critical.”

New Shamoon Malware Variant Targets Italian Oil and Gas Company
The latest attack against Saipem reportedly crippled more than 300 of its servers and about 100 personal computers out of a total of roughly 4,000 machines, though the company confirmed that it had already backed up the affected computers, so there no possibility of data being lost in the cyber attack.

12-10-18 – News This Past Week

Vulnerability Exposes Rockwell Controllers to DoS Attacks
Some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules are affected by a potentially serious vulnerability that can be exploited for denial-of-service (DoS) attacks

Siemens Wants to Release Security Advisories on Patch Tuesday
The company carried out a pilot test last month, when it published a total of 16 advisories – including new advisories and updates to previously posted announcements – on November 13

DHS Says SamSam Ransomware is Targeting Critical Infrastructure Entities
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) this week issued an alert on activity related to SamSam, one of the most prevalent ransomware families at the moment

Major flaws uncovered in leading IoT protocols
Trend Micro warned organizations to revisit their operational technology (OT) security after finding major design flaws and vulnerable implementations related to two popular machine-to-machine (M2M) protocols, Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).

M2M Protocols Expose Industrial Systems to Attacks
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan

Symantec Unveils USB Scanning Station for ICS, IoT Environments
Symantec on Wednesday unveiled a new product designed to protect critical infrastructure organizations, including industrial and Internet of Things (IoT) environments, against USB-borne threats

Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements
Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements

12-03-18 – News This Past Week

IIoT technologies integration creates expansion opportunities in the industrial cybersecurity industry
High penetration of Industrial Internet of Things (IIoT) technology in critical infrastructure and the manufacturing sector has resulted in a growing number of potential cyber-attack surfaces

Best practice methodology for industrial network security: SEC-OT
Secure Operations Technology (SEC-OT) is a methodology and collection of best practices inspired by a decade of experience working with secure industrial sites. The SEC-OT approach is counter-intuitive to many IT and even industrial control system (ICS) security practitioners. It turns out that secure industrial sites ask different questions and get different answers

Vulnerability discovered in safety controller configuration software
The software is used to configure safety controllers, providing the user with the ability to modify elements such as IP addresses, download and upload project files and run other setup functions

SCADAfence partners with Demisto to extend automated incident response to OT networks
SCADAfence is partnering with Demisto to enable industrial organizations to respond to the threats that spread from IT to OT networks. With the integration of SCADAfence’s Continuous Network Monitoring (CNM) solution with Demisto’s Enterprise platform, security managers can assess their exposure to cyberattacks that move laterally from IT to OT.

FDA to overhaul more than 40-year-old process for approving medical devices that some say puts consumers at risk
Since 1976, manufacturers have been able to pursue an expedited approval process if they could prove new products were substantially equivalent to those that were grandfathered in when Congress established the pathway, known as 510(k).

8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
It’s no secret that hacked critical infrastructure can have a detrimental safety impact, shut businesses down, and cost millions of dollars in lost revenue and brand damage. Unfortunately, attacks on critical infrastructure are showing no signs of abating.

Siemens Warns of Linux, GNU Flaws in Controller Platform
Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities

The current state of cybersecurity in the connected hospital
Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment

Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.

Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
Tenable Research discovered multiple vulnerabilities in Schneider’s Modicon Quantum programmable logic controller. Schneider has recommended mitigations for impacted end users

11-26-18 – News These Past Two Weeks

New IoT Security Regulations
Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ — from toys to light bulbs to major appliances­ — to the Internet at breakneck speeds. This is the Internet of Things, and it’s a security nightmare

Siemens Patches Firewall Flaw That Put Operations at Risk
Siemens AG on Tuesday issued a slew of fixes addressing eight vulnerabilities spanning its industrial product lines. The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens’ SCALANCE firewall product. The flaw could allow an attacker to gain unauthorized access to industrial networks and ultimately put operations and production at risk

DARPA uses a remote island to stage a cyberattack on the US power grid
There was the sound of breakers tripping in all seven of the grid’s low-voltage substation, and then, the station was plunged into darkness. It was the worst possible scenario: swaths of the country’s grid had already been offline for a month, exhausting battery backups at power plants and substations alike.

Security warning: UK critical infrastructure still at risk from devastating cyber attack
An ongoing failure to act with “meaningful sense of purpose or urgency” in the face of threats posed by cyber criminals and hackers puts critical national infrastructure at unnecessary risk from cyber attacks, a UK Parliamentary committee has warned.

Texas hospital becomes victim of Dharma ransomware
In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.

Stopping the Infiltration of Things
The Internet of Things – connected devices that contain network sensors to allow for remote monitoring and control, are expected to hit 75-billion devices installed by 2025. These devices include everything from home routers, remote cameras to healthcare devices.

Only 14% have complete organizational awareness of IoT threats
86 percent of IT and security decision makers across the globe believe their organization needs to improve its awareness of IoT threats, according to Trend Micro. This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organizations at great risk

Threat predictions for industrial security in 2019
The past few years have been very intense and eventful when it comes to incidents affecting the information security of industrial systems. That includes new vulnerabilities, new threat vectors, accidental infections of industrial systems and detected targeted attacks

The perils of using voice commands with IoT machines
Combine the IoT, voice commands and machines, and you’re creating a potentially disastrous recipe of unintended consequences

Securing the IoT has become business-critical
Investments in IoT security can have significant positive business implications, a recent survey from DigiCert finds.

11-12-18 – News This Past Week

Flaws in Roche Medical Devices Can Put Patients at Risk
The affected products consist of a base unit and a handheld device that communicates wirelessly – including over Wi-Fi if an optional module is available – with the base unit. Medigate researchers discovered that an attacker with access to the local network can hack the base station and from there target the handheld devices.

Implications of the NIS Directive for the industrial sector
Under the law, operators of essential services and digital service providers are required to abide by the requirements of the new regulations. These are intended to provide a framework for countries and operators to strengthen the security of critical infrastructures and allied information systems. Any operator with 50 or more employees and/or a balance sheet of greater than €10 million must comply with the NIS Directive

IT-to-OT Solutions That Can Bolster Security in the IIoT
The Industrial Internet of Things (IIoT) — within companies and across the entire global IIoT ecosystem — is an intricately intertwined and negotiated merger of information technology (IT) and operational technology (OT). OT systems are not only business-critical, they can be nation-critical or life-and-death-critical.

How A New Wave of Cyber-Attacks is Targeting Maritime Trade
In concrete terms, the historical “air gap” separating industrial control systems from enterprise networks meant that factories and shipyards were more or less immune to cyber-attack. As long as systems were air-gapped it didn’t matter how pernicious or effective the cyber-threat became, we felt confident that these virtual concerns couldn’t impact our physical infrastructure.

11-05-18 – News This Past Week

USB threat vector trends and implications for industrial operators
In an attempt to make industrial control systems less accessible to attackers, industrial players are limiting network access and increasingly using USB media devices to transfer patches, updates and files to those systems

Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives
When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind

USB Drives Deliver Dangerous Malware to Industrial Facilities: Honeywell
Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report published on Thursday by Honeywell

Sauter Quickly Patches Flaw in Building Automation Software
A serious vulnerability that allows an attacker to steal files from an affected system has been found by a researcher in a building automation product from Swiss-based Fr. Sauter AG. It took the vendor only 10 days to release a patch.

ICS Devices Vulnerable to Side-Channel Attacks
Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek’s ICS Cyber Security Conference in Atlanta, GA

Cyberattacks Against Energy Sector Are Higher Than Average
Attacks against critical infrastructure industries such as those targeting the energy supply — actual and potential — are rarely out of the news. Russia and Russian state actors are the probable aggressors. But we are still in the Cold War era of attacks against energy utilities. There has been no cyber related-successful attack against the supply of energy in the United States.

Cyberattacks against energy and utilities firms begin inside enterprise IT networks
New research from Vectra has revealed that while industrial control systems are being targeted by hackers, most cyberattacks against energy and utilities firms occur inside enterprise IT networks

Many water and energy systems vulnerable to significant cyber risk
New Trend Micro research revealed how exposed human machine interface (HMI) systems in thousands of critical water and energy organizations around the world could be exploited, causing significant real-world impacts, such as contaminating the water supply.

Internet-Exposed HMIs Put Energy, Water Facilities at Risk
Malicious actors could cause serious damage to organizations in the energy and water sectors by targeting their human-machine interfaces (HMIs), according to a report released by Trend Micro on Tuesday

IoT Flaw Allows Hijacking of Connected Construction Cranes
A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over.

IoT Now Top Internet Attack Target
A new threat analysis report shows that IoT devices are now the primary target of criminals working on the Internet. And those criminals are learning and adapting their tactics to meet the improved defenses being put into place

The Seven Leading Security Gaps in Industrial Environments
October is officially National Cyber Security Awareness month, and this year one of the program’s key messages is working together to secure critical infrastructure from cyber threats

10-29-18 – News This Past Week

FDA strengthens medical device cybersecurity program
The FDA recently took additional steps to encourage better medical device cybersecurity, including releasing a cybersecurity playbook for healthcare organizations

What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection
US-CERT is advising some customers of Telecrane construction cranes to patch their control systems – following the disclosure of a security bug that could allow a nearby attacker to wirelessly hijack the equipment.

How to protect enterprise ICS networks with firewalls
ICS network security can be improved using firewalls. Expert Ernie Hayden explains how ICS-specific firewalls can help keep ICS networks strong and protected

10-24-18 – News This Past Week

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia.

Russia was likely behind dangerous critical infrastructure attack, report says
The malware, alternately dubbed Triton and Trisis, was most likely designed to cause physical damage inside critical infrastructure sites, such as gas refineries and chemical plants, FireEye researchers said in a report published in December.

Plaintext Passwords Often Put Industrial Systems at Risk
Plaintext passwords crossing the network, outdated operating systems, direct connections to the Internet, and the lack of automated updates for security solutions often put industrial systems at risk of attacks, according to a new report published on Tuesday by industrial cybersecurity firm CyberX.

The Danger and Opportunity in 5G Connectivity and IoT
The IoT is already rife with security issues resulting from poor incentives to fix vulnerabilities. At the same time, we are spiraling closer towards a hyper-connected world with the increasing momentum around 5G infrastructure. As telecommunications organizations build more infrastructure for 5G networks, we can expect to see wider adoption of IoT devices and an increase in the impact of the threats they pose.

Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking
Commandeered equipment – think Internet-of-Things sensors and gizmos, and automotive and industrial systems – can then be used to, say, spy on owners, siphon data out of a network, launch other cyber-attacks, and so on.

AWS FreeRTOS Bugs Allow Compromise of IoT Devices
The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take them over. And while patches have been issued, researchers warn that it still may take time for smaller vendors to update.

New Security Woes for Popular IoT Protocols
They found that the widely used device-to-device communications protocols contained inherent security weaknesses, especially in the way they are implemented in IoT devices – exposing flaws that could allow attackers to execute denial-of-service (DoS) attacks on devices or gain remote control of industrial IoT or consumer IoT devices for cyber espionage or worse.

FBI Investigates Attack on Critical Water Utility
According to a media release from Onslow Water and Sewer Authority (ONWASA) issued on October 15, 2018, a critical water utility in North Carolina was targeted in a cyber-attack. Federal and state officials are now working with the water utility as part of the investigation into the attack on some of its computer systems.

Vulnerable controllers could allow attackers to manipulate marine diesel engines
These security flaws could be exploited by attackers to change the firmware and configuration files, install malware, and perform actions that effectively allow them to take control of a vessel’s engines

Medical device maker Medtronic finally fixes its hackable pacemaker
The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software with malicious software that could manipulate the impulses that regulate a patient’s heartbeat. The researchers, Jonathan Butts and Billy Rios, revealed the vulnerability at the Black Hat conference in August, more than a year after first reporting the vulnerability to Medtronic

GreyEnergy group targeting critical infrastructure with espionage
BlackEnergy has been terrorizing Ukraine for years and rose to prominence in December 2015 when they caused a blackout that left 230,000 people without electricity – the first-ever blackout caused by a cyberattack. Around the time of that incident, ESET researchers began detecting another malware framework named GreyEnergy.

In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack
The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several weeks to come.”

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers
A flaw in Medtronic’s CareLink 2090 and CareLink Encore 29901 programmers, which are portable computer systems used to manage implanted cardiac devices in clinical settings, would have allowed remote code implantation over Medtronic’s dedicated Software Deployment Network (SDN).

FDA Warns of Flaws in Medtronic Programmers
A vulnerability in the software update process of certain Medtronic Programmer models has determined the vendor to block the functionality on affected devices, the U.S. Food and Drug Administration (FDA) informs.

Feds Investigate After Hackers Attack Water Utility
The head of the Onslow Water and Sewer Authority said in a news release Monday that its internal computer system, including servers and personal computers, were subjected to what was characterized as “a sophisticated ransomware attack.”

NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
The massive NotPetya ransomware outbreak that crippled organizations around the world last year turns out to have links to the Industroyer backdoor, which targets industrial control systems (ICS) and took down the Ukrainian power grid in Kiev in 2016