3-25-19 – News This Past Week

New IoT Security Bill: Third Time’s the Charm?
The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.
https://www.darkreading.com/iot/new-iot-security-bill-third-times-the-charm/d/d-id/1334190

Hacked tornado sirens taken offline in two Texas cities ahead of major storm
A hacker set off the tornado emergency sirens in the middle of the night last week across two North Texas towns. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system a day before major storms and potential tornados were set to hit the area.
https://www.zdnet.com/article/hacked-tornado-sirens-taken-offline-in-two-texas-cities-ahead-of-major-storm/

Boeing downplayed 737 MAX software risks, self-certified much of plane’s safety
Additionally, the MCAS system was designed to work based on input from only one sensor—despite the fact that Boeing rated a failure of the system as “hazardous.” That level of risk—which in itself was understated, according to engineers—should have been enough to require redundant sensors.
https://arstechnica.com/information-technology/2019/03/boeing-downplayed-737-max-software-risks-self-certified-much-of-planes-safety/

They didn’t buy the DLC: feature that could’ve prevented 737 crashes was sold as an option
The MCAS includes a feature that determines when the aircraft is pointed upward relative to the flow of air across its surface at an angle that could lead to the loss of sufficient lift to keep the airplane flying—what’s known as a stall. To prevent a stall, MCAS (like other anti-stall systems on commercial aircraft) adjusts the aircraft’s tail stabilizers to push the nose of the aircraft down, boosting its airspeed.
https://arstechnica.com/information-technology/2019/03/boeing-sold-safety-feature-that-could-have-prevented-737-max-crashes-as-an-option/

Boeing to make safety feature standard on troubled Max jets
The equipment, which had been offered as an option, alerts pilots of faulty information from key sensors. It will now be included on every 737 Max as part of changes that Boeing is rushing to complete on the jets by early next week, according to two people familiar with the changes
https://www.apnews.com/140576a8e9d4449eae646c8c479fdc3a

Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator
A serious denial-of-service (DoS) vulnerability has been found in Schneider Electric’s Triconex TriStation Emulator software. The vendor has yet to release a patch, but assured customers that the flaw does not pose a risk to operating safety controllers.
https://www.securityweek.com/schneider-electric-working-patch-flaw-triconex-tristation-emulator

Securing Industrial IoT in the Modern World
Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft – you name it, they’ve seen it.
https://www.securityweek.com/securing-industrial-iot-modern-world

8 ways to protect building management systems
Like any other computer system installed in buildings and factories, building management systems are vulnerable to attackers, such as disgruntled employees, industry competitors, industrial spies or a nation-state
https://searchsecurity.techtarget.com/tip/8-ways-to-protect-building-management-systems

Triton and the new wave of IIoT security threats
Triton malware, which can shut down industrial safety systems, causing damage to facilities and threatening human life, targets the industrial internet of things
https://www.networkworld.com/article/3375206/triton-and-the-new-wave-of-iiot-security-threats.html

Wireless vulns in Medtronic’s implanted defibrillators allow remote shocks, shutdown, denial-of-service battery attacks and data theft
Medtronic is the most notorious maker of insecure medical implants in America, with a long history of inserting computers into people’s bodies with insecure wireless interfaces, toolchains and update paths, and nothing has changed

Wireless vulns in Medtronic’s implanted defibrillators allow remote shocks, shutdown, denial-of-service battery attacks and data theft

DHS issues warning about Medtronic implantable defibrillator flaws
A warning issued by the department says over 20 Medtronic products are afflicted with vulnerabilities that could be exploited by attackers nearby. Sixteen of the products are implantable defibrillators — some still sold around the world today — while the others are the defibrillators’ bedside monitors and programmers.
https://www.engadget.com/2019/03/22/dhs-warning-medtronic-implantable-defibrillator-flaws/

Don’t have a heart attack but your implanted defibrillator can be hacked over the air
Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients’ chests, can, in certain circumstances, be wirelessly hijacked and reprogrammed, perhaps to lethal effect
https://www.theregister.co.uk/AMP/2019/03/22/medtronic_implanted_defibrillator_hackable/

Schneider Electric partners with Vericlave to protect customers’ critical IT and OT systems
Under the terms of the agreement, Schneider Electric will provide Vericlave’s advanced encryption technology to further secure and protect its customers’ critical IT and OT systems from the risk of cyberattack.

Schneider Electric partners with Vericlave to protect customers’ critical IT and OT systems

3-18-19 – News This Past Week

Tripwire debuts pentesting and industrial cybersecurity assessment services
With Tripwire’s new services, organizations can establish and maintain a strong foundation of security. The Penetration Testing Assessment leverages highly skilled cybersecurity experts who discover and then exploit vulnerabilities to assess the security of an organization’s IT environment

Tripwire debuts pentesting and industrial cybersecurity assessment services

Quantum Physics Could Protect the Grid From Hackers—Maybe
Cybersecurity experts have sounded the alarm for years: Hackers are ogling the US power grid. The threat isn’t merely hypothetical—a group affiliated with the Russian government gained remote access to energy companies’ computers, the Department of Homeland Security published last March.
https://www.wired.com/story/quantum-physics-protect-grid/

Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software
Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution
https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-flaw-rslinx-software

IoT automation platforms open smart buildings to new threats
IoT automation platforms in smart buildings are presenting attackers with new opportunities for both physical and data compromise, Trend Micro researchers warn in a newly released report

IoT automation platforms open smart buildings to new threats

Triton is the world’s most murderous malware, and it’s spreading
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.
https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

Firms Continue to Fail at IoT Security
He said, smart devices are still too easy a target with vectors such as man-in-the-middle attacks. Case and point, in February Checkmarx discovered a bevy of flaws in a consumer smart scale that could allow hackers to launch a variety of attacks, from man-in-the-middle to denial of service

RSA Conference 2019: Firms Continue to Fail at IoT Security

Pentagon reassures public that its autonomous robotic tank adheres to “legal and ethical standards” for AI-driven killbots
The Pentagon is seeking bids to improve its Advanced Targeting and Lethality Automated System (ATLAS) so that it can “acquire, identify, and engage targets at least 3X faster than the current manual process.”

Pentagon reassures public that its autonomous robotic tank adheres to “legal and ethical standards” for AI-driven killbots

DHS: No Investigation Planned for Electrical Grid Incursions
Despite concrete evidence of Russian infiltration of the US electrical grid and acknowledgment of the hacking by the US government, no formal investigation is planned, according to a Department of Homeland Security (DHS) official who spoke here at this week’s RSA Conference
https://www.darkreading.com/threat-intelligence/dhs-no-investigation-planned-for-electrical-grid-incursions/d/d-id/1334121

Flaws in Smart Alarms Exposed Millions of Cars to Dangerous Hacking
Serious vulnerabilities found in high-end car alarms could have been exploited to remotely hack millions of vehicles, including to track them, immobilise them and spy on their owners
https://www.securityweek.com/flaws-smart-alarms-exposed-millions-cars-dangerous-hacking

Venezuela’s Maduro Says Cyber Attack Prevented Power Restoration
Venezuela President Nicolas Maduro claimed on Saturday that a new cyber attack had prevented authorities from restoring power throughout the country following a blackout on Thursday that caused chaos
https://www.securityweek.com/venezuelas-maduro-says-cyber-attack-prevented-power-restoration

We’re still bad at securing industrial controllers
The bugs range in severity and impact, though Positive Tech noted that even something as simple as a denial of service issue could have a profound impact when it comes to industrial control systems (ICS).
https://www.theregister.co.uk/2019/03/11/industrial_controllers/

Many Vulnerabilities Discovered in Moxa Industrial Switches
Over a dozen vulnerabilities, including ones classified as critical, have been found by Positive Technologies researchers in EDS and IKS switches made by industrial networking solutions provider Moxa. The vendor has released patches and mitigations that should address the flaws
https://www.securityweek.com/many-vulnerabilities-discovered-moxa-industrial-switches

Hacking 10 percent of self-driving cars would cause gridlock in NYC
That question inspired scientists at the Georgia Institute of Technology to quantify the likely impact of such a large-scale hack on traffic flow in New York City. Skanda Vivek, a postdoctoral researcher at Georgia Tech, described the study’s findings at the American Physical Society’s 2019 March meeting, held last week in Boston
https://arstechnica.com/science/2019/03/study-hacking-10-percent-of-self-driving-cars-would-cause-gridlock-in-nyc/

Boeing will release software updates for 737 Max jets by April
Both investigations are still in the early stages, but experts are concerned about the similarities in the accidents. “It’s highly suspicious,” aviation analyst Mary Schiavo told CNN.
https://www.engadget.com/2019/03/12/boeing-software-update-737-max/

Don’t be too shocked, but it looks as though these politicians have actually got their act together on IoT security
The legislation has been introduced into both the House and the Senate with politicians from both sides supporting it. What’s more, the Internet of Things (IoT) Cybersecurity Improvement Act has the backing of industry and security experts and is well written
https://www.theregister.co.uk/AMP/2019/03/13/congress_iot_security/

IoT Security Meets Healthcare: What You Need to Know
Like in any environment, more connected devices means a larger attack surface. I’s been proven time and again that security breaches are a significant challenge for healthcare organizations, resulting in major fallout. Security is not optional.
https://www.securityweek.com/iot-security-meets-healthcare-what-you-need-know

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators
Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to “replay attacks” that allowed the researchers to bypass the encryption

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

IoT Security Bills for US Government Will Also Affect Business IT
Once the rules go into effect in 2020, the new requirements include making IoT devices patchable, certifying that they are free from known vulnerabilities and that the devices use standard protocols
https://www.eweek.com/security/iot-security-bills-for-us-government-will-also-affect-business-it

Dragos Acquires NexDefense, Releases Free ICS Assessment Tools
The second tool, developed by members of the Dragos team before the company was founded, is CyberLens, an assessment tool designed for quickly processing packet captures and visualizing ICS environments
https://www.securityweek.com/dragos-acquires-nexdefense-releases-free-ics-assessment-tools

3-4-19 – News Since February

How to Attack and Defend a Prosthetic Arm
The IoT world has long since grown beyond the now-ubiquitous smartwatches, smartphones, smart coffee machines, cars capable of sending tweets and Facebook posts and other stuff like fridges that send spam. Today’s IoT world now boasts state-of-the-art solutions that quite literally help people. Take, for example, the biomechanical prosthetic arm made by Motorica Inc. This device helps people who have lost their limb to restore movement.

How to Attack and Defend a Prosthetic Arm

USB attacks: Big threats to ICS from small devices
It’s amazing that a device as small as a USB drive could be a serious threat to critical infrastructure systems. Although a USB drive is simply a chip on a stick, when used maliciously, it can deliver malware, steal critical data and cause other malicious attacks
https://searchsecurity.techtarget.com/feature/USB-attacks-Big-threats-to-ICS-from-small-devices

Siemens Warns of Critical Remote-Code Execution ICS Flaw
SICAM 230 is used for a broad range of industrial control system (ICS) applications, including use as an integrated energy system for utility companies, and a monitoring system for smart-grid applications

Siemens Warns of Critical Remote-Code Execution ICS Flaw

Securing IoT: Whose responsibility is it?
Securing IoT has been a hot topic since day one — and for good reason. Adding internet connectivity to anything inevitably increases the number of threats it can face, and the sheer number of IoT devices an enterprise uses widens its potential attack surface. Add in the IoT devices your employees use on a daily basis and it can be a recipe for disaster.
https://internetofthingsagenda.techtarget.com/answer/Securing-IoT-Whose-responsibility-is-it

How hackers could wreck container vessels
This may all seem like some kind of fantasy based on the plot of the hit 1990s movie Hackers, in which heroes Acid Burn and Zero Cool and their cyber-pals race to stop malware sinking a bunch of oil tankers. However, UK-based Pen Test Partners (PTP) have dug up legit vulnerabilities before, so forgive us if we give them the benefit of the doubt here
https://www.theregister.co.uk/AMP/2019/02/21/boat_hacking_case/

Honeywell’s industrial cybersecurity solution guards against USB device attacks
USB devices include flash drives and charging cables, as well as many other USB-attached devices. They represent a primary attack vector into industrial control system (ICS) environments, and existing security controls typically focus on the detection of malware on these USBs.

Honeywell’s industrial cybersecurity solution guards against USB device attacks

Critical Flaws Allow Hackers to Take Control of Kunbus Industrial Gateway
Germany-based Kunbus offers connectivity solutions for industrial networks. The company’s gateway products, which are used by various types of organizations around the world, are designed to provide continuous and reliable communications between different networks and systems
https://www.securityweek.com/critical-flaws-allow-hackers-take-control-kunbus-industrial-gateway

IT security incidents affecting German critical infrastructure are on the rise
The BSI is the federal agency charged with managing computer and communication security for the German government, as well as monitoring the security of computer applications and the Internet, protecting critical infrastructure, certifying security products, and more.

IT security incidents affecting German critical infrastructure are on the rise

Rockwell Automation industrial energy meter vulnerable to public exploits
It measures voltage and current in an electrical circuit and communicates power and energy parameters to applications such as FactoryTalk EnergyMetrixTM, SCADA systems, and programmable controllers, over Ethernet or serial networks.

Rockwell Automation industrial energy meter vulnerable to public exploits

Got Critical Infrastructure? Then You Should Know How To Protect It
Industrial Control Systems (ICS) are key to keeping critical infrastructure such as electric grids, nuclear facilities, oil & gas refineries, wastewater treatment plants, manufacturing operations, and more running and safe. In fact, much of what underlies the goods and services being produced and offered across the globe rely on ICS in some form, whether it be in production, transport or operations.
https://www.securityweek.com/got-critical-infrastructure-then-you-should-know-how-protect-it

Researchers and businesses need to work together to expose IoT vulnerabilities
Two new vulnerabilities have been unocovered within connected devices that allow hackers access to the personal lives of consumers, according to McAfee researchers. A vulnerability within BoxLock smart padlock enables hackers to unlock the device within a few seconds, and a vulnerability within the Mr. Coffee brand coffee maker with Wemo grants hackers access to home networks.

Researchers and businesses need to work together to expose IoT vulnerabilities

Cyberbit launches SCADAShield Mobile for passive monitoring of ICS network traffic
Housed in a 27-pound, water resistant suitcase small enough to stow in the cabin of an airplane, SCADAShield Mobile enables on-demand audits and provides asset discovery, threat detection and vulnerability assessment for use cases ranging from on-site compliance audits to understanding the security posture of an ICS network during an emergency.

Cyberbit launches SCADAShield Mobile for passive monitoring of ICS network traffic

ICS/SCADA Attackers Up Their Game
The bad news: Attacks aimed at industrial sites have become more aggressive over the past year. The good news: Some industrial control systems (ICS) operators increasingly are taking more proactive defensive measures to thwart cyberattacks on their networks
https://www.darkreading.com/threat-intelligence/ics-scada-attackers-up-their-game/d/d-id/1333893

The Dark Sides of Modern Cars: Hacking and Data Collection
Going forward, connected cars will increasingly make life-or-death decisions about physical objects and other digital systems they can sense nearby, while at the same time collecting and storing troves of monetizable operational and personal data.

The Dark Sides of Modern Cars: Hacking and Data Collection

Securing the Future of Safe Autonomous Driving
For industries that have strong safety, reliability and security standards, like aerospace and automotive, these benefits can translate to nearly 40 percent cost and time savings from enhanced software verification, according to a study by consultancy VDC Research.
https://blogs.nvidia.com/blog/2019/02/05/adacore-secure-autonomous-driving/

IoT Security’s Coming of Age Is Overdue
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security
https://www.darkreading.com/attacks-breaches/iot-securitys-coming-of-age-is-overdue/a/d-id/1333756

Radiflow releases new version of its industrial threat detection solution
The current practices for risk assessments and security remediations employed by industrial enterprises and critical infrastructure operators generally rely on manual evaluations and follow unstructured processes. These processes are often time consuming and are not sufficiently responsive to changes in the threat and vulnerability landscape.

Radiflow releases new version of its industrial threat detection solution

Attacks on Automotive Systems Feared Likely
Yet few engineers feel empowered to do anything about them, a survey shows
https://www.darkreading.com/vulnerabilities—threats/attacks-on-automotive-systems-feared-likely/d/d-id/1333808?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

You Can Add Sudden-Acceleration Attacks to the List of Electric Scooter Dangers
On Tuesday, security firm Zimperium published a report detailing what researchers say are security flaws of Xiaomi’s M365 scooter that make it susceptible to hackers. Specifically, Zimperium found that these scooters each have a Bluetooth password to access its features, but “the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password.”
https://gizmodo.com/you-can-add-sudden-acceleration-attacks-to-the-list-of-1832562198

02-04-19 – News Since January

Top 10 IoT vulnerabilities
Everyone knows security is a big issue for the Internet of Things, but what specifically should we be most afraid of? OWASP identifies the top 10 vulnerabilities
https://www.networkworld.com/article/3332032/internet-of-things/top-10-iot-vulnerabilities.html

Schneider Electric Teams With Nozomi on Critical Infrastructure Security
Schneider Electric has teamed up with industrial cybersecurity firm Nozomi Networks to offer anomaly detection, vulnerability assessment, and other services to customers in the critical infrastructure and other industrial sectors
https://www.securityweek.com/schneider-electric-teams-nozomi-critical-infrastructure-security

A new taxonomy for SCADA attacks
Attacks aimed at SCADA networks are still much rarer than those targeting IT networks, but the number is slowly rising.

A new taxonomy for SCADA attacks

Yes, you can remotely hack factory, building site cranes. Wait, what?
Did you know that the manufacturing and construction industries use radio-frequency remote controllers to operate cranes, drilling rigs, and other heavy machinery? Doesn’t matter: they’re alarmingly vulnerable to being hacked, according to Trend Micro.
https://www.theregister.co.uk/2019/01/15/even_cranes_are_hackable_trend_micro/

Radio frequency remote controller weaknesses have serious safety implications
Trend Micro released a new report detailing inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers found and disclosed through the Zero Day Initiative (ZDI).

Radio frequency remote controller weaknesses have serious safety implications

Malware Built to Hack Building Automation Systems
Researchers dig into vulnerabilities in popular building automation systems, devices.
https://www.darkreading.com/vulnerabilities—threats/malware-built-to-hack-building-automation-systems/d/d-id/1333671

Hackers Can Abuse Legitimate Features to Hijack Industrial Controllers
Hackers can abuse legitimate features present in industrial controllers to hijack these devices and leverage them to gain a foothold in a network, a researcher warns
https://www.securityweek.com/hackers-can-abuse-legitimate-features-hijack-industrial-controllers-expert

How to perform an ICS risk assessment in an industrial facility
An important step to secure an industrial facility is performing an ICS risk assessment. Expert Ernie Hayden outlines the process and why each step matters
https://searchsecurity.techtarget.com/tip/How-to-perform-an-ICS-risk-assessment-in-an-industrial-facility

Mitsubishi Electric develops cyber defense technology for connected cars
Mitsubishi Electric has developed a multi-layered defense technology that protects connected vehicles from cyber attacks by strengthening their head unit’s defense capabilities.

Mitsubishi Electric develops cyber defense technology for connected cars

RF Hacking Research Exposes Danger to Construction Sites
Trend Micro team unearthed 17 vulnerabilities among seven vendors’ remote controller devices
https://www.darkreading.com/attacks-breaches/rf-hacking-research-exposes-danger-to-construction-sites/d/d-id/1333717

Black Hat Asia Offers New IoT Security Tools & Tricks
Come to Black Hat Asia in March for an expert look at what’s happening in the world of Internet of Things, and what you can do to secure it.
https://www.darkreading.com/black-hat/black-hat-asia-offers-new-iot-security-tools-and-tricks/d/d-id/1333712

Flaws in Moxa IIoT Product Expose ICS to Remote Attacks
Serious vulnerabilities found in an industrial IoT (IIoT) platform from Moxa could enable malicious hackers to launch remote attacks on industrial networks. The vendor has released a patch that should address the flaws
https://www.securityweek.com/flaws-moxa-iiot-product-expose-ics-remote-attacks

SafeRide tackles connected vehicle security with machine learning
SafeRide’s vXRay technology aims to improve security for connected vehicles with unsupervised machine learning. Can it keep hackers out of the driver’s seat?
https://searchsecurity.techtarget.com/news/252456491/SafeRide-tackles-connected-vehicle-security-with-machine-learning

Flaws Expose Phoenix Contact Industrial Switches to Attacks
The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks
https://www.securityweek.com/flaws-expose-phoenix-contact-industrial-switches-attacks

Build security into your IoT plan or risk attack
There’s huge potential with the IoT, but security must be built into a company’s plan and not tacked on at the end
https://www.networkworld.com/article/3336269/internet-of-things/build-security-into-your-iot-plan-or-risk-attack.html

Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices
Researchers are highlighting the insecure nature of Internet of Things devices in a report released Tuesday alleging a bevy of popular consumer connected devices sold at major retailers such as Walmart and Best Buy and are riddled with security holes and privacy issues

Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices

U.S. Intel Community: Russia, China Can Disrupt Critical Infrastructure
Russia and China are capable of disrupting critical infrastructure in the United States, and Iran is not far behind, according to the Worldwide Threat Assessment made public by the U.S. intelligence community on Tuesday
https://www.securityweek.com/us-intel-community-russia-china-can-disrupt-critical-infrastructure

U.S. Energy Firm Fined $10 Million for Security Failures
A US energy company, identified by some media reports as Duke Energy, received a $10 million fine from the North American Electric Reliability Corporation (NERC) for nearly 130 violations of the Critical Infrastructure Protection (CIP) standards.
https://www.securityweek.com/us-energy-firm-fined-10-million-security-failures

The Industrial Internet Consortium and OpenFog Consortium unite
The Industrial Internet Consortium (IIC) and the OpenFog Consortium (OpenFog) today announced that they have finalized the details to combine the two largest and most influential international consortia in Industrial IoT, fog and edge computing.

The Industrial Internet Consortium and OpenFog Consortium unite

01-14-19 – News This Past Couple Weeks

Medical Device Security Firm Cynerio Raises $7 Million
The company’s security platform provides visibility into clinical entities on a network and allows organizations to assess the risk associated with device behavior and detect anomalies with medical context consideration to stop malicious threats and increase patient safety and data security
https://www.securityweek.com/medical-device-security-firm-cynerio-raises-7-million

IoT Community announces formation of Security, Privacy & Trust IoT Center of Excellence
The IoT Community (Internet of Things Community) unveiled the formation of its security, privacy and trust focused IoT Center of Excellence (SPTIoTCoE), which will be Co-Chaired by Nancy Shemwell, Chief Operating Officer of the IoT Community and Dipto Chakravarty, Chief Technology Officer at Exostar

IoT Community announces formation of Security, Privacy & Trust IoT Center of Excellence (SPTIoTCoE)

Strategies for expertly protecting industrial control systems
Andrew Ginter is the Vice President of Industrial Security at Waterfall Security Solutions. We sat down with him to learn more about his new book, Secure Operations Technology, a collection of affordable and practical approaches that thoroughly defeat control system cyber attacks from the mundane to the arcane

Strategies for expertly protecting industrial control systems

Trend Micro IoT Security 2.0 enhances end user protection and device makers’ reputation
Trend Micro launched Trend Micro IoT Security (TMIS) 2.0 to help manufacturers and managed service providers improve the security of their products and the wider IoT ecosystem, while enabling them to drive differentiation

Trend Micro IoT Security 2.0 enhances end user protection and device makers’ reputation

Your Life Is the Attack Surface: The Risks of IoT
Today, there are more connected devices than humans. The unprecedented growth of connected devices has created innumerable new threats for organizations, manufacturers, and consumers, while at the same time creating opportunities for hackers
https://www.darkreading.com/endpoint/your-life-is-the-attack-surface-the-risks-of-iot-/a/d-id/1333588

Threat of a Remote Cyberattack on Today’s Aircraft Is Real
We need more stringent controls and government action to prevent a catastrophic disaster
https://www.darkreading.com/iot/threat-of-a-remote-cyberattack-on-todays-aircraft-is-real/a/d-id/1333551

BlackBerry Offers Its Security Technology to IoT Device Makers
BlackBerry on Monday announced that manufacturers of Internet of Things (IoT) devices can now use the company’s technology to improve the safety and security of their products.
https://www.securityweek.com/blackberry-offers-its-security-technology-iot-device-makers

Six IoT predictions for 2019
From security issues to skills shortages, these are the most important Internet of Things things to look for in the new year
https://www.networkworld.com/article/3330738/internet-of-things/six-iot-predictions-for-2019.html

ICS Security Experts Share Tales From the Trenches
SecurityWeek has reached out to several companies that offer products and solutions designed for protecting industrial control systems (ICS) against cyber threats and asked their experts to share some interesting stories from the field
https://www.securityweek.com/ics-security-experts-share-interesting-stories

12-31-18 – News To End The Year

US ballistic missile systems have very poor cyber-security
No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US’ ballistic missile system released on Friday by the US Department of Defense Inspector General
https://www.zdnet.com/article/us-ballistic-missile-systems-have-very-poor-cyber-security/

The US ballistic missile system is a cybersecurity nightmare
The auditors also found that three of the five missile locations didn’t apply patches for vulnerabilities discovered years and years ago, even as far back as 1990. In addition, at least one team didn’t protect their computers with an anti-virus or any other security product that can block intruders.
https://www.engadget.com/2018/12/18/us-ballistic-missile-system-cybersecurity/

Delivering security and continuity for the cities of tomorrow
It is clear that the future benefits of IoT-enabled cities are enormous. However, these benefits come with a significant array of challenges and risks, one being security. Though city administrators undoubtedly attempt to prevent attacks, we would be naive to ignore the possibility of something falling through the cracks. History has shown us that security measures that have even the smallest of vulnerabilities will be quickly identified and exploited by criminals and smart cities are no different.

Delivering security and continuity for the cities of tomorrow

Automotive Security: It’s More Than Just What’s Under The Hood
The vulnerabilities that have come to light in the past four-to-five years are significant, but also generally harder to exploit for the average attacker. Over the past decade, vehicles have become even more digitally connected – with many of them now including always-on 4G connectivity. While driver and occupant safety have always been of paramount concern, the new technology has had its fair share of attention given to it, but not enough.

Automotive Security: It’s More Than Just What’s Under The Hood

Iranian APT Group Pegged for Shamoon Disk Wiping Attacks
The attacks targeted several energy, telecoms and government organizations in the Middle East, often via suppliers in Europe. They include version 3 of Shamoon, a malware family first used in the infamous destructive attack on Saudi Aramco in 2012 which wiped over 30,000 machines
https://www.infosecurity-magazine.com/news/iranian-apt-group-shamoon-disk/

12-17-18 – News This Past Week

Italian Oil Services Company Saipem Hit by Cyberattack
The company has shared few details about the attack – it’s unclear if it was ransomware or another type of intrusion – but its representatives told SecurityWeek that no data was stolen and that only some servers in its infrastructure were impacted
https://www.securityweek.com/italian-oil-services-company-saipem-hit-cyberattack

Claroty Adds New Capabilities to Industrial Security Platform
Industrial cybersecurity firm Claroty on Tuesday announced significant enhancements to its threat detection product, along with technology integrations with several cybersecurity, network infrastructure and industrial automation providers
https://www.securityweek.com/claroty-adds-new-capabilities-industrial-security-platform

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
McAfee finds malware associated with ‘Operation Sharpshooter’ on systems belonging to at least 87 organizations.
https://www.darkreading.com/attacks-breaches/us-defense-critical-infrastructure-companies-targeted-in-new-threat-campaign/d/d-id/1333478

Remotely controlled EV home chargers – the threats and vulnerabilities
But from our point of view this sort of improvement can make chargers an easy target for a variety of attacks. To prove it we decided to take one of them, ChargePoint Home made by ChargePoint, Inc., and conduct some in-depth security research.

Remotely controlled EV home chargers – the threats and vulnerabilities

Ships infected with ransomware, USB malware, worms
The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups
https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/

Secure Critical Infrastructure Top of Mind for U.S.
Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency (NSA), said that while attacks targeting the systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors have been around for awhile, the trend “is going the wrong way.”

Secure Critical Infrastructure Top of Mind for U.S.

Operation Sharpshooter targets infrastructure around the world
Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies
https://searchsecurity.techtarget.com/news/252454412/Operation-Sharpshooter-targets-infrastructure-around-the-world

Siemens Patches Several Critical Flaws in SINUMERIK Controllers
Siemens informed customers this week that its SINUMERIK controllers are affected by denial-of-service (DoS), privilege escalation and code execution vulnerabilities, including several flaws that have been classified as “critical.”
https://www.securityweek.com/siemens-patches-several-critical-flaws-sinumerik-controllers

New Shamoon Malware Variant Targets Italian Oil and Gas Company
The latest attack against Saipem reportedly crippled more than 300 of its servers and about 100 personal computers out of a total of roughly 4,000 machines, though the company confirmed that it had already backed up the affected computers, so there no possibility of data being lost in the cyber attack.
https://thehackernews.com/2018/12/shamoon-malware-attack.html

12-10-18 – News This Past Week

Vulnerability Exposes Rockwell Controllers to DoS Attacks
Some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules are affected by a potentially serious vulnerability that can be exploited for denial-of-service (DoS) attacks
https://www.securityweek.com/vulnerability-exposes-rockwell-controllers-dos-attacks

Siemens Wants to Release Security Advisories on Patch Tuesday
The company carried out a pilot test last month, when it published a total of 16 advisories – including new advisories and updates to previously posted announcements – on November 13
https://www.securityweek.com/siemens-wants-release-security-advisories-patch-tuesday

DHS Says SamSam Ransomware is Targeting Critical Infrastructure Entities
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) this week issued an alert on activity related to SamSam, one of the most prevalent ransomware families at the moment
https://www.securityweek.com/dhs-says-samsam-ransomware-targeting-critical-infrastructure-entities

Major flaws uncovered in leading IoT protocols
Trend Micro warned organizations to revisit their operational technology (OT) security after finding major design flaws and vulnerable implementations related to two popular machine-to-machine (M2M) protocols, Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).
https://www.helpnetsecurity.com/2018/12/05/flaws-iot-protocols/

M2M Protocols Expose Industrial Systems to Attacks
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan
https://www.securityweek.com/m2m-protocols-expose-industrial-systems-attacks

Symantec Unveils USB Scanning Station for ICS, IoT Environments
Symantec on Wednesday unveiled a new product designed to protect critical infrastructure organizations, including industrial and Internet of Things (IoT) environments, against USB-borne threats
https://www.securityweek.com/symantec-unveils-usb-scanning-station-ics-iot-environments

Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements
Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements
https://www.securityweek.com/flaws-siglent-oscilloscope-allow-hackers-tamper-measurements

12-03-18 – News This Past Week

IIoT technologies integration creates expansion opportunities in the industrial cybersecurity industry
High penetration of Industrial Internet of Things (IIoT) technology in critical infrastructure and the manufacturing sector has resulted in a growing number of potential cyber-attack surfaces
https://www.helpnetsecurity.com/2018/12/03/iiot-technologies-integration/

Best practice methodology for industrial network security: SEC-OT
Secure Operations Technology (SEC-OT) is a methodology and collection of best practices inspired by a decade of experience working with secure industrial sites. The SEC-OT approach is counter-intuitive to many IT and even industrial control system (ICS) security practitioners. It turns out that secure industrial sites ask different questions and get different answers
https://www.helpnetsecurity.com/2018/12/03/sec-ot/

Vulnerability discovered in safety controller configuration software
The software is used to configure safety controllers, providing the user with the ability to modify elements such as IP addresses, download and upload project files and run other setup functions
https://www.helpnetsecurity.com/2018/12/03/pilz-pnozmulti-configurator/

SCADAfence partners with Demisto to extend automated incident response to OT networks
SCADAfence is partnering with Demisto to enable industrial organizations to respond to the threats that spread from IT to OT networks. With the integration of SCADAfence’s Continuous Network Monitoring (CNM) solution with Demisto’s Enterprise platform, security managers can assess their exposure to cyberattacks that move laterally from IT to OT.
https://www.helpnetsecurity.com/2018/11/29/scadafence-demisto-partnership/

FDA to overhaul more than 40-year-old process for approving medical devices that some say puts consumers at risk
Since 1976, manufacturers have been able to pursue an expedited approval process if they could prove new products were substantially equivalent to those that were grandfathered in when Congress established the pathway, known as 510(k).
https://www.cnbc.com/2018/11/26/fda-to-overhaul-510k-medical-device-approval-process.html

8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
It’s no secret that hacked critical infrastructure can have a detrimental safety impact, shut businesses down, and cost millions of dollars in lost revenue and brand damage. Unfortunately, attacks on critical infrastructure are showing no signs of abating.
https://www.darkreading.com/endpoint/8-tips-for-preventing-credential-theft-attacks-on-critical-infrastructure-/a/d-id/1333312

Siemens Warns of Linux, GNU Flaws in Controller Platform
Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities
https://www.securityweek.com/siemens-warns-linux-gnu-flaws-controller-platform

The current state of cybersecurity in the connected hospital
Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment
https://www.helpnetsecurity.com/2018/11/27/connected-hospital/

Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
https://www.darkreading.com/vulnerabilities—threats/ransomware-attack-forced-ohio-hospital-system-to-divert-er-patients-/d/d-id/1333333

Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
Tenable Research discovered multiple vulnerabilities in Schneider’s Modicon Quantum programmable logic controller. Schneider has recommended mitigations for impacted end users
https://www.tenable.com/blog/tenable-research-advisory-multiple-ics-vulnerabilities-in-schneider-modicon-quantum-plc

11-26-18 – News These Past Two Weeks

New IoT Security Regulations
Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ — from toys to light bulbs to major appliances­ — to the Internet at breakneck speeds. This is the Internet of Things, and it’s a security nightmare
https://www.schneier.com/blog/archives/2018/11/new_iot_securit.html

Siemens Patches Firewall Flaw That Put Operations at Risk
Siemens AG on Tuesday issued a slew of fixes addressing eight vulnerabilities spanning its industrial product lines. The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens’ SCALANCE firewall product. The flaw could allow an attacker to gain unauthorized access to industrial networks and ultimately put operations and production at risk
https://threatpost.com/siemens-patches-firewall-flaw-that-put-operations-at-risk/139082/

DARPA uses a remote island to stage a cyberattack on the US power grid
There was the sound of breakers tripping in all seven of the grid’s low-voltage substation, and then, the station was plunged into darkness. It was the worst possible scenario: swaths of the country’s grid had already been offline for a month, exhausting battery backups at power plants and substations alike.
https://nakedsecurity.sophos.com/2018/11/15/darpa-uses-a-remote-island-to-stage-a-cyberattack-on-the-us-power-grid/

Security warning: UK critical infrastructure still at risk from devastating cyber attack
An ongoing failure to act with “meaningful sense of purpose or urgency” in the face of threats posed by cyber criminals and hackers puts critical national infrastructure at unnecessary risk from cyber attacks, a UK Parliamentary committee has warned.
https://www.zdnet.com/article/uk-critical-national-infrastructure-at-risk-from-devastating-cyber-attacks-says-government-report/

Texas hospital becomes victim of Dharma ransomware
In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.
https://www.zdnet.com/article/texas-hospital-becomes-victim-of-ransomware-patient-data-potentially-leaked/

Stopping the Infiltration of Things
The Internet of Things – connected devices that contain network sensors to allow for remote monitoring and control, are expected to hit 75-billion devices installed by 2025. These devices include everything from home routers, remote cameras to healthcare devices.
https://threatpost.com/stopping-the-infiltration-of-things/139204/

Only 14% have complete organizational awareness of IoT threats
86 percent of IT and security decision makers across the globe believe their organization needs to improve its awareness of IoT threats, according to Trend Micro. This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organizations at great risk
https://www.helpnetsecurity.com/2018/11/20/iot-threats-awareness/

Threat predictions for industrial security in 2019
The past few years have been very intense and eventful when it comes to incidents affecting the information security of industrial systems. That includes new vulnerabilities, new threat vectors, accidental infections of industrial systems and detected targeted attacks
https://securelist.com/ksb-threat-predictions-for-industrial-security-in-2019/88940/

The perils of using voice commands with IoT machines
Combine the IoT, voice commands and machines, and you’re creating a potentially disastrous recipe of unintended consequences
https://www.networkworld.com/article/3321737/internet-of-things/the-perils-of-using-voice-commands-with-iot-machines.html

Securing the IoT has become business-critical
Investments in IoT security can have significant positive business implications, a recent survey from DigiCert finds.
https://www.networkworld.com/article/3321919/internet-of-things/securing-the-iot-has-become-business-critical.html