11-11-19 – News This Past Week

DHS Warns of Critical Flaws in Medtronic Medical Devices
An advisory published by the DHS’s Cybersecurity & Infrastructure Security Agency (CISA) warns of three recently patched vulnerabilities in Medtronic Valleylab FT10 and FX8 devices that could allow attackers to install a non-root shell.

Hospital Cyberattacks Linked to Increase in Heart Attack Mortality
Ransomware attacks and data breaches targeting hospitals may cause a higher mortality rate among heart patients in the months and years after an incident, Vanderbilt University researchers report, as breach remediation time interferes with patient care and outcomes.

Man Pleads Guilty to Remotely Controlling His Girlfriend’s Car With a Computer
The 38-year-old man, who worked as a mechanic for the Army’s Royal Australian Corps of Transport at the time, allegedly engaged in a string of unhinged behavior that left his former partner with a fear of technology, according to a report for Australia’s ABC News.

Only 47% of cybersecurity pros are prepared to deal with attacks on their IoT devices
Fewer than half (47%) of cybersecurity professionals have a plan in place to deal with attacks on their IoT devices and equipment, despite that fact that nine out of ten express concerns over future threats, according to the Neustar International Security Council (NISC) research.

Only 47% of cybersecurity pros are prepared to deal with attacks on their IoT devices

How to Secure Critical Infrastructure When Patching Isn’t Possible
Securing such critical infrastructure systems introduces a frustrating paradox: On the one hand, defending safety-critical systems is key because any maliciously motivated malfunction invites potential disaster. Yet our need for these crucial systems to be “always-on” complicates standard cyber-procedures.

How to Secure Critical Infrastructure When Patching Isn’t Possible

Boeing’s insecure networks threaten security and safety
Aircraft manufacturer Boeing’s insecure networks leave the company–and potentially its aircraft–at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO’s J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

11-4-19 – News This Past Week

Details of Attack on Electric Utility Emerge
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states

Cisco Firewall Exploited in Attack on U.S. Renewable Energy Firm
A report published earlier this year by the National Energy Technology Laboratory revealed that a cyber event caused problems at a utility in the western part of the U.S. on March 5. The incident affected California, Utah and Wyoming, but it did not result in any power outages.

ICS Attackers Set To Inflict More Damage With Evolving Tactics
While it remains difficult to attack critical infrastructure successfully, adversaries aim to use past experience to launch more destructive future attacks, according to analysis.

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Indian nuclear power plant’s network was hacked, officials confirm
In a press release today, NPCIL Associate Director A. K. Nema stated, “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In [India’s national computer emergency response team] when it was noticed by them on September 4, 2019.”

Critical Vulnerabilities Found in Rittal Cooling System
Rittal, a subsidiary of German manufacturing and services company Friedhelm Loh Group, specializes in making enclosure systems for industrial environments and data centers

Indian nuke plant’s network reportedly hit by malware tied to N. Korea
A former analyst for India’s National Technical Research Organization (NTRO) has tied a malware report published by VirusTotal to a cyber attack on India’s Kudankulam Nuclear Power Plant. The malware, identified by researchers as North Korea’s Dtrack, was reported by Pukhraj Singh to have gained “domain controller-level access” at Kudankulam. The attack has been reported to the government.

Pwn2Own Adds Industrial Control Systems to Hacking Contest
Vulnerability research competition Pwn2Own is expanding to include industrial control system (ICS), giving researchers an opportunity to hunt for bugs in popular ICS software and protocols.

Industrial equipment to come under fire at the world’s largest hacking contest
Software for industrial equipment will be the primary focus of the next edition of Pwn2Own, the world’s largest and most well-known hacking contest.

10-28-19 – News This Past Week

Upstream Security raises $30 million to protect connected cars from cyberattacks
Upstream Security, a cloud-based cybersecurity platform for connected cars, has raised $30 million in a series B round of funding led by Alliance Ventures, an automotive alliance constituting Renault, Mitsubishi, and Nissan. Volvo Group, Hyundai, CRV, Glilot Capital, Maniv Mobility, and Nationwide also participated in the round.

Upstream Security raises $30 million to protect connected cars from cyberattacks

Outdated OSs Still Present in Many Industrial Organizations
The company’s 2020 Global IoT/ICS Risk Report is based on data passively collected by CyberX from over 1,800 networks around the world between October 2018 and October 2019. It’s worth mentioning that the previous annual risk report from CyberX was based on information from roughly 850 networks

Japanese hotel chain sorry that hackers may have watched guests through bedside robots
Japanese hotel chain HIS Group has apologised for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices.

Some ICS Security Incidents Resulted in Injury, Loss of Life
CS2AI is a non-profit organization focused on the growth and expansion of networking opportunities and professional development of everyone involved in the field of control systems cybersecurity. The organization, which currently has over 16,000 members worldwide, is conducting a yearly analysis of the state of ICS cybersecurity through a survey that aims to help answer key questions on how critical systems can be best protected.

The Threat to SoHo IoT Devices is Growing Rapidly
A network of 50 honeypots deployed around the world has been catching and monitoring attacks against IoT devices. Such detected attacks have increased almost nine-fold between H1 2018 and H1 2019, from 12 million to 105 million. During the same period, the number of unique attacking IP addresses increased from 69,000 to 276,000.

Integrating security into IoT projects is not easy, but it’s increasingly urgent
Much of that data will be sensitive, whether about an individual’s privacy or confidential business information. As such, it presents a lucrative opportunity for threat actors, as data has become a highly commoditized asset in modern societies.

Integrating security into IoT projects is not easy, but it’s increasingly urgent

10-21-19 – News This Past Week

Security still top priority as more enterprises scale IoT solutions company-wide
The Zebra Technologies Corporation global survey analyzes the extent to which companies connect the physical and digital worlds to drive innovation through real-time guidance, data-powered environments and collaborative mobile workflows.

Security still top priority as more enterprises scale IoT solutions company-wide

IoT Attacks Up Significantly in First Half of 2019
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses

Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.

Microsegmentation for refining safety systems
When the TRITON (aka TRISIS) attack struck three refining sites in the Middle East in November of 2017, it was the first known cyber incident to target safety instrumented systems (SIS), specifically Schneider Electric’s Triconex gear

Microsegmentation for refining safety systems

IoT: a malware story
Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot install any kind of security software. How do we deal with that?

IoT: a malware story

“Smart city” governments should also be smart about security
While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired and deployed after very little (or even no) security testing.

“Smart city” governments should also be smart about security

US, UK: Russian Hackers Hijacked Iranian Malware, Infrastructure
The U.S. National Security Agency (NSA) and Britain’s National Cyber Security Centre (NCSC) reported on Monday that the Russia-linked threat group known as Turla has hijacked malware and infrastructure from Iranian hackers.

10-14-19 – News This Past Week

Experts expect hospital ransomware attacks to continue
One week after being hit by a ransomware attack, hospitals in Alabama are turning away patients while working on recovery, and experts warn of similar attacks in the future.

Utilities’ Operational Networks Continue to Be Vulnerable
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.

Vulnerabilities Expose TwinCAT Industrial Systems to DoS Attacks
A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for denial-of-service (DoS) attacks, which may be triggered by malicious actors or by accident.

Cisco Finds 11 Vulnerabilities in Schneider Electric Modicon Controllers
There are a total of 11 security holes affecting Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum (no longer supported), Premium, and Modicon BMxCRA and 140CRA modules. The M580 PLC, which is the newest Modicon controller, is the only one affected by all the vulnerabilities, while the rest are impacted by 2-8 flaws.

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey
Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute.

Can microsegmentation help IoT security?
Deploying microsegmentation as part of a broad IoT security strategy can enable more granular control of network systems and better isolation if a security flaw is exploited.

ICS cybersecurity investment should be a priority in protecting operations from disruption
93% of ICS security professionals are concerned about cyberattacks causing operational shutdown or customer-impacting downtime, according to a Tripwire survey.

A glimpse into the present state of security in robotics
The world of today continues its progress toward higher digitalization and mobility. From developments in the Internet of Things (IoT) through augmented reality to Industry 4.0, whichrely on stronger automation and use of robots, all of these bring more efficiency to production processes and improves user experience across the globe.

New data analysis approach could strengthen the security of IoT devices
A multi-pronged data analysis approach that can strengthen the security of IoT devices, such as smart TVs, home video cameras and baby monitors, against current risks and threats has been created by a team of Penn State World Campus students.

Hospitals Resume Accepting Patients After Malware Attack
The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling services were going back online Friday.

10-7-19 – News This Past Bit

Honeywell Launches New Industrial Cybersecurity Platform
Honeywell on Wednesday announced the launch of a new industrial cybersecurity platform designed to help organizations protect their operational technology (OT) and industrial internet of things (IIoT) assets from cyber threats

76% medical devices of healthcare facilities in Philippines may be infected by malicious code
These are alarming numbers, and certainly demand that healthcare facilities take a serious look at their infrastructures, data storage, and human resources, to see how best to secure not just data of patients, but also secure all devices, from computers, laptops, mobile phones, to medical IoT devices that are critical for medical care and emergencies.

Kaspersky Unveils ICS Vulnerabilities Database
Kaspersky on Thursday announced the ICS Vulnerabilities Database, a new service designed to help industrial organizations keep track of relevant security flaws and protect their networks against potential threats.

California’s IoT Security Law Causing Confusion
The law, which goes into effect January 1, requires manufacturers to equip devices with ‘reasonable security feature(s).’ What that entails is still an open question.

Improving the security, privacy and safety of future connected vehicles
The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick.

Iran’s Oil Sector on ‘Full Alert’ Against Attacks
Iran’s oil minister on Sunday ordered his country’s energy sector to be on high alert to the threat of “physical and cyber” attacks.

German Auto and Defense Firm Rheinmetall Says Malware Hit Several Plants
Germany-based car parts and defense solutions provider Rheinmetall announced on Thursday that production at its automotive plants in the United States, Brazil and Mexico was disrupted as a result of a malware attack.

Threat landscape for smart buildings
The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the now common smart home

SOHOpelessly Broken 2.0
Internet of Things (IoT) devices have always been vulnerable to a variety of security issues. In 2013, Independent Security Evaluators (ISE) performed research on IoT devices that showed how rich feature sets could be leveraged to compromise devices

Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last week published several advisories describing vulnerabilities in CODESYS products, many of which can be exploited remotely for arbitrary code execution, denial-of-service (DoS) attacks, and other purposes. 3S-Smart published its own advisories for most of the security bugs in late July.

Volkswagen’s bold plan to create a new car operating system
Discrete electronic control units started to appear under the hood, controlling fuel management or anti-lock brakes. New functions required new code, run on new little black boxes, metastasizing to the point where today, a new car might have up to 70 different modules, with software from as many as 200 different vendors

New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction
For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine’s national grid operator, Ukrenergo

IoT devices still major target for cyberattacks
The firm’s “Attack Landscape H1 2019” report highlighted the threat unsecured IoT devices can pose to businesses and consumers as well as the continued popularity of Eternal Blue and similar exploits two years after the WannaCry ransomware was released on the world.

U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks
US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement “a critical moment for the Baltic States in strengthening cybersecurity” in strategic energy infrastructure.

Decades-Old Code Is Putting Millions of Critical Devices at Risk
In early August, the enterprise security firm Armis got a confusing call from a hospital that uses the company’s security monitoring platform. One of its infusion pumps contained a type of networking vulnerability that the researchers had discovered in a few weeks prior. But that vulnerability had been found in an operating system called VxWorks—which the infusion pump didn’t run.

The Impact of Recycling on Industrial Cyber Security
In the decade since the Stuxnet worm was discovered, multiple attacks that have been launched against operational technology (OT) networks including Shamoon, Havex, Wannycry, and Lockergoga. Looking back, a disturbing trend has emerged. Industrial attacks are being recycled.

Wyoming Hospital the Latest to Be Hit With Ransomware Attack
A hospital in Wyoming has become one of the latest ransomware victims, courtesy of an attack that began last Friday and continues to disrupt operations.

New ‘Gucci’ IoT Botnet Targets Europe
Security researchers with SecNiche Security Labs have discovered a new piece of malware that attempts to ensnare Internet of Things (IoT) devices in Europe into a distributed denial-of-service (DDoS)-capable botnet

Ransomware forces 3 hospitals to turn away all but the most critical patients
Ten hospitals—three in Alabama and seven in Australia—have been hit with paralyzing ransomware attacks that are affecting their ability to take new patients, it was widely reported on Tuesday.

Medical Practice Closing Permanently After Ransomware Attack
Wood Ranch Medical, a small medical provider located in Simi Valley, CA, is closing after a ransomware attack. A statement explaining the incident and announcing the closure is all that is left on the firm’s website. The practice will close on December 17, 2019.

Advanced ICS/SCADA Hacking Training Offered at SecurityWeek’s 2019 ICS Cyber Security Conference
Conducted in partnership with critical infrastructure cyber security firm Applied Risk, the Advanced ICS/SCADA Hacking training will enable participants to increase their knowledge of security analysis and exploitation methodologies for evaluating the cyber resilience of industrial environments and hardware, and is designed to further advance the skills of technical staff responsible for securing ICS environments

Measuring the Security of IoT Devices
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software

Ransomware attacks paralyze, and sometimes crush, hospitals
Major hospitals and some health clinics in the US and Australia have been crippled in new ransomware attacks, forcing some into emergency manual mode and one to close permanently due to extensive loss of patient healthcare records encrypted by data kidnappers.

Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure
A researcher has used a free tool that he created and open source intelligence (OSINT) to demonstrate how easy it is for adversaries to gather intelligence on critical infrastructure in the United States.

9-16-19 – News This Past Week

Securing a Connected Future: 5G and IoT Security
Already available in some cities, 5G is ushering in an entirely new set of standards for global wireless communications. As the IoT-era continues to come into its own, businesses developing automotive, healthcare, industrial, energy and other IoT applications are planning with 5G in mind for a lot of reasons

Russian Hackers Behind Ukraine Power Outage May Have Sought More Damage
The Russia-linked hackers who triggered a power outage in Ukraine back in 2016 may have hoped to cause much more damage, according to a report published recently by U.S.-based industrial cybersecurity firm Dragos

To secure industrial IoT, use segmentation instead of firewalls
Firewalls have been the de facto standard for securing internal devices for years, but the industrial internet of things (IIoT) will change that.

IIoT security challenges: Dealing with cutting edge technologies
Dr. Jesus Molina is the Director of Business Development at Waterfall Security Solutions, and in this interview with Help Net Security he talks about the security issues related to emerging technologies

Designing IoT security: Experts warn against cutting corners
Security, though costly, is essential for IoT devices; a single breach can destroy a company’s reputation. IoT security by design can avoid devastating incidents

Siemens Issues Advisories for DejaBlue, SACK Panic Vulnerabilities
Siemens says the DejaBlue flaws impact some of its Aptio, Atellica, CentraLink, Iontris, MAGNETOM, MagicLinkA, MagicView, Medicalis, Screening Navigator, Somatom, syngo and Teamplay products. For many of these products Siemens recommends installing the patches from Microsoft, but for others the company is working on providing its own fixes

Cyberattack Disrupted Firewalls at U.S. Power Utility
A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.

9-9-19 – News This Past Week

Report reveals play-by-play of first U.S. grid cyberattack
A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp.

Critical Bugs Open Food-Safety Systems to Remote Attacks
The issues affect the AK-EM 800 product from SCADA vendor Danfoss. It’s an enterprise management solution for the food retail industry that provides a central architecture for alarm management, automatic data collection and food-quality reporting.

Code Execution Flaws Found in EZAutomation PLC, HMI Software
Researchers discovered that two pieces of software made by U.S.-based industrial automation solutions provider EZAutomation are affected by potentially serious vulnerabilities that can be exploited for remote code execution.

Critical vulnerabilities uncovered in Danfoss SCADA product, patch now!
Researchers found two critical vulnerabilities. One is effectively a backdoor into highly privileged functionality to manage the software. Although this backdoor was likely created to help the vendor’s support team log into systems to assist their clients, the password can be easily determined by attackers.

9-3-19 – News This Past Week

How to reduce the attack surface associated with medical devices
Most medical devices available in the healthcare system today were not built with security in mind and it will take years until they are replaced (if they are at all) with next-generation devices

Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed

Researchers Analyze Tools Used by ‘Hexane’ Attackers Against Industrial Firms
Security researchers from Secureworks have analyzed several tools used by the Hexane threat actor in attack campaigns against industrial organizations over the past several months.

Senators Question NHTSA on Risks of Connected Vehicles
Two United States senators have sent a letter to the National Highway Traffic Safety Administration (NHTSA) to inquire about cyber-risks associated with connected vehicles

Sex robots with ‘coding errors’ could STRANGLE you in the act
The world is getting pretty kinky, but I think this new story really tops them all – killer robots that will strangle their partners, is something that is being warned if robotics are not regulated properly.

8-26-19 – News This Past Weeek

Adwind Spyware-as-a-Service Attacks Utility Grid Operators
Critical infrastructure facilities are high-risk targets, and the fact that Adwind is available as a paid service is very concerning

Adwind Spyware-as-a-Service Attacks Utility Grid Operators

New Tool From Cisco Hunts Flaws in Automotive Computers
Access to the vehicle computer, Cisco notes, is possible via Wi-Fi, Bluetooth, or cellular communication protocols, but the backbone of a vehicle’s network is a Controller Area Network

Top 5 IoT networking security mistakes
IT supplier Brother International shares five of the most common internet-of-things security errors it sees among buyers of its printers and multi-function devices

Securing IoT involves developers, manufacturers and end users alike
Who’s to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?