6-24-19 – News This Past Week

Countering industrial cyberthreats with secure, standards-based, licensed wireless networks
This was the first documented digital attack known to have compromised electrical grid operations in the United States due to a moderately basic hack and showed us how the potential for far more significant disruption is a legitimate concern to industry professionals and consumers alike.

Countering industrial cyberthreats with secure, standards-based, licensed wireless networks

For the industrial Internet of Things, defense in depth is a requirement
What the “4.0” revision adds compared to Industries 1.0 through 3.0 is a complex set of linkages between information and operational technologies. (IT stores, transmits, and manipulates data, while “OT” detects and causes changes in physical processes, such as devices for manufacturing or climate control.)
https://arstechnica.com/information-technology/2019/06/more-sensors-more-problems-industrial-iot-platforms-need-safeguarding/

Hospitals are being suffocated by robocalls
But it’s reaching a feverish pitch at the organizations for which it’s far more than an annoyance – rather, as hospital cybersecurity chiefs tell it, it’s a question of life and death. Spearphishers are placing spam calls to patients – using numbers spoofed to look like they’re coming from legitimate healthcare organizations and pretending to be hospital representatives
Hospitals are being suffocated by robocalls

Robocalls are overwhelming hospitals and patients, threatening a new kind of health crisis
But doctors, administrators and other hospital staff struggled to contain a much different kind of epidemic one April morning last year: a wave of thousands of robocalls that spread like a virus from one phone line to the next, disrupting communications for hours.
https://www.washingtonpost.com/technology/2019/06/17/robocalls-are-overwhelming-hospitals-patients-threatening-new-kind-health-crisis/?noredirect=on&utm_term=.0d8eb79835be

Power Outage Hits Millions in South America
The outage, which began in the interconnection system at the Yacyreta Dam, had a significant cybersecurity impact on one-third of the “CIA triad” — confidentiality, integrity, and availability of data
https://www.darkreading.com/iot/power-outage-hits-millions-in-south-america/d/d-id/1334983

Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however
https://www.darkreading.com/utilities-nations-need-better-plan-against-critical-infrastructure-attackers/d/d-id/1334977

Tiny TPM Promises to Secure IoT Devices
The Trusted Computing Group, founded by companies such as AMD, HP, IBM, Intel and Microsoft in 2003 to protect cryptographic keys on computers against tampering, recently announced its work to develop the specification for the “world’s tiniest Trusted Platform Module
https://www.tomshardware.com/news/smallest-tpm-chip-iot-devices-cybersecurity,39669.html

Smart TV Malware Is Another Thing We Have To Worry About, According To Samsung
As if worrying about our phones and computers being infected with malware wasn’t bad enough, it seems that Samsung might have caused a bit of undue panic and stress with a recent warning/reminder that the company issued
https://www.ubergizmo.com/2019/06/smart-tv-malware-samsung-warning/

Bugs in a popular hospital pump may let attackers alter drug dosages
Healthcare security firm CyberMDX has discovered two bugs affecting a popular infusion pump, allowing hijackers to remotely access and control it. Homeland Security has disclosed the vulnerabilities in the Alaris Gateway Workstation, a hospital pump that delivers fluids into a patient’s body in a controlled manner
https://www.engadget.com/2019/06/14/alaris-hospital-pump-vulnerabilities/

6-17-19 – News This Past Week

Hackproofing smart meters and boosting smart grid security
Smart electricity meters are useful because they allow energy utilities to efficiently track energy use and allocate energy production. But because they’re connected to a grid, they can also serve as back doors for malicious hackers

Hackproofing smart meters and boosting smart grid security

Critical Vulnerability Exposes Oil Tank Monitoring Devices to Attacks
A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected.
https://www.securityweek.com/critical-vulnerability-exposes-oil-tank-monitoring-devices-attacks

Organizations Investing More in ICS Cyber Security: SANS Study
Organizations have been investing more in the cybersecurity of industrial control systems (ICS) and operational technology (OT), and the results are showing, but many still perceive the risk as severe or high, according to the SANS 2019 State of OT/ICS Cybersecurity Report published on Wednesday
https://www.securityweek.com/organizations-investing-more-ics-cyber-security-sans-study

IoT Cybersecurity Improvement Act: An Important Step Forward
At Tenable, we look forward to working with our partners on Capitol Hill to move the IoT Cybersecurity Improvement Act forward and strengthen the security of federal networks
https://www.tenable.com/blog/iot-cybersecurity-improvement-act-an-important-step-forward

Tool Links Internet-Exposed ICS to Google Street View
An open source tool named Kamerka allows users to generate a map of Internet-exposed industrial control systems (ICS) in a specified country and link results to Google Street View.
https://www.securityweek.com/tool-links-internet-exposed-ics-google-street-view

THE HIGHLY DANGEROUS ‘TRITON’ HACKERS HAVE PROBED THE US GRID
Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks
https://www.wired.com/story/triton-hackers-scan-us-power-grid/

Hackers behind dangerous oil and gas intrusions are probing US power grids
The most alarming thing about this attack was its use of never-before-seen malware that targeted the facility’s safety processes. Such safety instrumented systems are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising
https://arstechnica.com/information-technology/2019/06/hackers-behind-dangerous-oil-and-gas-intrusions-are-probing-us-power-grids/

6-10-19 – News This Past Week

A backdoor in Optergy tech could remotely shut down a smart building ‘with one click’
An advisory said an attacker could gain “full system access” through an “undocumented backdoor script.” This, the advisory said, could allow the attacker to run commands on a vulnerable device with the highest privileges.

A backdoor in Optergy tech could remotely shut down a smart building ‘with one click’

Industrial cybersecurity strategies need a radical rethink and should be built from the ground up
Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industry 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection, and ID management that make sense in corporate IT environments cannot be applied to industrial ones.

Industrial cybersecurity strategies need a radical rethink and should be built from the ground up

IoT Security Regulation is on the Horizon
Perhaps the most infamous of these incidents is Genesis Toys’ My Friend Cayla doll, which was banned in Germany in 2017 and labeled an “espionage device” due to vulnerabilities that allowed takeover by third parties

IoT Security Regulation is on the Horizon

Several Vulnerabilities Found in Cisco Industrial Network Director
Cisco on Wednesday informed customers that several vulnerabilities, including a code execution flaw classified as “high severity,” have been found in the company’s Industrial Network Director product
https://www.securityweek.com/several-vulnerabilities-found-cisco-industrial-network-director

6-3-19 – News This Past Week

How likely are weaponized cars?
The modern vehicle can be described as electric, connected, software embedded, driverless, and even artificially intelligent. Left unmanaged and without security considerations, these properties render risks that manifest as software bugs and design flaws that may allow unauthorized remote access

How likely are weaponized cars?

Siemens LOGO!, a PLC for small automation projects, open to attack
LOGO!, a programmable logic controller (PLC) manufactured by Siemens, sports three vulnerabilities that could allow remote attackers to reconfigure the device, access project files, decrypt files, and access passwords

Siemens LOGO!, a PLC for small automation projects, open to attack

Industry is Not Prepared for the IIoT Attacks that Have Already Begun
Industrial Internet of Things (IIoT) is an essential part of business transformation and the Industry 4.0 revolution. Its use is burgeoning, with more than 7 billion devices in use worldwide. This is expected to grow to more 20 billion by 2025 — and does not include phones, tablets or laptops. It is a journey just beginning, and nobody yet knows the destination or route
https://www.securityweek.com/industry-not-prepared-iiot-attacks-have-already-begun

High-Risk Flaws Found in Process Control Systems From B&R Automation
According to the cybersecurity firm, the flaws impact 12 components of the APROL products, which are often used by oil and gas, energy, and mechanical engineering companies
https://www.securityweek.com/high-risk-flaws-found-process-control-systems-br-automation

IoT cyberattacks are the new normal, the security mindset isn’t
Eight in ten organizations have experienced a cyberattack on their IoT devices in the past 12 months, according to new research by Irdeto. Of those organizations, 90% experienced an impact as a result of the cyberattack, including operational downtime and compromised customer data or end-user safety.

IoT cyberattacks are the new normal, the security mindset isn’t

5-28-19 – News This Past Week

‘Why do we need to wait for people to be hurt?’ Medical cyber attacks soar 1400%
Strapped to a stretcher, surrounded by medics, nurses and doctors, a middle-aged man was about to play patient zero in what America’s health care industry fears could be the next major pandemic: “cybergeddon.”
https://www.sfgate.com/healthredesign/article/medical-cyber-attacks-terrorism-hospital-health-13853912.php

General Motors designs a new “brain and nervous system” for its vehicles
A common criticism of the increasingly digital nature of new cars and trucks is that all these new features are being shoehorned into systems that were not designed with features like connectivity in mind.
https://arstechnica.com/cars/2019/05/general-motors-designs-a-new-brain-and-nervous-system-for-its-vehicles/

Hackers Are Holding Baltimore’s Government Computers Hostage, and It’s Not Even Close to Over
But the city has not paid. In the two weeks since, Baltimore citizens have not had access to many city services. The city payment services and email systems are still offline
https://gizmodo.com/hackers-are-holding-baltimores-government-computers-hos-1834948639

5-20-19 – News This Past Week

Wormable Windows RDS Vulnerability Poses Serious Risk to ICS
A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned.
https://www.securityweek.com/wormable-windows-rds-vulnerability-poses-serious-risk-ics

We chat to boffins who’ve found a way to disrupt landings using off-the-shelf radio kit
In a research paper titled “Wireless Attacks on Aircraft Instrument Landing Systems,” scheduled to be presented at the 28th USENIX Security Symposium in August, computer scientists Harshad Sathaye, Domien Schepers, Aanjhan Ranganathan, and Guevara Noubir demonstrate that it’s possible to interfere with ILS data in real-time, potentially causing aircraft to discontinue a landing approach (“go around”) or miss the landing area entirely in a low-visibility situation
https://www.theregister.co.uk/2019/05/16/airplane_landing_security/

The Shortcomings of Network Monitoring in Fighting ICS Threats
The growing sophistication of industrial control system (ICS) networks, especially since the advent of the Industrial Internet of Things (IIoT), has improved numerous processes while also making them softer targets for attacks. Simply put, interconnectedness has broadened and weakened the attack surface
https://www.securityweek.com/shortcomings-network-monitoring-fighting-ics-threats

The six biggest cybersecurity risks facing the utilities industry
The utilities industry is rapidly modernizing its infrastructure, adding more digitized equipment and connectivity across devices, plants, and systems. This evolution to “smart infrastructure” represents a positive, paradigm shift for the industry

The six biggest cybersecurity risks facing the utilities industry

Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products
According to the German industrial giant, SINAMICS Perfect Harmony GH180 medium voltage converters are impacted by two high-severity denial-of-service (DoS) vulnerabilities that can be exploited by an attacker who has access to the network housing the targeted device. The flaws can be exploited with no privileges and without any user interaction
https://www.securityweek.com/siemens-addresses-vulnerabilities-logo-sinamics-products

5-13-19 – News This Past Week

Over 100 Flaws Expose Buildings to Hacker Attacks
He said an attacker can conduct a wide range of activities after hijacking the vulnerable systems, including trigger alarms, lock or unlock doors and gates, control elevator access, intercept video surveillance streams, manipulate HVAC systems and lights, disrupt operations, and steal personal information
https://www.securityweek.com/over-100-flaws-expose-buildings-hacker-attacks

Extinguishing the IoT Insecurity Dumpster Fire
And then as you mentioned, there’s industrial IoT, which has those high type of risk if there is some sort of security issue there. So there really are all these different types of devices and along with those, different types of security implications.

Extinguishing the IoT Insecurity Dumpster Fire

NIST Working on Industrial IoT Security Guide for Energy Companies
The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems
https://www.securityweek.com/nist-working-industrial-iot-security-guide-energy-companies

5-6-19 – News This Past Week

Hacking our way into cybersecurity for medical devices
Hospitals are filled with machines connected to the internet. With a combination of both wired and wireless connectivity, knowing and managing which devices are connected has become more complicated and, consequently, the institutions’ attack surface has expanded

Hacking our way into cybersecurity for medical devices

People Are Clamoring to Buy Old Insulin Pumps
How an obsolete medical device with a security flaw became a must-have for some patients with type 1 diabetes
https://www.theatlantic.com/science/archive/2019/04/looping-created-insulin-pump-underground-market/588091/

Plan to secure internet of things with new law
Security vulnerabilities that could be targeted by hackers have been found in everything from toy dolls to internet-connected ovens in recent years
https://www.bbc.com/news/technology-48106582

Two Vulnerabilities Expose Rockwell Controllers to DoS Attacks
Two vulnerabilities discovered by industrial cybersecurity companies CyberX and Nozomi Networks in some of Rockwell Automation’s controllers expose devices to denial-of-service (DoS) attacks
https://www.securityweek.com/two-vulnerabilities-expose-rockwell-controllers-dos-attacks

‘Denial of service condition’ disrupted US energy company operations
An energy company providing power in several western U.S. states experienced a “denial-of-service condition” serious enough to warrant reporting it to the government’s energy authority.

‘Denial of service condition’ disrupted US energy company operations

UK Publishes Proposed Regulation for IoT Device Security
The UK government has published a consultation document on the proposed regulation of consumer IoT devices. The consultation is not designed to see whether regulation is necessary, but to help the government “make a decision on which measures to take forward into legislation.”
https://www.securityweek.com/uk-publishes-proposed-regulation-iot-device-security

Security lapse exposed a Chinese smart city surveillance system
Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured

Security lapse exposed a Chinese smart city surveillance system

4-29-19 – News These Past Two Weeks

TRITON Attacks Underscore Need for Better Defenses
After revealing last week that the same set of tools used by the TRITON attackers were also found in a second victim’s network, security services firm FireEye stressed that attackers are likely in the networks of some of the facilities that are home to the 18,000 Triconex safety systems installed in plants worldwide.
https://www.darkreading.com/vulnerabilities—threats/triton-attacks-underscore-need-for-better-defenses/d/d-id/1334418

A look at security threats to critical infrastructure
Threats to critical infrastructure, like Operation Sharpshooter, should motivate CI sectors to take cybersecurity seriously. Learn about the threats and how to defend against them
https://searchsecurity.techtarget.com/tip/A-look-at-security-threats-to-critical-infrastructure

Examining Triton Attack Framework: Lessons Learned in Protecting Industrial Systems
Recently, the infamous Triton (also known as Trisis) malware framework made news again after researchers from FireEye found evidence of the same attacker lurking in other critical infrastructure. In 2017, Triton was behind an attack that shut down Schneider Electric’s Triconex safety instrumentation system (SIS) at a petrochemical plant in Saudi Arabia — the malware went undetected for nearly a year and has been linked to a group called XENOTIME
https://www.securityweek.com/examining-triton-attack-framework-lessons-learned-protecting-industrial-systems

Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps
The hacker, who goes by the name L&M, told Motherboard he hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that companies use to monitor and manage fleets of vehicles through GPS tracking devices
https://motherboard.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps

Serious Vulnerabilities Found in Fujifilm X-Ray Devices
The flaws, described in an advisory published this week by ICS-CERT, affect Fuji Computed Radiography (FCR) XC-2 and Capsula X medical imaging products (CR-IR 357) — Capsula products are marketed as Carbon in the United States. The impacted devices are used in the healthcare sector worldwide
https://www.securityweek.com/serious-vulnerabilities-found-fujifilm-x-ray-devices

Rockwell Controller Flaw Allows Hackers to Redirect Users to Malicious Sites
A serious vulnerability affecting some of Rockwell Automation’s MicroLogix and CompactLogix programmable logic controllers (PLCs) can be exploited by a remote attacker to redirect users to malicious websites.
https://www.securityweek.com/rockwell-controller-flaw-allows-hackers-redirect-users-malicious-sites

NIST Tool Finds Errors in Complex Safety-Critical Software
The U.S. National Institute of Standards and Technology (NIST) this week announced that updates to its Automated Combinatorial Testing for Software (ACTS) research toolkit should help developers of complex safety-critical applications find potentially dangerous errors and make their software safer
https://www.securityweek.com/nist-tool-finds-errors-complex-safety-critical-software

4-15-19 – News This Past Week

Someone is targeting “critical infrastructure” safety systems in networked attacks
The Triton malware was first identified 16 months ago by researchers from Fireeye: it targets Triconex control systems from Schneider Electric, and was linked by Fireeye to the Central Scientific Research Institute of Chemistry and Mechanics in Moscow

Someone is targeting “critical infrastructure” safety systems in networked attacks

Triton ICS Malware Hits A Second Victim
According to researchers at FireEye, the cybercriminals behind Triton, also called Trisis, have once again targeted industrial control systems (ICS), this time at an undisclosed company in the Middle East. Further, FireEye has taken the additional step of linking Triton with high confidence to Russian state-sponsored hackers

SAS 2019: Triton ICS Malware Hits A Second Victim

The hacker group behind the Triton malware strikes again
The company was tight-lipped on the intrusion at the second facility, declining to describe the type of facility or its location — or even the year of the attack

The hacker group behind the Triton malware strikes again

Mysterious safety-tampering malware infects a second critical infrastructure site
Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents
https://arstechnica.com/information-technology/2019/04/mysterious-safety-tampering-malware-infects-a-2nd-critical-infrastructure-site/

Industry Reactions to New Triton Attacks on Critical Infrastructure
The existence of Triton came to light in 2017 after the malware had caused disruptions at an oil and gas plant in Saudi Arabia. FireEye, which previously linked Triton to a research institute owned by the Russian government, recently analyzed the threat actor’s tools and techniques after identifying another target
http://www.securityweek.com/industry-reactions-new-triton-attacks-critical-infrastructure

Siemens Patches Serious DoS Flaws in Many Industrial Products
Siemens’ Patch Tuesday updates for April 2019 address several serious vulnerabilities, including some denial-of-service (DoS) flaws affecting many of the company’s industrial products
http://www.securityweek.com/siemens-patches-serious-dos-flaws-many-industrial-products

Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
On April 9, Siemens published its monthly Siemens Advisory Day release across a variety of Siemens products. This includes 11 CVEs newly addressed in Siemens products along with updates to previous advisories, including additional CVEs and product updates and mitigations. The most critical of these vulnerabilities could give an unauthenticated attacker administrative privileges
https://www.tenable.com/blog/critical-vulnerability-in-siemens-spectrum-power-cve-2019-6579-patched-in-monthly-advisory

Cars Exposed to Hacker Attacks by Hardcoded Credentials in MyCar Apps
A small aftermarket telematics unit from Montreal, Canada-based AutoMobility, MyCar provides users with a series of smartphone-controlled features for their cars, including geolocation, remote start/stop and lock/unlock capabilities.
http://www.securityweek.com/cars-exposed-hacker-attacks-hardcoded-credentials-mycar-apps

Medical Device Cybersecurity
Before long, just about everything in the medical world will be running on software – and even connected to the internet. That already applies to pacemakers and insulin pumps and a host of devices used in hospitals
http://www.byuradio.org/episode/e85c70f1-e81a-48d4-9c69-9c469fe23ce6/top-of-mind-with-julie-rose-israel-women-in-trucking-medical-device-cybersecurity?playhead=2219&autoplay=true

Hacking healthcare: A call for infosec researchers to probe biomedical devices
It is a brave new connected world out there and there is no shortage of cybersecurity risks associated with everything we do. We can’t even be sure that the technologies that keep as alive and healthy will work as intended if malicious actors set their sights on them

Hacking healthcare: A call for infosec researchers to probe biomedical devices

90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited
OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyberattacks on a regular basis

90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited