02-19-18 – News This Past Week

Siemens Leads Launch of Global Cybersecurity Initiative
The so-called Charter of Trust centers around the basic goals of protecting the data of individuals and businesses; preventing harm to critical infrastructure, businesses, and individuals via cyberattacks
https://www.darkreading.com/threat-intelligence/siemens-leads-launch-of-global-cybersecurity-initiative/d/d-id/1331083

US sets up dedicated office for energy infrastructure cybersecurity
The US government is setting up a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the US Department of Energy. The CESER office will focus on energy infrastructure security and enable more coordinated preparedness and response to natural and man-made threats

US sets up dedicated office for energy infrastructure cybersecurity

IBM Releases Spectre, Meltdown Patches for Power Systems
IBM started releasing firmware patches for its POWER processors within a week after the Spectre and Meltdown attack methods were disclosed. Firmware updates were first released for the POWER7+ and POWER8 processors, but customers would have to wait another month for operating system patches
https://www.securityweek.com/ibm-releases-spectre-meltdown-patches-power-systems

Cryptocurrency Miners Not Uncommon on Industrial Systems
Industrial cybersecurity firm Radiflow reported last week that it had identified a piece of malware designed to mine Monero on a human-machine interface (HMI) system at a wastewater facility in Europe
https://www.securityweek.com/cryptocurrency-miners-not-uncommon-industrial-systems

Exploring a New Reference Architecture for Industrial Control Systems Security
As it relates to threats targeting industrial control systems (ICS) and critical infrastructure networks, it should be completely clear that “the times – they are a changing.” We have entered a new era over the past 6 months – demonstrated by the collateral damage caused by WannaCry and NotPetya, and even more clearly by the deliberate and alarming targeting of the widely used Schneider Electric Triconex safety platform by the Triton malware.
https://www.securityweek.com/exploring-new-reference-architecture-industrial-control-systems-security

Schneider Electric Patches Several Flaws in IGSS Products
Ivan Sanchez of Nullcode discovered that the IGSS SCADA software is affected by a configuration issue that leads to Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) mitigations not being implemented properly
https://www.securityweek.com/schneider-electric-patches-several-flaws-igss-products

Rogue IT admin goes off the rails, shuts down Canadian train switches
Christopher Victor Grupe, 46, had a rocky relationship with his employers: in December 2015, he was suspended for 12 days for insubordination and just not making the grade as a sysadmin
https://www.theregister.co.uk/2018/02/14/rogue_it_admin_canadian_railway_switches/

Consumers want more IoT regulation
A demand for more regulation may seem counterintuitive in today’s world and yet that’s exactly what consumers who understand IoT technologies want, according to a new study from Market Strategies International.

Consumers want more IoT regulation

NOW CRYPTOJACKING THREATENS CRITICAL INFRASTRUCTURE, TOO
The rise of cryptojacking—which co-opts your PC or mobile device to illicitly mine cryptocurrency when you visit an infected site—has fueled mining’s increasing appeal
https://www.wired.com/story/cryptojacking-critical-infrastructure/

Surgery affected by ‘distressing’ power outage glitch at Royal Adelaide Hospital
Two operations were disrupted when a software failure left part of the Royal Adelaide Hospital without power for up to 20 minutes yesterday morning
http://www.abc.net.au/news/2018-02-07/power-failure-at-royal-adelaide-hospital-disrupts-surgery/9406270

02-12-18 – News This Past Week

Ukraine Power Distro Plans $20 Million Cyber Defense System
After NotPetya and severe blackouts, Ukrenergo responds with an investment in cybersecurity
https://www.darkreading.com/operations/ukraine-power-distro-plans-$20-million-cyber-defense-system/d/d-id/1330994

When crypto-mining malware hits a SCADA network
Stealthy crypto-mining is on track to surpass ransomware as cybercriminals’ most favorite money-making option, and companies with computers and servers that run all day and night long are the preferred targets

When crypto-mining malware hits a SCADA network

Water Utility Infected by Cryptocurrency Mining Software
A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I’ve seen it infect SCADA systems, though
https://www.schneier.com/blog/archives/2018/02/water_utility_i.html

Tips for securing IoT on your network
As internet of things devices proliferate, it’s more important to discover how many and what kind are on your network and figure out how to make them secure. Here’s how
https://www.networkworld.com/article/3254185/internet-of-things/tips-for-securing-iot-on-your-network.html

Tennessee Hospital Hit With Cryptocurrency Mining Malware
Decatur County General Hospital (DCGH) in Parsons, Tennessee, recently discovered cryptocurrency mining malware on its its Electronic Medical Record (EMR) server. The hospital began informing 24,000 patients of the attack on January 26
https://www.darkreading.com/attacks-breaches/tennessee-hospital-hit-with-cryptocurrency-mining-malware/d/d-id/1331014

02-06-18 – News This Past Month

Verizon Boards the NB-IoT Train
Unlike consumer LTE, NB-IoT offers an efficient option for hooking up smart sensors and other machine-to-machine applications because it uses very little power for its 200 Kbit/s connections and very little spectrum, which gives devices a battery life that can be measured in years.
http://www.lightreading.com/iot/nb-iot/verizon-boards-the-nb-iot-train/d/d-id/740257

DT, Nokia Put 5G to the Industrial Test
Deutsche Telekom AG (NYSE: DT) and Nokia Corp. (NYSE: NOK) are to embark on the joint testing of 5G technology in the Port of Hamburg, carrying out various trials of 5G functionality — such as so-called “network slicing” — within an industrial context. Applications of the technology within the 8,000-hectare port area will include traffic lights management, data processing from mobile sensors and virtual reality. To facilitate the test program, an antenna has already been installed on the Hamburg TV tower, at a height of more than 150 meters.
http://www.lightreading.com/mobile/services-apps-mobile/eurobites-dt-nokia-put-5g-to-the-industrial-test/d/d-id/740262

Does The U.S. Need a National Cybersecurity Safety Board?
It is time, suggest two academics from Indiana University-Bloomington, for Congress to establish a National Cybersecurity Safety Board (NCSB) as an analogue of the National Transportation Safety Board (NTSB), to improve the level of cybersecurity in the U.S.
http://www.securityweek.com/does-us-need-national-cybersecurity-safety-board

Number of Internet-accessible ICS components is increasing every year
The number of industrial control system (ICS) components – which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. In Germany, for example, researchers from Positive Technologies found 13,242 IP addresses for ICS components, up from 12,542 in 2016.

Number of Internet-accessible ICS components is increasing every year

Critical Infrastructure More Vulnerable Than Ever Before
The PT research team also noted that more and more Internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented 12.86% of detected components in 2017, up from 5.06% in 2016.
https://www.infosecurity-magazine.com/news/critical-infrastructure-more/

Increasing Number of Industrial Systems Accessible From Web
The number of industrial control systems (ICS) accessible from the Internet has increased significantly in the past year, reaching more than 175,000 components, according to a new report from Positive Technologies
http://www.securityweek.com/increasing-number-industrial-systems-accessible-web-study

Hospital MRI and CT scanners at risk of cyberattack
Last year’s WannaCry attack had many disruptive effects across the world but the one that sticks in the minds of many security experts is the damage it did to the UK’s National Health Service (NHS).
Hospital MRI and CT scanners at risk of cyberattack

Siemens Patches Flaws in Plant Management Product
Siemens has informed customers that a component of its TeleControl Basic product is affected by several vulnerabilities that can be exploited by an attacker to escalate privileges, bypass authentication, and launch denial-of-service (DoS) attacks
http://www.securityweek.com/siemens-patches-flaws-plant-management-product

IoT Botnets by the Numbers
Even before Mirai burst onto the scene a year-and-a-half ago, security experts had been warning anyone who listened about how juicy Internet of things (IoT) devices were looking to criminal botnet herders. Proliferating faster than black t-shirts at a security conference, IoT sensors have spread throughout our personal and business lives inside cameras, automobiles, TVs, refrigerators, wearable technology, and more
https://www.darkreading.com/perimeter/iot-botnets-by-the-numbers/d/d-id/1330924

Forget cyber crims, it’s time to start worrying about GPS jammers – UK.gov report
The UK must reduce the dependency of its critical infrastructure and emergency services on GPS technology to mitigate against the potentially disastrous impact of signal jamming, a government report has warned.
https://www.theregister.co.uk/2018/01/31/gps_signal_jammers_critical_infrastructure/

An Infrastructure Plan in the 21st Century Needs to Address Cybersecurity
U.S. President Trump is expected to discuss his long-awaited infrastructure plan in tonight’s State of the Union address, but we should not expect full details for a few more weeks. The focus on upgrading our roads, bridges, tunnels and other physical infrastructure is welcome. But we need to do more than address these weak brick-and-mortar foundations.
https://www.tenable.com/blog/an-infrastructure-plan-in-the-21st-century-needs-to-address-cybersecurity

UK Warns Critical Industries to Boost Cyber Defense or Face Hefty Fines
NISD is designed to ensure the security of network systems not already covered by the GDPR — but its primary purpose is to ensure the security of the industries that comprise the critical infrastructure (such as power and water, healthcare and transport). These companies, or covered entities, are defined within the directive as ‘operators of essential services’ (OES), and ‘digital service providers’ (DSPs).
http://www.securityweek.com/uk-warns-critical-industries-boost-cyber-defense-or-face-hefty-fines

Parrot 3.11 Security OS Brings New “Car Hacking” Menu
Coming one and a half months after Parrot Security OS 3.10, the Parrot Security OS 3.11 release sports a new “Car Hacking” menu that contains a great collection of open-source tools designed for testing real-world cars against hacks, as well as to simulate Controller Area Network (CAN bus) networks.
http://news.softpedia.com/news/parrot-3-11-security-os-brings-new-car-hacking-menu-meltdown-spectre-patches-519592.shtml

What do you press when flaws in Bluetooth panic buttons are exposed?
Wearsafe’s button was vulnerable to denial-of-service attacks. If flooded with connection requests, a hacker could lock the user out of the device until the battery is removed and reinserted. The device also continually broadcasts its Bluetooth radio, meaning it can be tracked
https://www.theregister.co.uk/2018/01/29/bluetooth_panic_buttons_hackable/

A series of new IoT botnets plague connected devices
The first of the IoT botnets causing trouble was discovered by security researchers at Bitdefender and is called Hide ‘N Seek, or HNS. HNS was first noticed on January 10, “faded away” for a few days and then reemerged on January 20 in a slightly different form, according to Bitdefender senior e-threat analyst Bogdan Botezatu
http://searchsecurity.techtarget.com/news/252433896/A-series-of-new-IoT-botnets-plague-connected-devices

Researchers warn of invisible attacks on electrical sensors
To simplify, transducers are electronic components that turn analogue signals such as radio, sound or light waves, or the physical movement of something like a gyroscope, into an electrical signal that can be digitised by a computer
Researchers warn of invisible attacks on electrical sensors

An Internet of Things ‘crime harvest’ is coming unless security problems are fixed
“All new technologies, all changes in the way that society is ordered — particularly if it is technology — always has a crime harvest. So, when cars were invented, people started drink-driving and stealing cars and it’s exactly the same with the Internet of Things,” said chief constable Michael Barton, head of the Durham Constabulary.
http://www.zdnet.com/article/an-internet-of-things-crime-harvest-is-coming-unless-security-problems-are-fixed/

Industrial Safety Systems in the Bullseye
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say
https://www.darkreading.com/operations/industrial-safety-systems-in-the-bullseye/d/d-id/1330912

Vulnerable industrial controls directly connected to Internet? Why not?
Yesterday, Siemens issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers (PLCs)—industrial control systems used to remotely monitor and operate manufacturing equipment. The alert, originally issued in December of 2016, was updated on Wednesday to include another version of the S7-400 line
https://arstechnica.com/information-technology/2018/01/the-internet-of-omg-vulnerable-factory-and-power-grid-controls-on-internet/

The moving target of IoT security
As the explosive growth of IoT continues, businesses, vendors and consumers all have to confront the issue that the world is more connected than ever before, with potentially gigantic consequences
https://www.networkworld.com/article/3250624/internet-of-things/the-moving-target-of-iot-security.html

Risks to ICS Environments From Spectre and Meltdown Attacks
The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010. Many AMD, ARM and other chipsets are also affected
http://www.securityweek.com/risks-ics-environments-spectre-and-meltdown-attacks

IoT Devices Fuel Complex DDoS Attacks: Report
According to the company’s 13th Annual Worldwide Infrastructure Security Report (WISR), attackers focused on increasing complexity in 2017, and the exploitation of IoT devices helped them achieve this goal. The frequency of attacks has increased as well, following a trend seen for the past several years
http://www.securityweek.com/iot-devices-fuel-complex-ddos-attacks-report

Gemalto Sentinel flaws could lead to ICS attacks
Researchers from Kaspersky Lab Industrial Control System Cyber Emergency Response Team (ICS CERT) said they decided to investigate Gemalto Sentinel USB tokens after penetration tests showed the “solution provides license control for software used by customers and is widely used in ICS and IT systems.”
http://searchsecurity.techtarget.com/news/252433668/Gemalto-Sentinel-flaws-could-lead-to-ICS-attacks

Serious ‘category one’ cyberattack not far off – warns security chief
This week, the head of Britain’s National Cyber Security Centre (NCSC), Ciaran Martin, said something rather alarming in a newspaper interview that generated plenty of headline heat – the UK has never suffered the most serious category one (C1) cyberattack but it is only a matter of time before it does
Serious ‘category one’ cyberattack not far off – warns security chief

Satori Botnet Malware Now Can Infect Even More IoT Devices
Latest version targets systems running ARC processors
https://www.darkreading.com/vulnerabilities—threats/satori-botnet-malware-now-can-infect-even-more-iot-devices/d/d-id/1330875

A silver bullet for the attacker
In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source of ICS security problems

A silver bullet for the attacker

Gemalto Licensing Tool Exposes ICS, Corporate Systems to Attacks
Gemalto Sentinel LDK is a software licensing solution used by many organizations worldwide on both their enterprise and industrial control systems (ICS) networks. In addition to software components, the solution provides hardware-based protection, specifically a SafeNet Sentinel USB dongle that users connect to a PC or server when they want to activate a product
http://www.securityweek.com/gemalto-licensing-tool-exposes-ics-corporate-systems-attacks

Trisis ICS malware was publicly available after attack
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors
http://searchsecurity.techtarget.com/news/252433492/Trisis-ICS-malware-was-publicly-available-after-attack

Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers
https://www.darkreading.com/vulnerabilities—threats/schneider-electric-triton-trisis-attack-used-0-day-flaw-in-its-safety-controller-system-and-a-rat/d/d-id/1330845

Triton Malware Exploited Zero-Day in Schneider Electric Devices
The recently discovered malware known as Triton and Trisis exploited a zero-day vulnerability in Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization
http://www.securityweek.com/triton-malware-exploited-zero-day-schneider-electric-devices

MENACING MALWARE SHOWS THE DANGERS OF INDUSTRIAL SYSTEM SABOTAGE
At the S4 security conference on Thursday, researchers from the industrial control company Schneider Electric, whose equipment Triton targeted, presented deep analysis of the malware—only the third recorded cyberattack against industrial equipment
https://www.wired.com/story/triton-malware-dangers-industrial-system-sabotage/

A NEW WAY TO TRACK DOWN BUGS COULD HELP SAVE IOT
ON A CLEAR day this summer, security researcher Ang Cui boarded a boat headed to a government biosafety facility off the northeastern tip of Long Island. Cui’s security company, Red Balloon, will spend the next year studying how its Internet of Things threat-scanning tool performs on the building control systems of Plum Island Animal Disease Center.
https://www.wired.com/story/a-new-way-to-track-down-bugs-could-help-save-iot/

Now Meltdown patches are making industrial control systems lurch
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.
https://www.theregister.co.uk/2018/01/15/meltdown_ics/

BlackBerry Launches Security Product for Automotive, Other Industries
Modern cars use hundreds of software components, including many provided by third-party vendors across several tiers. While this approach has some advantages, it also increases the chances of vulnerabilities making it into the software somewhere along the supply chain.
http://www.securityweek.com/blackberry-launches-security-product-automotive-other-industries

Vulnerability in ISC BIND leads to DoS, patch today!
The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network

Vulnerability in ISC BIND leads to DoS, patch today!

Researchers Offer a ‘VirusTotal for ICS’
Free online sandbox, honeypot tool simulates a real-world industrial network environment
https://www.darkreading.com/threat-intelligence/researchers-offer-a-virustotal-for-ics/d/d-id/1330833

What the OWASP IoT security project means for device creation
The OWASP IoT security project aims to get developers to incorporate security at the beginning of a device’s life. Expert Ernie Hayden outlines how it is tackling the issue
http://searchsecurity.techtarget.com/tip/What-the-OWASP-IoT-security-project-means-for-device-creation

Now Meltdown patches are making industrial control systems lurch
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains
https://www.theregister.co.uk/2018/01/15/meltdown_ics/

Are mass transit systems the next cybersecurity target?
Host Steve Ragan talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems — and what can be done
https://www.idg.tv/video/83915/are-mass-transit-systems-the-next-cybersecurity-target-salted-hash-ep-14

Internet of Things security issues bleed into 2018
In 2017 Internet of Things (IoT) devices rose to prominence as attackers have continued to target and use them to support various cyberattacks. IoT devices are almost the perfect target for cyberthieves. They sit on internal networks, have their own IP address, and allow communication with other internet connected devices and systems.

Internet of Things security issues bleed into 2018

IoT malware targeting zero-day vulnerabilities
First, they targeted IoT devices with default or weak passwords, and manufacturers and users began changing them. Then they used known vulnerabilities, and IoT vendor increased their efforts to push out patches. Now, some botmasters are making a concentrated effort to find unknown flaws they can exploit.

IoT malware targeting zero-day vulnerabilities

More SCADA app vulnerabilities found
Two years ago, they jointly found 50 weaknesses in the security of 20 mobile apps used by a plethora of SCADA Industrial Control Systems (ICS) sectors covering things like power, water, and manufacturing
More SCADA app vulnerabilities found

Shared Accounts Increasingly Problematic for Critical Infrastructure: ICS-CERT
Assessments conducted last year by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) showed that boundary protection remains the biggest problem in critical infrastructure organizations, but identification and authentication issues have become increasingly common
http://www.securityweek.com/shared-accounts-increasingly-problematic-critical-infrastructure-ics-cert

Serious Flaws Found in Phoenix Contact Industrial Switches
Researchers have discovered potentially serious vulnerabilities in industrial switches made by Phoenix Contact, a Germany-based company that specializes in industrial automation, connectivity and interface solutions
http://www.securityweek.com/serious-flaws-found-phoenix-contact-industrial-switches

Vulnerabilities in Phoenix Contact Industrial Switches Can Allow Hackers to Disrupt Operations
According to advisories published last week by ICS-CERT and its German counterpart CERT@VDE, Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. Ilya Karpov and Evgeniy Druzhinin of Positive Technologies have been credited for reporting the flaws.
http://www.securityweek.com/serious-flaws-found-phoenix-contact-industrial-switches

01-15-18 – News These Past Two Weeks

Smart cars need smart and secure IT/OT Infrastructures
IT can fail. It often does. We restart IT, and life goes on. Hackers can also compromise these same IT systems creating disruptions and causing theft of credentials. All manners of serious consequences result from these compromises.

Smart cars need smart and secure IT/OT Infrastructures

Secure your SDN controller
A software-defined network (SDN) can help by giving network engineers the flexibility to dynamically change the behavior of a network on a node-by-node basis — something not typically available in a traditional network. An SDN uses virtualization to simplify the management of network resources and offers a solution for increased capacity without significantly increasing costs.
https://www.networkworld.com/article/3245173/software-defined-networking/secure-your-sdn-controller.html

Devices Running GoAhead Web Server Prone to Remote Attacks
GoAhead is a small web server employed by numerous companies, including IBM, HP, Oracle, Boeing, D-link, and Motorola, is “deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices,” according to EmbedThis, its developer.
http://www.securityweek.com/devices-running-goahead-web-server-prone-remote-attacks

The Internet of (Secure) Things Checklist
In October 2016, as a botnet strung together by the Mirai malware launched the biggest distributed denial-of-service attack in history, I was, appropriately enough, giving a talk on Internet of Things (IoT) security and privacy at the Grace Hopper Conference
https://www.darkreading.com/endpoint/the-internet-of-(secure)-things-checklist/a/d-id/1330689

Industrial Firms Increasingly Hit With Targeted Attacks
As part of its 2017 IT Security Risks Survey, Kaspersky talked to more than 5,200 representatives of small, medium and large businesses in 29 countries about IT security and the incidents they deal with
http://www.securityweek.com/industrial-firms-increasingly-hit-targeted-attacks-survey

Samsung introduces autonomous driving platform called DRVLINE
The challenge is simply too big and too complex. Through the DRVLINE platform, we’re inviting the best and brightest from the automotive industry to join us, and help shape the future of the car of tomorrow, today
https://www.engadget.com/2018/01/08/samsung-autonomous-driving-platform-drvline-harman-digital-cockpit/

Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC
Thiago Alves from the University of Alabama in Huntsville (UAH) discovered that these controllers are affected by a buffer overflow vulnerability. In 2016, Alves and two other UAH researchers published a paper on using virtual testbeds for industrial control systems (ICS).
http://www.securityweek.com/rockwell-automation-patches-serious-flaw-micrologix-1400-plc

Researchers uncover major security vulnerabilities in ICS mobile applications
According to the researchers, if the mobile application vulnerabilities identified are exploited, an attacker could disrupt an industrial process or compromise industrial network infrastructure, or cause a SCADA operator to unintentionally perform a harmful action on the system. The 34 mobile applications tested were randomly selected from the Google Play Store.

Researchers uncover major security vulnerabilities in ICS mobile applications

Infosec expert viewpoint: Connected car security
A recent Irdeto Global Connected Car Survey found that of the consumers who plan on purchasing a vehicle in the future, 53% are likely to research the car’s ability to protect itself from a cyberattack. The desire to consider cybersecurity when purchasing a car was most prevalent with younger generations aged 25-34, with 62% stating they would conduct this research.

Infosec expert viewpoint: Connected car security

Strong security simplifies compliance for French operators of vital industry
In 2014, France’s National Agency for the Security of Information Systems, or ANSSI, issued two detailed cybersecurity guidance documents for Industrial Control Systems: Cybersecurity for Industrial Control Systems – Classification Method and Key Measures; and Cybersecurity for Industrial Control Systems – Detailed Measures.

Strong security simplifies compliance for French operators of vital industry

ICS Vendors Assessing Impact of Meltdown, Spectre Flaws
Organizations that provide solutions for critical infrastructure sectors, including medical device and industrial control systems (ICS) manufacturers, have started assessing the impact of the recently disclosed Meltdown and Spectre exploits on their products
http://www.securityweek.com/ics-vendors-assessing-impact-meltdown-spectre-flaws

01-02-18 – News Since Last Year

Improved IoT Security Starts with Liability for Companies, Not Just Legislation
I believe that in theory, legislation could help with IoT security. However, laws regulating new technologies are often poorly crafted, and can significantly hamper innovation with little benefit. It is critical that any new laws be written with great deliberation and input from all stakeholders.
http://www.securityweek.com/improved-iot-security-starts-liability-companies-not-just-legislation

How can a vulnerability in Ruggedcom switches be mitigated?
Vulnerabilities in Ruggedcom switches could open the industrial switches and other communication devices up to attacks. Expert Judith Myerson explains how to mitigate the risks
http://searchsecurity.techtarget.com/answer/How-can-a-vulnerability-in-Ruggedcom-switches-be-mitigated

Triton framework used in industrial control attacks
Security researchers discovered new ICS attacks using the Triton framework that may have been nation-state-sponsored and intended to cause real-world damage
http://searchsecurity.techtarget.com/news/450431965/Triton-framework-used-in-industrial-control-attacks

The time to deal with IoT security is now
In most cases, I try to turn a skeptical eye on hyperbole. So when a cybersecurity expert tells me that IoT security is a “ticking time bomb,” my initial reaction is not to worry about an upcoming “security apocalypse.”
https://www.networkworld.com/article/3243685/internet-of-things/the-time-to-deal-with-iot-security-is-now.html

DOJ Arrests Hackers Who Took Over DC Surveillance Cameras
The United States Department of Justice (DOJ) announced that, in coordination with the Romanian National Police and other EU and U.S. law enforcement agencies, it arrested two Romanians who hacked into 123 surveillance cameras belonging to the Metropolitan Police Department (MPD) in Washington DC.
http://www.tomshardware.com/news/doj-hackers-washington-dc-cameras,36198.html

12-18-17 – News This Past Week

Our smart future and the threat of cyber-kinetic attacks
Cyber attacks occur daily around the world. Only when one achieves sufficient scope to grab the attention of the news media – such as the WannaCry ransomware attacks of early 2017 – does the public get a brief glimpse of how widespread vulnerabilities are. Those of us who are actively involved in strengthening cybersecurity see the full scope of the problem every day

Our smart future and the threat of cyber-kinetic attacks

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage
Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected
https://thehackernews.com/2017/12/triton-ics-scada-malware.html

New “Triton” ICS Malware Used in Critical Infrastructure Attack
A new piece of malware designed to target industrial control systems (ICS) has been used in an attack aimed at a critical infrastructure organization, FireEye reported on Thursday. Experts believe the attack was launched by a state-sponsored actor whose goal may have been to cause physical damage.
http://www.securityweek.com/new-ics-malware-triton-used-critical-infrastructure-attack

UNPRECEDENTED MALWARE TARGETS INDUSTRIAL SAFETY SYSTEMS IN THE MIDDLE EAST
Since Stuxnet first targeted and destroyed uranium enrichment centrifuges in Iran last decade, the cybersecurity world has waited for the next step in that digital arms race: Another piece of malicious software designed specifically to enable the damage or destruction of industrial equipment.
https://www.wired.com/story/triton-malware-targets-industrial-safety-systems-in-the-middle-east/

Game-changing attack on critical infrastructure site causes outage
Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems
https://arstechnica.com/information-technology/2017/12/game-changing-attack-on-critical-infrastructure-site-causes-outage/

Whitepaper: Top 20 cyber attacks on ICS
The technique for evaluating the risk of cyber-sabotage of industrial processes are well understood by those skilled in the art. Essentially, such risk assessments evaluate a typically large inventory of possible cyber attacks against the cyber-physical system in question, and render a verdict

Whitepaper: Top 20 cyber attacks on ICS

Xage emerges from stealth with a blockchain-based IoT security solution
The company also announced that Duncan Greatwood has joined the company as CEO. Greatwood is an experienced entrepreneur, who sold Topsy to Apple in 2013 and PostPath to Cisco in 2008. These exits have given him the freedom to pick and choose the projects he wants to work on, and he liked what he saw at Xage from a technology perspective
Xage emerges from stealth with a blockchain-based IoT security solution

Hackers on the Hill – Shmoocon 2018

We’re doing a thing. We got a Congressional staffer to take a bunch of hackers on a tour of the U.S. Capital building before Shmoocon 2018. Kicks off at 8:30am on Friday, January 19, 2018. The group is size limited, so we’re doing pre-reg…no F5 required this time. Join us. You know you want to.

12-11-17 – News This Past Week

Top-selling handgun safe can be remotely opened in seconds—no PIN needed
The Vaultek VT20i handgun safe, ranked fourth in Amazon’s gun safes and cabinets category, allows owners to electronically open the door using a Bluetooth-enabled smartphone app. The remote unlock feature is supposed to work only when someone knows the four- to eight-digit personal identification number used to lock the device. But it turns out that this PIN safeguard can be bypassed using a standard computer and a small amount of programming know-how
https://arstechnica.com/information-technology/2017/12/top-selling-handgun-safe-can-be-remotely-opened-in-seconds-no-pin-needed/

Rockwell Automation Patches Serious Flaw in FactoryTalk Product
FTAE provides a consistent view of alarms and events via a View SE HMI system. The product is used worldwide in sectors such as critical infrastructure, entertainment, automotive, food and beverage, and water and wastewater
http://www.securityweek.com/rockwell-automation-patches-serious-flaw-factorytalk-product

A TINY NEW CHIP COULD SECURE THE NEXT GENERATION OF IOT
“Everything you interact with that you don’t typically think of as a computer has some kind of microcontroller in it, and over the next five to 10 years we believe that those devices will all be replaced by versions of the devices that will be interconnected,” says Galen Hunt, the managing director of Project Sopris. Think blenders, hair dryers, and other unlikely but inevitable connected accessories.
https://www.wired.com/story/project-sopris-iot-security/

IRANIAN HACKERS HAVE BEEN INFILTRATING CRITICAL INFRASTRUCTURE COMPANIES
Given how aggressively Iran has pursued infrastructure hacking, previously targeting the financial sector and even a dam in upstate New York, the new findings serve as a warning, and highlight the evolving nature of the threat
https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/

Serious Flaw Found in Many Siemens Industrial Products
According to Siemens, the list of affected products includes SIMATIC S7-200 Smart micro-PLCs for small automation applications, some SIMATIC S7 CPUs, SIMATIC WinAC RTX software controllers, SIMATIC ET 200 PROFINET interface modules, SIMATIC PN/PN couplers, SIMATIC Compact field units, development kits for PROFINET IO, SIMOTION motion control systems, SINAMICS converters, SINUMERIK CNC automation solutions, SIMOCODE motor management systems, and SIRIUS 3RW motor soft starters
http://www.securityweek.com/serious-flaw-found-many-siemens-industrial-products

Hackers Can Steal Data From Air-Gapped Industrial Networks via PLCs
Researchers have discovered a method that hackers could use to stealthily exfiltrate data from air-gapped industrial networks by manipulating the radio frequency (RF) signal emitted by programmable logic controllers
http://www.securityweek.com/hackers-can-steal-data-air-gapped-industrial-networks-plcs

Nearly 2/3 of Industrial Companies Lack Security Monitoring
While more than half of the 130 decision-makers from industrial organizations in the survey say they work in a facility that has suffered a breach, just 37% of the respondents say their organizations monitor networks for suspicious activity and traffic
https://www.darkreading.com/risk/nearly-2-3-of-industrial-companies-lack-security-monitoring/d/d-id/1330570

Industrial Firms Slow to Adopt Cybersecurity Measures: Honeywell
A survey of 130 strategic decision makers from around the world revealed that more than half of industrial organizations have suffered a cybersecurity incident, including ones involving removable media, denial-of-service (DoS) attacks, malware, hackers breaking into plant IT systems, state-sponsored attacks, and direct attacks on control systems.
http://www.securityweek.com/industrial-firms-slow-adopt-cybersecurity-measures-honeywell

The Year to Come in ICS / Critical Infrastructure Security
Here, I wanted to address some of my thoughts about what the New Year will hold for Industrial Control Systems/Critical Infrastructure cybersecurity. It is “Security Prediction Season” after all and I’d be remiss not to offer my thoughts. Below I’ve outlined a few things I think that will definitely manifest – some are bad, some offer more promise for placing us on a path to combatting an adversarial scourge which is growing in this absolutely critical area
http://www.securityweek.com/year-come-ics-critical-infrastructure-security

Critical Flaw in WAGO PLC Exposes Organizations to Attacks
The flaw, discovered by a researcher at security services and consulting company SEC Consult, impacts Linux-based WAGO PFC200 series PLCs, specifically a total of 17 750-820X models running firmware version 02.07.07 (10). The affected devices are advertised by the vendor as ultra-compact and secure automation systems that can be used for traditional machine control, process technology, and in the offshore sector
http://www.securityweek.com/critical-flaw-wago-plc-exposes-organizations-attacks

The Rising Dangers of Unsecured IoT Technology
While this is perhaps one of the most potentially life-threatening examples of unsecured Internet of Things (IoT) security, it drives home the point that manufacturers are not building these devices with security as a priority. As IoT devices grow in popularity, seemingly endless security- and privacy-related concerns are surfacing
https://www.darkreading.com/mobile/the-rising-dangers-of-unsecured-iot-technology–/a/d-id/1330518

12-04-17 – News This Past Week

Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
An attack on a single IV infusion pump or digital smart pen can be leveraged to a widespread breach that exposes patient records, according to a Spirent SecurityLabs researcher.
https://www.darkreading.com/mobile/hacked-iv-pumps-and-digital-smart-pens-can-lead-to-data-breaches/d/d-id/1330536

Industrial Cybersecurity Startup SCADAfence Secures $10 Million
The Tel Aviv-based company explains that it helps industrial network operators bridge the cybersecurity gap that comes when connecting operational technology (OT) and IT networks to ensure operational continuity and the security of valuable assets
http://www.securityweek.com/industrial-cybersecurity-startup-scadafence-secures-10-million

Siemens Patches Several Flaws in Teleprotection Devices
According to advisories published by both Siemens and ICS-CERT, medium severity vulnerabilities have been found in the EN100 Ethernet module used by SWT 3000 devices running IEC 61850 and TPOP firmware
http://www.securityweek.com/siemens-patches-several-flaws-teleprotection-devices

Robocars Should Be ‘Disconnected,’ Warns Former EFF Chief
Brad Templeton has been a software architect, a former Electronic Frontier Foundation (EFF) chair, an adviser to Google’s self-driving car project, and a Chair for Computing at the Singularity University. He has recently started warning about the cybersecurity issues self-driving cars, or “robocars,” may face if automotive companies don’t start to take security more seriously as they race to bring them to market
http://www.tomshardware.com/news/brad-templeton-robocars-security-plan,36015.html

AWS allows customers to manage and protect IoT devices
AWS IoT 1-Click, AWS IoT Device Management, AWS IoT Device Defender, AWS IoT Analytics, Amazon FreeRTOS, and AWS Greengrass ML Inference make getting started with IoT as easy as one click, enable customers to onboard and manage large fleets of devices, audit and enforce consistent security policies, and analyze IoT device data at scale

AWS allows customers to manage and protect IoT devices

Tenable Delivers Industrial Security
Organizations are continuously leveraging new data and information capabilities to accelerate their business processes and deliver greater value to customers. As a result, industries such as energy, utilities, and manufacturing are becoming increasingly digital and connected
https://www.tenable.com/blog/tenable-delivers-industrial-security

Linux for the Industry 4.0 era: New distro for factory automation
NXP Semiconductors, a world leader in secure connectivity solutions, just announced a Linux distribution that is intended to support factory automation. It’s called Open Industrial Linux (OpenIL), and it’s promising true industrial-grade security based on trusted computing, hardened software, cryptographic operations and end-to-end security
https://www.networkworld.com/article/3238727/linux/linux-for-factory-automation.html

Recently Patched Dnsmasq Flaws Affect Siemens Industrial Devices
Dnsmasq is a lightweight tool designed to provide DNS, DHCP, router advertisement and network boot services for small networks. It can be found in Linux distributions, smartphones, routers, and many Internet of Things (IoT) devices
http://www.securityweek.com/recently-patched-dnsmasq-flaws-affect-siemens-industrial-devices

11-13-17 – News These Past Two Weeks

Curing The Security Sickness in Medical Devices
Just as the rapid development of the Internet of Things (IoT) has transformed traditional industries and service sectors, it is also having a great impact in the world of healthcare. It’s easy to argue, in fact, that no area is being transformed by digital technologies as rapidly or with as many benefits for society as new medical technologies
http://www.securityweek.com/curing-security-sickness-medical-devices

More Industrial Products at Risk of KRACK Attacks
An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.
http://www.securityweek.com/more-industrial-products-risk-krack-attacks

Criminals leverage unsecured IoT devices, DDoS attacks surge
Organizations experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 DDoS attack attempts every day – as hackers strive to take their organisations offline or steal sensitive data, according to Corero Network Security.

Criminals leverage unsecured IoT devices, DDoS attacks surge

Startup Uses 3D Modeling to Make Autonomous Driving Safer
It might come as a surprise that only 4 percent of new car buyers, according to a U.K. survey, place safety as a top priority when considering their purchase
https://blogs.nvidia.com/blog/2017/11/23/safer-autonomous-driving/

‘Treat infosec fails like plane crashes’ – but hopefully with less death and twisted metal
Brian Honan, founder and head of Ireland’s first CSIRT and special adviser on internet security to Europol, argued that failures in cybersecurity should be viewed as an opportunity to learn lessons and prevent them happening again.
https://www.theregister.co.uk/2017/11/24/infosec_disasters_learning_op/

IBM’s Schneier: It’s Time to Regulate IoT to Improve Cyber-Security
In a keynote address at the SecTor security conference, IBM Resilient Systems CTO Bruce Schneier makes a case for more regulatory oversight for software and the internet of things
http://www.eweek.com/security/ibm-s-schneier-it-s-time-to-regulate-iot-to-improve-cyber-security

Forrester predicts what’s next for IoT
As the Internet of Things moves from “experimentation to business scale,” research firm Forrester shares its predictions for 2018. Think specialization and cloud — and big security risks.
https://www.networkworld.com/article/3237268/internet-of-things/forrester-predicts-what-s-next-for-iot.html

Threat Predictions for Industrial Security in 2018
2017 was one of the most intense in terms of incidents affecting the information security of industrial systems. Security researchers discovered and reported hundreds of new vulnerabilities, warned of new threat vectors in ICS and technological processes, provided data on accidental infections of industrial systems and detected targeted attacks
https://securelist.com/ksb-threat-predictions-for-industrial-security-in-2018/83186/

Enterprise Physical Security Drives IoT Adoption
The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras
https://www.darkreading.com/mobile/enterprise-physical-security-drives-iot-adoption/d/d-id/1330425

Infosec expert viewpoint: IoT security initiatives
IoT went quickly from buzzword to mainstream, and connected devices have become common in households and enterprises around the globe. A worrying lack of regulation has fueled a plethora of security problems causing headaches to security teams and endangering end users

Infosec expert viewpoint: IoT security initiatives

Flaw in Siemens RTU Allows Remote Code Execution
Researchers at IT security services and consulting company SEC Consult discovered the flaws in the SICAM RTU SM-2556 COM modules, which can be attached to SICAM 1703 and RTU substation controllers for LAN/WAN communications. The product is used worldwide in the energy and other sectors.
http://www.securityweek.com/flaw-siemens-rtu-allows-remote-code-execution

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says
A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia.
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/