03-13-18 – News This Past Week

Infrastructure security: Don’t just sit there, do something!
Confused by conflicting indications from the control panel, operators made a series of bad decisions which exacerbated the problems. The reactor core, starved of vital coolant, started to overheat. Radioactive material began to vent into the outer protective enclosure.

Infrastructure security: Don’t just sit there, do something!

Smart traffic lights cause jams when fed spoofed data
But no, we can’t have nice things like smooth, smart, algorithmically timed sailing through intersections – at least, not with the current state of traffic technology. A team of five researchers from the University of Michigan have found that the DOT’s I-SIG (Intelligent Traffic Signal System) is way too easy to spoof with bad data.
Smart traffic lights cause jams when fed spoofed data

BlackBerry’s post-phone future includes IoT security
BlackBerry hasn’t been shy about shifting its focus away from hardware and toward technologies you can find inside others’ devices, such as self-driving cars and secure comms. If you need any further proof, though, you just got it: BlackBerry has struck a deal with Swiss electronics maker Punkt to secure an upcoming range of Internet of Things devices.

How can IoT stakeholders mitigate the risk of life-threatening cyberattacks?
With an estimated 20 billion Internet-connected devices set to appear in our homes and offices by the end of the decade, future cyberattacks will dwarf what we’ve seen to date. These connected devices will feed into fundamental infrastructure we rely on every day: transportation, power plants, medical devices, and supply chains, for example. As cyberattacks move from financial and reputation risks into the realm of ‘life and death’ consequences, which IoT stakeholders should we turn to to address this?

How can IoT stakeholders mitigate the risk of life-threatening cyberattacks?

Connected Cars Pose New Security Challenges
Very few objects are as personal to their owners as their cars. But today’s cars have grown beyond a form of self-expression and turned into our personal concierges, navigating the best routes, making our dinner reservations, and potentially reserving parking spots ahead of our arrival. But with all the advantages connected vehicles can bring to our lives, they can also potentially expose us to security risks.

According to a report by Trustwave released last week, 61 percent of companies surveyed who have deployed some level of connected technology have also had to deal with a security incident that they can trace back to an IoT device. On the flip side, only 49 percent of those same businesses surveyed said they have formal patching policies and procedures in place that would help prevent attacks.

IoT Security Disconnect: As Attacks Spike, Device Patching Still Lags

What to understand about health care IoT and its security
As we have seen, the Internet of Things will disrupt and change every industry and how actors within it do business. Along with new paradigms in services and products that one can offer due to the proliferation of IoT, come business risks as well as heightened security concerns – both physical and cyber. In our prior column, we spoke about this topic in the context of the Smart Electric Grid. Today we’re taking a look at how IoT is disrupting the health care market and how we can take steps to secure it.

Backdooring connected cars for covert remote control
We’ve all known for a while now that the security of connected cars leaves a lot to be desired. The latest proof of that sad state of affairs comes from Argentinian security researchers and hackers Sheila Ayelen Berta and Claudio Caracciolo. The pair is set to demonstrate a hardware backdoor for the CAN bus that can be controlled remotely at the upcoming Hack in the Box conference in Amsterdam.

Backdooring connected cars for covert remote control

03-05-18 – News This Past Week

Delta Patches Vulnerabilities in HMI, PLC Products
A researcher who uses the online moniker “Axt” informed Delta via Trend Micro’s Zero Day Initiative (ZDI) and ICS-CERT that its WPLSoft product, a programming software for programmable logic controllers (PLCs), is affected by several types of vulnerabilities.

Keeping on top of ICS-focused hacking groups, defenses
“While only one has demonstrated an apparent capability to impact ICS networks through ICS-specific malware directly, all have engaged in at least reconnaissance and intelligence gathering surrounding the ICS environment,” the company noted in a recently published report.

Keeping on top of ICS-focused hacking groups, defenses

Phillips clinical imaging solution plagued by vulnerabilities
Phillips is developing a software update to mitigate 35 CVE-numbered vulnerabilities in the Philips IntelliSpace Portal (ISP), a clinical imaging visualization and analysis solution that is used by healthcare and public health organizations around the world

Phillips clinical imaging solution plagued by vulnerabilities

Philips Working on Patches for 35 Flaws in Healthcare Product
Philips has informed customers that it’s working on patches for dozens of vulnerabilities affecting the company’s IntelliSpace Portal, a visualization and analysis solution designed for healthcare organizations

What Enterprises Can Learn from Medical Device Security
In today’s cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks

ICS Under Fire in 2017
New Dragos report finds rising number of public vulnerability advisories around ICS with not enough reasonable guidance around how to deal with these flaws

Public Advisories Fail to Convey True Impact of ICS Flaws
Public advisories describing vulnerabilities in industrial control systems (ICS) often fail to convey the true impact of the flaws, according to a report published today by ICS cybersecurity firm Dragos

Five Threat Groups Target Industrial Systems
There are at least five sophisticated threat groups whose activities focus on industrial control systems (ICS), according to a report published on Thursday by industrial cybersecurity firm Dragos

Emerson Patches Severe Flaw in ControlWave Controllers
Automation solutions provider Emerson has patched a potentially serious denial-of-service (DoS) vulnerability in its ControlWave Micro Process Automation Controller product

Siemens Releases BIOS Updates to Patch Intel Chip Flaws
Siemens has released BIOS updates for several of its industrial devices to patch vulnerabilities discovered recently in Intel chips, including Meltdown, Spectre and flaws affecting the company’s Management Engine technology

How to Shield Against IoT Security Threats
While politicians and security experts are constantly warning about the risk of cyber-attacks, they rarely, if ever, mention the risks associated with the Internet of Things (IoT). They should, since there are already plenty of examples of successful IoT security attacks

02-26-18 – News This Past Week

Anatomy of an Attack on the Industrial IoT
We like to think that cyberattacks are focused primarily on stealing credit card numbers and that attackers don’t know much about the control systems that run critical infrastructure. Unfortunately, that’s just wishful thinking. In 2017, we saw an increasing number of threat actors bypass existing network perimeter security controls to perform sophisticated reconnaissance of industrial process control networks

Arm Reveals More Details About Its IoT Platform Security Architecture
When it announced its Platform Security Architecture for IoT devices last year, Arm said that “security can no longer be optional.” Now, shortly after it announced the iSim SoC that’s supposed to connect more devices to the IoT, the company revealed more about the PSA framework

The Rise of ICS Malware: How Industrial Security Threats Are Becoming More Surgical
Last December, a malware variant specifically designed to attack industrial safety systems was discovered. It was apparently used to cause an operational outage at a critical infrastructure facility in The Middle East

During my onstage interview with Dan Geer at S4x18, we discussed what is the best course of action when vulnerabilities are dense (listen beginning at 28:15). I suggested that medical device and software were a great example of dense vulnerabilities, so is the current approach to find and fix vulnerabilities a good approach when a single exploitable bug can take out a hospital for a week


Protecting safety instrumented systems from malware attacks
Trisis malware targets safety instrumented systems and puts industrial control systems at risk. Expert Ernie Hayden reviews what to know about SIS and its security measures

Is the IoT backlash finally here?
After years of worry, the long-anticipated backlash to the changes wrought by the Internet of Things may finally be arriving. That could be a good thing.

Getting Started with IoT Security in Healthcare
It’s estimated that by 2025, more than 30 percent of all Internet of Things (IoT) devices will be dedicated to the realm of healthcare – more than in retail, transportation and the personal security sectors combined. Already today, practitioners are using IoT tech to conduct portable monitoring, enact electronic record keeping initiatives, and to apply drug safeguards – all efforts that are streamlining operations and delivering safer, more comprehensive care to patients

NIST Working on Global IoT Cybersecurity Standards
The Internet of Things (IoT) is here and growing. It has the potential to facilitate or obstruct the further evolution of the Fourth Industrial Revolution; largely depending upon whether it is used or abused. Its abusers will be the same criminal and aggressor state actors that currently abuse information systems

Expected changes in IT/OT convergence and industrial security
Ten years ago, I was brought into the industrial security arena by a top company executive in who was convinced that we needed traditional endpoint protection on smart meters. I had spent fifteen years before that in enterprise security, so it took a while to shape my focus around the nature of the problem of IT/OT convergence and industrial security

Expected changes in IT/OT convergence and industrial security

02-19-18 – News This Past Week

Siemens Leads Launch of Global Cybersecurity Initiative
The so-called Charter of Trust centers around the basic goals of protecting the data of individuals and businesses; preventing harm to critical infrastructure, businesses, and individuals via cyberattacks

US sets up dedicated office for energy infrastructure cybersecurity
The US government is setting up a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the US Department of Energy. The CESER office will focus on energy infrastructure security and enable more coordinated preparedness and response to natural and man-made threats

US sets up dedicated office for energy infrastructure cybersecurity

IBM Releases Spectre, Meltdown Patches for Power Systems
IBM started releasing firmware patches for its POWER processors within a week after the Spectre and Meltdown attack methods were disclosed. Firmware updates were first released for the POWER7+ and POWER8 processors, but customers would have to wait another month for operating system patches

Cryptocurrency Miners Not Uncommon on Industrial Systems
Industrial cybersecurity firm Radiflow reported last week that it had identified a piece of malware designed to mine Monero on a human-machine interface (HMI) system at a wastewater facility in Europe

Exploring a New Reference Architecture for Industrial Control Systems Security
As it relates to threats targeting industrial control systems (ICS) and critical infrastructure networks, it should be completely clear that “the times – they are a changing.” We have entered a new era over the past 6 months – demonstrated by the collateral damage caused by WannaCry and NotPetya, and even more clearly by the deliberate and alarming targeting of the widely used Schneider Electric Triconex safety platform by the Triton malware.

Schneider Electric Patches Several Flaws in IGSS Products
Ivan Sanchez of Nullcode discovered that the IGSS SCADA software is affected by a configuration issue that leads to Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) mitigations not being implemented properly

Rogue IT admin goes off the rails, shuts down Canadian train switches
Christopher Victor Grupe, 46, had a rocky relationship with his employers: in December 2015, he was suspended for 12 days for insubordination and just not making the grade as a sysadmin

Consumers want more IoT regulation
A demand for more regulation may seem counterintuitive in today’s world and yet that’s exactly what consumers who understand IoT technologies want, according to a new study from Market Strategies International.

Consumers want more IoT regulation

The rise of cryptojacking—which co-opts your PC or mobile device to illicitly mine cryptocurrency when you visit an infected site—has fueled mining’s increasing appeal

Surgery affected by ‘distressing’ power outage glitch at Royal Adelaide Hospital
Two operations were disrupted when a software failure left part of the Royal Adelaide Hospital without power for up to 20 minutes yesterday morning

02-12-18 – News This Past Week

Ukraine Power Distro Plans $20 Million Cyber Defense System
After NotPetya and severe blackouts, Ukrenergo responds with an investment in cybersecurity

When crypto-mining malware hits a SCADA network
Stealthy crypto-mining is on track to surpass ransomware as cybercriminals’ most favorite money-making option, and companies with computers and servers that run all day and night long are the preferred targets

When crypto-mining malware hits a SCADA network

Water Utility Infected by Cryptocurrency Mining Software
A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I’ve seen it infect SCADA systems, though

Tips for securing IoT on your network
As internet of things devices proliferate, it’s more important to discover how many and what kind are on your network and figure out how to make them secure. Here’s how

Tennessee Hospital Hit With Cryptocurrency Mining Malware
Decatur County General Hospital (DCGH) in Parsons, Tennessee, recently discovered cryptocurrency mining malware on its its Electronic Medical Record (EMR) server. The hospital began informing 24,000 patients of the attack on January 26

02-06-18 – News This Past Month

Verizon Boards the NB-IoT Train
Unlike consumer LTE, NB-IoT offers an efficient option for hooking up smart sensors and other machine-to-machine applications because it uses very little power for its 200 Kbit/s connections and very little spectrum, which gives devices a battery life that can be measured in years.

DT, Nokia Put 5G to the Industrial Test
Deutsche Telekom AG (NYSE: DT) and Nokia Corp. (NYSE: NOK) are to embark on the joint testing of 5G technology in the Port of Hamburg, carrying out various trials of 5G functionality — such as so-called “network slicing” — within an industrial context. Applications of the technology within the 8,000-hectare port area will include traffic lights management, data processing from mobile sensors and virtual reality. To facilitate the test program, an antenna has already been installed on the Hamburg TV tower, at a height of more than 150 meters.

Does The U.S. Need a National Cybersecurity Safety Board?
It is time, suggest two academics from Indiana University-Bloomington, for Congress to establish a National Cybersecurity Safety Board (NCSB) as an analogue of the National Transportation Safety Board (NTSB), to improve the level of cybersecurity in the U.S.

Number of Internet-accessible ICS components is increasing every year
The number of industrial control system (ICS) components – which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. In Germany, for example, researchers from Positive Technologies found 13,242 IP addresses for ICS components, up from 12,542 in 2016.

Number of Internet-accessible ICS components is increasing every year

Critical Infrastructure More Vulnerable Than Ever Before
The PT research team also noted that more and more Internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented 12.86% of detected components in 2017, up from 5.06% in 2016.

Increasing Number of Industrial Systems Accessible From Web
The number of industrial control systems (ICS) accessible from the Internet has increased significantly in the past year, reaching more than 175,000 components, according to a new report from Positive Technologies

Hospital MRI and CT scanners at risk of cyberattack
Last year’s WannaCry attack had many disruptive effects across the world but the one that sticks in the minds of many security experts is the damage it did to the UK’s National Health Service (NHS).
Hospital MRI and CT scanners at risk of cyberattack

Siemens Patches Flaws in Plant Management Product
Siemens has informed customers that a component of its TeleControl Basic product is affected by several vulnerabilities that can be exploited by an attacker to escalate privileges, bypass authentication, and launch denial-of-service (DoS) attacks

IoT Botnets by the Numbers
Even before Mirai burst onto the scene a year-and-a-half ago, security experts had been warning anyone who listened about how juicy Internet of things (IoT) devices were looking to criminal botnet herders. Proliferating faster than black t-shirts at a security conference, IoT sensors have spread throughout our personal and business lives inside cameras, automobiles, TVs, refrigerators, wearable technology, and more

Forget cyber crims, it’s time to start worrying about GPS jammers – UK.gov report
The UK must reduce the dependency of its critical infrastructure and emergency services on GPS technology to mitigate against the potentially disastrous impact of signal jamming, a government report has warned.

An Infrastructure Plan in the 21st Century Needs to Address Cybersecurity
U.S. President Trump is expected to discuss his long-awaited infrastructure plan in tonight’s State of the Union address, but we should not expect full details for a few more weeks. The focus on upgrading our roads, bridges, tunnels and other physical infrastructure is welcome. But we need to do more than address these weak brick-and-mortar foundations.

UK Warns Critical Industries to Boost Cyber Defense or Face Hefty Fines
NISD is designed to ensure the security of network systems not already covered by the GDPR — but its primary purpose is to ensure the security of the industries that comprise the critical infrastructure (such as power and water, healthcare and transport). These companies, or covered entities, are defined within the directive as ‘operators of essential services’ (OES), and ‘digital service providers’ (DSPs).

Parrot 3.11 Security OS Brings New “Car Hacking” Menu
Coming one and a half months after Parrot Security OS 3.10, the Parrot Security OS 3.11 release sports a new “Car Hacking” menu that contains a great collection of open-source tools designed for testing real-world cars against hacks, as well as to simulate Controller Area Network (CAN bus) networks.

What do you press when flaws in Bluetooth panic buttons are exposed?
Wearsafe’s button was vulnerable to denial-of-service attacks. If flooded with connection requests, a hacker could lock the user out of the device until the battery is removed and reinserted. The device also continually broadcasts its Bluetooth radio, meaning it can be tracked

A series of new IoT botnets plague connected devices
The first of the IoT botnets causing trouble was discovered by security researchers at Bitdefender and is called Hide ‘N Seek, or HNS. HNS was first noticed on January 10, “faded away” for a few days and then reemerged on January 20 in a slightly different form, according to Bitdefender senior e-threat analyst Bogdan Botezatu

Researchers warn of invisible attacks on electrical sensors
To simplify, transducers are electronic components that turn analogue signals such as radio, sound or light waves, or the physical movement of something like a gyroscope, into an electrical signal that can be digitised by a computer
Researchers warn of invisible attacks on electrical sensors

An Internet of Things ‘crime harvest’ is coming unless security problems are fixed
“All new technologies, all changes in the way that society is ordered — particularly if it is technology — always has a crime harvest. So, when cars were invented, people started drink-driving and stealing cars and it’s exactly the same with the Internet of Things,” said chief constable Michael Barton, head of the Durham Constabulary.

Industrial Safety Systems in the Bullseye
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say

Vulnerable industrial controls directly connected to Internet? Why not?
Yesterday, Siemens issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers (PLCs)—industrial control systems used to remotely monitor and operate manufacturing equipment. The alert, originally issued in December of 2016, was updated on Wednesday to include another version of the S7-400 line

The moving target of IoT security
As the explosive growth of IoT continues, businesses, vendors and consumers all have to confront the issue that the world is more connected than ever before, with potentially gigantic consequences

Risks to ICS Environments From Spectre and Meltdown Attacks
The recently disclosed Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices have made headlines recently. The list of at risk equipment includes workstations, servers, phones, tablets, as well as Microsoft Windows, Linux, Android, Google ChromeOS, Apple macOS on most Intel chips manufactured after 2010. Many AMD, ARM and other chipsets are also affected

IoT Devices Fuel Complex DDoS Attacks: Report
According to the company’s 13th Annual Worldwide Infrastructure Security Report (WISR), attackers focused on increasing complexity in 2017, and the exploitation of IoT devices helped them achieve this goal. The frequency of attacks has increased as well, following a trend seen for the past several years

Gemalto Sentinel flaws could lead to ICS attacks
Researchers from Kaspersky Lab Industrial Control System Cyber Emergency Response Team (ICS CERT) said they decided to investigate Gemalto Sentinel USB tokens after penetration tests showed the “solution provides license control for software used by customers and is widely used in ICS and IT systems.”

Serious ‘category one’ cyberattack not far off – warns security chief
This week, the head of Britain’s National Cyber Security Centre (NCSC), Ciaran Martin, said something rather alarming in a newspaper interview that generated plenty of headline heat – the UK has never suffered the most serious category one (C1) cyberattack but it is only a matter of time before it does
Serious ‘category one’ cyberattack not far off – warns security chief

Satori Botnet Malware Now Can Infect Even More IoT Devices
Latest version targets systems running ARC processors

A silver bullet for the attacker
In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source of ICS security problems

A silver bullet for the attacker

Gemalto Licensing Tool Exposes ICS, Corporate Systems to Attacks
Gemalto Sentinel LDK is a software licensing solution used by many organizations worldwide on both their enterprise and industrial control systems (ICS) networks. In addition to software components, the solution provides hardware-based protection, specifically a SafeNet Sentinel USB dongle that users connect to a PC or server when they want to activate a product

Trisis ICS malware was publicly available after attack
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors

Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers

Triton Malware Exploited Zero-Day in Schneider Electric Devices
The recently discovered malware known as Triton and Trisis exploited a zero-day vulnerability in Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization

At the S4 security conference on Thursday, researchers from the industrial control company Schneider Electric, whose equipment Triton targeted, presented deep analysis of the malware—only the third recorded cyberattack against industrial equipment

ON A CLEAR day this summer, security researcher Ang Cui boarded a boat headed to a government biosafety facility off the northeastern tip of Long Island. Cui’s security company, Red Balloon, will spend the next year studying how its Internet of Things threat-scanning tool performs on the building control systems of Plum Island Animal Disease Center.

Now Meltdown patches are making industrial control systems lurch
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.

BlackBerry Launches Security Product for Automotive, Other Industries
Modern cars use hundreds of software components, including many provided by third-party vendors across several tiers. While this approach has some advantages, it also increases the chances of vulnerabilities making it into the software somewhere along the supply chain.

Vulnerability in ISC BIND leads to DoS, patch today!
The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network

Vulnerability in ISC BIND leads to DoS, patch today!

Researchers Offer a ‘VirusTotal for ICS’
Free online sandbox, honeypot tool simulates a real-world industrial network environment

What the OWASP IoT security project means for device creation
The OWASP IoT security project aims to get developers to incorporate security at the beginning of a device’s life. Expert Ernie Hayden outlines how it is tackling the issue

Now Meltdown patches are making industrial control systems lurch
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains

Are mass transit systems the next cybersecurity target?
Host Steve Ragan talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems — and what can be done

Internet of Things security issues bleed into 2018
In 2017 Internet of Things (IoT) devices rose to prominence as attackers have continued to target and use them to support various cyberattacks. IoT devices are almost the perfect target for cyberthieves. They sit on internal networks, have their own IP address, and allow communication with other internet connected devices and systems.

Internet of Things security issues bleed into 2018

IoT malware targeting zero-day vulnerabilities
First, they targeted IoT devices with default or weak passwords, and manufacturers and users began changing them. Then they used known vulnerabilities, and IoT vendor increased their efforts to push out patches. Now, some botmasters are making a concentrated effort to find unknown flaws they can exploit.

IoT malware targeting zero-day vulnerabilities

More SCADA app vulnerabilities found
Two years ago, they jointly found 50 weaknesses in the security of 20 mobile apps used by a plethora of SCADA Industrial Control Systems (ICS) sectors covering things like power, water, and manufacturing
More SCADA app vulnerabilities found

Shared Accounts Increasingly Problematic for Critical Infrastructure: ICS-CERT
Assessments conducted last year by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) showed that boundary protection remains the biggest problem in critical infrastructure organizations, but identification and authentication issues have become increasingly common

Serious Flaws Found in Phoenix Contact Industrial Switches
Researchers have discovered potentially serious vulnerabilities in industrial switches made by Phoenix Contact, a Germany-based company that specializes in industrial automation, connectivity and interface solutions

Vulnerabilities in Phoenix Contact Industrial Switches Can Allow Hackers to Disrupt Operations
According to advisories published last week by ICS-CERT and its German counterpart CERT@VDE, Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. Ilya Karpov and Evgeniy Druzhinin of Positive Technologies have been credited for reporting the flaws.

01-15-18 – News These Past Two Weeks

Smart cars need smart and secure IT/OT Infrastructures
IT can fail. It often does. We restart IT, and life goes on. Hackers can also compromise these same IT systems creating disruptions and causing theft of credentials. All manners of serious consequences result from these compromises.

Smart cars need smart and secure IT/OT Infrastructures

Secure your SDN controller
A software-defined network (SDN) can help by giving network engineers the flexibility to dynamically change the behavior of a network on a node-by-node basis — something not typically available in a traditional network. An SDN uses virtualization to simplify the management of network resources and offers a solution for increased capacity without significantly increasing costs.

Devices Running GoAhead Web Server Prone to Remote Attacks
GoAhead is a small web server employed by numerous companies, including IBM, HP, Oracle, Boeing, D-link, and Motorola, is “deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices,” according to EmbedThis, its developer.

The Internet of (Secure) Things Checklist
In October 2016, as a botnet strung together by the Mirai malware launched the biggest distributed denial-of-service attack in history, I was, appropriately enough, giving a talk on Internet of Things (IoT) security and privacy at the Grace Hopper Conference

Industrial Firms Increasingly Hit With Targeted Attacks
As part of its 2017 IT Security Risks Survey, Kaspersky talked to more than 5,200 representatives of small, medium and large businesses in 29 countries about IT security and the incidents they deal with

Samsung introduces autonomous driving platform called DRVLINE
The challenge is simply too big and too complex. Through the DRVLINE platform, we’re inviting the best and brightest from the automotive industry to join us, and help shape the future of the car of tomorrow, today

Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC
Thiago Alves from the University of Alabama in Huntsville (UAH) discovered that these controllers are affected by a buffer overflow vulnerability. In 2016, Alves and two other UAH researchers published a paper on using virtual testbeds for industrial control systems (ICS).

Researchers uncover major security vulnerabilities in ICS mobile applications
According to the researchers, if the mobile application vulnerabilities identified are exploited, an attacker could disrupt an industrial process or compromise industrial network infrastructure, or cause a SCADA operator to unintentionally perform a harmful action on the system. The 34 mobile applications tested were randomly selected from the Google Play Store.

Researchers uncover major security vulnerabilities in ICS mobile applications

Infosec expert viewpoint: Connected car security
A recent Irdeto Global Connected Car Survey found that of the consumers who plan on purchasing a vehicle in the future, 53% are likely to research the car’s ability to protect itself from a cyberattack. The desire to consider cybersecurity when purchasing a car was most prevalent with younger generations aged 25-34, with 62% stating they would conduct this research.

Infosec expert viewpoint: Connected car security

Strong security simplifies compliance for French operators of vital industry
In 2014, France’s National Agency for the Security of Information Systems, or ANSSI, issued two detailed cybersecurity guidance documents for Industrial Control Systems: Cybersecurity for Industrial Control Systems – Classification Method and Key Measures; and Cybersecurity for Industrial Control Systems – Detailed Measures.

Strong security simplifies compliance for French operators of vital industry

ICS Vendors Assessing Impact of Meltdown, Spectre Flaws
Organizations that provide solutions for critical infrastructure sectors, including medical device and industrial control systems (ICS) manufacturers, have started assessing the impact of the recently disclosed Meltdown and Spectre exploits on their products

01-02-18 – News Since Last Year

Improved IoT Security Starts with Liability for Companies, Not Just Legislation
I believe that in theory, legislation could help with IoT security. However, laws regulating new technologies are often poorly crafted, and can significantly hamper innovation with little benefit. It is critical that any new laws be written with great deliberation and input from all stakeholders.

How can a vulnerability in Ruggedcom switches be mitigated?
Vulnerabilities in Ruggedcom switches could open the industrial switches and other communication devices up to attacks. Expert Judith Myerson explains how to mitigate the risks

Triton framework used in industrial control attacks
Security researchers discovered new ICS attacks using the Triton framework that may have been nation-state-sponsored and intended to cause real-world damage

The time to deal with IoT security is now
In most cases, I try to turn a skeptical eye on hyperbole. So when a cybersecurity expert tells me that IoT security is a “ticking time bomb,” my initial reaction is not to worry about an upcoming “security apocalypse.”

DOJ Arrests Hackers Who Took Over DC Surveillance Cameras
The United States Department of Justice (DOJ) announced that, in coordination with the Romanian National Police and other EU and U.S. law enforcement agencies, it arrested two Romanians who hacked into 123 surveillance cameras belonging to the Metropolitan Police Department (MPD) in Washington DC.

12-18-17 – News This Past Week

Our smart future and the threat of cyber-kinetic attacks
Cyber attacks occur daily around the world. Only when one achieves sufficient scope to grab the attention of the news media – such as the WannaCry ransomware attacks of early 2017 – does the public get a brief glimpse of how widespread vulnerabilities are. Those of us who are actively involved in strengthening cybersecurity see the full scope of the problem every day

Our smart future and the threat of cyber-kinetic attacks

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage
Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected

New “Triton” ICS Malware Used in Critical Infrastructure Attack
A new piece of malware designed to target industrial control systems (ICS) has been used in an attack aimed at a critical infrastructure organization, FireEye reported on Thursday. Experts believe the attack was launched by a state-sponsored actor whose goal may have been to cause physical damage.

Since Stuxnet first targeted and destroyed uranium enrichment centrifuges in Iran last decade, the cybersecurity world has waited for the next step in that digital arms race: Another piece of malicious software designed specifically to enable the damage or destruction of industrial equipment.

Game-changing attack on critical infrastructure site causes outage
Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems

Whitepaper: Top 20 cyber attacks on ICS
The technique for evaluating the risk of cyber-sabotage of industrial processes are well understood by those skilled in the art. Essentially, such risk assessments evaluate a typically large inventory of possible cyber attacks against the cyber-physical system in question, and render a verdict

Whitepaper: Top 20 cyber attacks on ICS

Xage emerges from stealth with a blockchain-based IoT security solution
The company also announced that Duncan Greatwood has joined the company as CEO. Greatwood is an experienced entrepreneur, who sold Topsy to Apple in 2013 and PostPath to Cisco in 2008. These exits have given him the freedom to pick and choose the projects he wants to work on, and he liked what he saw at Xage from a technology perspective
Xage emerges from stealth with a blockchain-based IoT security solution

Hackers on the Hill – Shmoocon 2018

We’re doing a thing. We got a Congressional staffer to take a bunch of hackers on a tour of the U.S. Capital building before Shmoocon 2018. Kicks off at 8:30am on Friday, January 19, 2018. The group is size limited, so we’re doing pre-reg…no F5 required this time. Join us. You know you want to.