Security News

We don’t want to be critical, but humans alone aren’t enough to protect your ICS
2021-10-20 18:00

We know for sure that ransomware attackers and sundry dark forces want to break into critical infrastructure. Ransomware attacks on industrial environments have increased by 500 per cent since 2018.

What’s missing from most ICS cybersecurity training? The ICS itself…
2021-10-12 06:30

Which is why SANS Institute's ICS Cybersecurity In-depth course gives candidates hands-on, in the room access to a sophisticated ICS setup, designed to simulate a real world SCADA environment, with operators in a "Remote" control centre monitoring and controlling "Field" equipment and "Local" HMI kit. That's why ICS Cybersecurity In-depth is the only one of SANS' 70 plus courses that is only available in person.

Trends in the OT/ICS security space and what’s to come
2021-08-27 05:00

In my previous role, I was an ICS security strategist and managed numerous business functions from Intel ranging from global semiconductor factories for OT, sub-factories for ICS, global BMS, and smart buildings/facilities. Most importantly, I plan to align our business output with our customer demands to defend, protect, and enhance their security posture across ICS. Finally, I am excited to evaluated all strategic partnerships to map out a new business strategy for the next few years that will bring together security requirements, external threats, and market trends to ensure that we are staying ahead of our customer needs and are continually providing them the best service possible.

ICS vulnerabilities disclosed in H1 2021 rose by 41%
2021-08-23 04:30

Industrial control system vulnerability disclosures are drastically increasing as high-profile cyberattacks on critical infrastructure and industrial enterprises have elevated ICS security to a mainstream issue, according to a report released by Claroty. The report shows a 41% increase in ICS vulnerabilities disclosed in the first half of 2021 compared to the previous six months, which is particularly significant given that in all of 2020 they increased by 25% from 2019 and 33% from 2018.

ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping
2021-08-18 17:19

71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty. Industrial cybersecurity company Claroty has released a report on the state of vulnerabilities in industrial control systems in the first half of 2021, and the data reveals several serious issues that should leave any business with an ICS system on high alert.

August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws
2021-08-12 13:10

Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products. Siemens has released 10 new advisories for the August 2021 Patch Tuesday and they cover a total of 32 vulnerabilities.

Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation
2021-08-06 11:32

Industrial cybersecurity firm Dragos has published an analysis of exploits targeting vulnerabilities in industrial control systems and operational technology systems. One possible explanation is that Trend Micro's Zero Day Initiative has acquired many ICS vulnerabilities, and ZDI can prevent researchers from making public their proof-of-concept exploits.

ICS Vendors Address Vulnerabilities Affecting Widely Used Licensing Product
2021-08-04 13:31

Industrial control systems vendors and other organizations have published advisories to address a couple of serious denial of service vulnerabilities affecting a widely used licensing and DRM solution made by Germany-based Wibu-Systems. CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes security features that provide protection against tampering and other attacks.

Leaked Files From Offensive Cyber Unit Show Iran's Interest in Targeting ICS
2021-07-29 14:30

Classified files apparently leaked from a cyber unit of the Iranian government show that Iran is looking to improve its offensive cyber capabilities, including for targeting industrial control systems. British news outlet Sky News managed to obtain five internal reports - all marked "Very confidential" - that seem to originate from the Islamic Revolutionary Guard Corps' Shahid Kaveh, a secret offensive cyber unit.

The ransomware risk management calculus is changing for OT, ICS and critical infrastructure
2021-07-22 14:38

Needless to say, Geyer has a lot to say about the threat ransomware poses to OT, ICS and critical infrastructure. How to prepare for the future of ransomware risk management.