Security News

Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates.

Our conversation will explore the importance of cross-departmental collaboration, balancing security with system functionality, and the dynamic nature of security measures that evolve with emerging threats. Can you shed some light on the best starting point for crafting a solid ICS security roadmap?

Escalating threats to operational technology have prompted an increasing number of global enterprises to adopt sophisticated technologies and services to enhance the security of their assets. In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint Security, discusses securing the control systems environment, as well as creating a cybersecurity roadmap.

"Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents," said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.

"Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents," said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.

Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. "The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 devices, such as remote terminal units, that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company said.

Sponsored Post Some of the most famous cyber attacks in history have been directed against Industrial Control Systems. They include the 2009 Stuxnet incident, which saw hackers gain access to an Iranian nuclear plant when its SCADA system was compromised, and Triton, which distributed malware that enabled intruders to remotely take over the Triconex controllers and software associated with the safety systems of a Saudi petrochemical plant in 2017.

The U.S. Cybersecurity and Infrastructure Security Agency has published eight Industrial Control Systems advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is CVE-2022-3682, impacting Hitachi Energy's MicroSCADA System Data Manager SDM600 that could allow an attacker to take remote control of the product.

CryPLH is a low-interactive and virtual Smart-Grid ICS honeypot simulating Siemens Simatic 300 PLC devices. With the development of cybersecurity technology, deception has been applied in various circumstances like the web, databases, mobile apps, and IoT. Deception technology has been embodied in some ICS honeypot applications in the OT field.

SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings:...