Security News
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings:...
A report published by Deloitte in 2020 - Building cyber security into critical infrastructure: Protecting industrial control systems in Asia Pacific - concluded that critical infrastructure operators in Asia Pacific are being increasingly targeted by cyber espionage and sophisticated attacks which can severely disrupt essential services, including energy and water supplies. APAC cyber security professionals cannot afford to drop their guard for a second, but ICS/OT systems present some unique challenges when it comes to making sure they are safeguarded from unauthorized access, data theft and disruption.
The National Security Agency and CISA have issued guidance on how to secure operational technology and industrial control systems part of U.S. critical infrastructure.The advisory also "Notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems."
CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service condition, among others. CODESYS is a software suite used by automation specialists as a development environment for programmable logic controller applications.
Critical flaws in a popular platform used by industrial control systems that allow for unauthorized device access, remote code execution or denial of service could threaten the security of critical infrastructure. The OAS Platform is widely used in systems in which a range of disparate devices and software need to communicate, which is why it's often found in ICS to connect industrial and IoT devices, SCADA systems, network points, and custom apps and APIs, among other software and hardware.
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed during the contest between April 19 and April 21. "Thanks again to all of the competitors who participated. We couldn't have a contest without them," Trend Micro's Zero Day Initiative said today.
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems and supervisory control and data acquisition devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert.
Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency: Certain APT actors have exhibited the capability to gain full system access to multiple industrial control system/supervisory control and data acquisition devices. These tools may allow attackers to compromise and control Schneider Electric programmable logic controllers, OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture servers.
A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy warns of government-backed hacking groups being able to hijack multiple industrial devices.The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system and supervisory control and data acquisition devices.
Industrial control system vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half of 2021 compared to the previous six months, according to a research released by Claroty. "As more cyber-physical systems become connected, accessibility to these networks from the internet and the cloud requires defenders to have timely, useful vulnerability information to inform risk decisions," said Amir Preminger, VP of research at Claroty.