Security News

Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed during the contest between April 19 and April 21. "Thanks again to all of the competitors who participated. We couldn't have a contest without them," Trend Micro's Zero Day Initiative said today.

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems and supervisory control and data acquisition devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert.

Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency: Certain APT actors have exhibited the capability to gain full system access to multiple industrial control system/supervisory control and data acquisition devices. These tools may allow attackers to compromise and control Schneider Electric programmable logic controllers, OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture servers.

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy warns of government-backed hacking groups being able to hijack multiple industrial devices.The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system and supervisory control and data acquisition devices.

Industrial control system vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half of 2021 compared to the previous six months, according to a research released by Claroty. "As more cyber-physical systems become connected, accessibility to these networks from the internet and the cloud requires defenders to have timely, useful vulnerability information to inform risk decisions," said Amir Preminger, VP of research at Claroty.

61% of survey participants indicate a gap exists in the perception of cybersecurity risk to their ICS facilities between OT/ICS cybersecurity front-line teams and other parts of the organization. Targeting ICS operations using ransomware is a goal of the adversary as targeting ICS operations can lead to higher and quicker payouts.

Dragos released its report on cyber threats facing industrial organizations, naming the emergence of three new threat groups targeting ICS/OT environments, including two that have gained access into the OT systems of industrial organizations. Ransomware became the number-one attack vector among industrial organizations, with manufacturing as the most targeted sector representing 65%, or 211, of the ransomware cases detected at industrial organizations.

Attackers are targeting industrial enterprises with spyware campaigns that hunt for corporate credentials so they can be used both for financial gain and to cannibalize compromised networks to propagate future attacks, researchers have found. Researchers dubbed the attacks "Anomalous" because they veer from typical spyware attacks, Kaspersky's Kirill Kruglov wrote in a report published this week on the SecureList blog.

We know for sure that ransomware attackers and sundry dark forces want to break into critical infrastructure. Ransomware attacks on industrial environments have increased by 500 per cent since 2018.

Which is why SANS Institute's ICS Cybersecurity In-depth course gives candidates hands-on, in the room access to a sophisticated ICS setup, designed to simulate a real world SCADA environment, with operators in a "Remote" control centre monitoring and controlling "Field" equipment and "Local" HMI kit. That's why ICS Cybersecurity In-depth is the only one of SANS' 70 plus courses that is only available in person.