Security News

The U.S. government on Tuesday attributed several past attacks involving industrial control systems to Russian, Chinese and Iranian state-sponsored threat actors. "CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations," the agencies said.

MITRE Engenuity today released results from its first round of independent ATT&CK Evaluations for Industrial Control Systems. The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware.

The innovative ParagonX software platform and methodology delivers actionable insights to help IQ-Analog engineers quickly and easily pinpoint bottlenecks and root causes of IC design challenges caused by layout parasitics. This enables IQ-Analog to more efficiently improve the performance, power efficiency, robustness and reliability of their IC designs in modern FinFET technologies.

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company's products.

Researchers have discovered 10 vulnerabilities - a majority rated critical or high severity - in CODESYS industrial automation software that is used in many industrial control system products. Researchers at Russian cybersecurity company Positive Technologies identified the vulnerabilities in various products made by CODESYS. They initially found the flaws in a programmable logic controller made by WAGO, but further analysis showed that the issues were actually introduced by CODESYS software that is used by more than a dozen manufacturers for their PLCs, including Beckhoff, Kontron, Moeller, Festo, Mitsubishi, HollySys and several Russian firms.

Researchers have identified 10 vulnerabilities in CODESYS automation software for industrial control systems. "The vendor rated some of these vulnerabilities as 10 out of 10, or extremely dangerous. Their exploitation can lead to remote command execution on PLC, which may disrupt technological processes and cause industrial accidents and economic losses," said Vladimir Nazarov, Head of ICS Security at Positive Technologies.

Multiple companies that develop industrial systems are assessing the impact of two new OPC UA vulnerabilities on their products, and German automation technology firm Beckhoff is the first to release a security advisory. NET based OPC UA client/server SDK. The OPC Foundation released a patch in March.

Trend Micro announced an OT-native endpoint security solution, provided as part of its total security solution for smart factories. "The ugly truth of ICS endpoint security is that there has not been any security solution specifically designed for the high-availability needs of modernized equipment in the OT environment," said Akihiko Omikawa, executive vice president of IoT security for Trend Micro and chairman of TXOne Networks.

Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation's FactoryTalk AssetCentre, an ICS-specific backup solution. Rockwell Automation's FactoryTalk AssetCentre is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information across industrial facilities.

Cybersecurity firm Kaspersky observed a drop in ransomware attacks on industrial control system computers in the second half of 2020, but it saw an increase in these types of attacks in developed countries. According to the company's Industrial Control System Threat Landscape report for H2 2020, globally, the percentage of ICS computers targeted with ransomware dropped from 0.63% in the first half of the year to 0.49% in the second half of 2020.