Security News

The report also revealed a 25% increase in ICS vulnerabilities disclosed compared to 2019, as well as a 33% increase from 1H 2020. During 2H 2020, 449 vulnerabilities affecting ICS products from 59 vendors were disclosed.

The number of vulnerabilities discovered in industrial control system products in 2020 increased significantly compared to previous years, according to a report released on Thursday by industrial cybersecurity firm Claroty. According to Claroty, the number of ICS vulnerabilities disclosed in 2020 was nearly 25% higher compared to 2019 and close to 33% higher than in 2018.

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. A low-level TCP/IP software library, the Treck TCP/IP stack is specifically designed for embedded systems, featuring small critical sections and a small code footprint.

Siemens and Schneider Electric on Tuesday informed customers about the availability of patches and mitigations for several potentially serious vulnerabilities affecting their industrial control system products. The new advisories describe vulnerabilities affecting the company's SICAM, SIMATIC, SIPLUS, LOGO! 8, SENTRON, SIRIUS, and XHQ products.

A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system at a water facility in Israel. "This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser," OTORIO said in a blog post.

A report published on Thursday by industrial cybersecurity firm Dragos reveals that the manufacturing sector has been attacked by five threat groups that have been known to target industrial environments. According to Dragos, the manufacturing sector faces increasing risk of cyberattacks, including attacks whose goal may be to cause disruption to industrial processes and ones aimed at collecting valuable information.

2AI released a preview of the report last year at SecurityWeek's ICS Cyber Security Conference in Atlanta. The organization revealed at the time that some respondents claimed to have experienced ICS security incidents that resulted in injury and even loss of life.

In developing its ICS ATT&CK matrix, MITRE stressed that it is necessary to understand both Enterprise ATT&CK and ICS ATT&CK to accurately track threat actor behaviors across OT incidents. "Over the past 5 to 10 years," Nathan Brubaker, senior manager at Mandiant Threat Intelligence told SecurityWeek, "Every sophisticated ICS attack instance we have observed has passed through these intermediary systems on their way to impacting ICS. This includes malware like Stuxnet, Triton and most others. Ninety to ninety-five percent of threat actor activity occurs on these intermediary systems." So that's the most likely place you're going to find ICS attackers, and the best opportunity to stop them.

Several major industrial control system vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems. The company's researchers showed how an attacker can launch attacks by setting up a malicious website and luring targeted users to it, or by creating their own CodeMeter API and client and sending commands to devices running CodeMeter.

Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Germany-based Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty warned on Tuesday. CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes security features that provide protection against tampering and other attacks.