Security News

More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to Claroty. The report comprises The Claroty Research Team's assessment of 365 ICS vulnerabilities published by the National Vulnerability Database and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team during 1H 2020, affecting 53 vendors.

Over 70% of the industrial control system vulnerabilities disclosed in the first half of 2020 were remotely exploitable through a network attack vector, industrial cybersecurity company Claroty reported on Wednesday. Learn more about ICS vulnerabilities at SecurityWeek's 2020 ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.

The official Call for Presentations (speakers) for SecurityWeek’s 2020 Industrial Control Systems (ICS) Cyber Security Conference, being held October 19 – 22, 2020 in SecurityWeek’s Virtual...

The official Call for Presentations for SecurityWeek's 2020 Industrial Control Systems Cyber Security Conference, being held October 19 - 22, 2020 in SecurityWeek's Virtual Conference Center, has been extended to August 31st. As the premier ICS/SCADA cyber security conference, the event was originally scheduled to take place at the InterContinental Atlanta, but will now take place in a virtual environment due to COVID-19. The 2020 Conference is expected to attract thousands of attendees from around the world, including large critical infrastructure and industrial organizations, military and state and Federal Government.

Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems. While only 11% of the malware found on USB drives was specifically designed to target industrial systems - this represents a slight drop compared to the 14% identified in 2018 - 59% of the detected threats could cause significant disruption to industrial systems, compared to only 26% in 2018.

Recent samples of the Snake ransomware were observed isolating the infected systems to ensure that nothing interferes with the file encryption process, security researchers warn. Initially detailed in January this year, Snake has emerged as a prevalent threat to industrial control systems, due to the targeting of processes specific to these environments.

Industrial control systems can be hacked through barcode scanners, researchers at cybersecurity services company IOActive said on Tuesday. Hackers previously demonstrated that keystrokes can be remotely injected via an industrial barcode scanner into the computer the scanner is connected to, which could result in the computer getting compromised.

Mitsubishi Electric and its subsidiary ICONICS have released patches for the vulnerabilities disclosed earlier this year at the Pwn2Own Miami hacking competition, which focused on industrial control systems. White hat hackers earned a total of $280,000 for the exploits they demonstrated at the Zero Day Initiative's Pwn2Own contest in January, including $80,000 for vulnerabilities found in ICONICS's Genesis64 HMI/SCADA product.

Today, Siemens and industrial AI-firm, SparkCognition, announced a new cybersecurity solution for industrial control system endpoints. According to a joint study conducted by the Ponemon Institute and Siemens that surveyed global energy industry executives, 67% of respondents said industrial control systems are more at risk today from cyberattack than ever before.

Several vulnerabilities found by researchers in B&R Automation's Automation Studio software make it easier for malicious actors to launch attacks inside operational technology networks. "The combination of these two vulnerabilities gives an attacker with access to the victim network the ability to conduct an MITM attack and intervene in the software update process," Preminger explained.