Security News
Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.
Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.
Over a dozen security flaws have been discovered in baseboard management controller firmware from Lanner that could expose operational technology and internet of things networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip, that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control.
Over a dozen security flaws have been discovered in baseboard management controller firmware from Lanner that could expose operational technology and internet of things networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip, that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control.
Not too long ago, there was a clear separation between the operational technology that drives the physical functions of a company - on the factory floor, for example - and the information technology that manages a company's data to enable management and planning. Not so long ago, any data exchange between IT and OT operated via a "Sneaker net." An operator would physically go to a terminal connected to the OT device, offload data covering a recent period, and carry the offloaded data to their workstation, where they then upload it to the organization's IT system.
A report published by Deloitte in 2020 - Building cyber security into critical infrastructure: Protecting industrial control systems in Asia Pacific - concluded that critical infrastructure operators in Asia Pacific are being increasingly targeted by cyber espionage and sophisticated attacks which can severely disrupt essential services, including energy and water supplies. APAC cyber security professionals cannot afford to drop their guard for a second, but ICS/OT systems present some unique challenges when it comes to making sure they are safeguarded from unauthorized access, data theft and disruption.
You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
The National Security Agency and CISA have issued guidance on how to secure operational technology and industrial control systems part of U.S. critical infrastructure.The advisory also "Notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems."
With the Evil PLC attack, the controller acts as a means to an end, permitting the threat actor to breach a workstation, access to all the other PLCs on the network, and even tamper with the controller logic. Put differently, the idea is to "Use the PLC as a pivot point to attack the engineers who program and diagnose it and gain deeper access to the OT network," the researchers said.