Tag: ICS

Vaporworms: New breed of self-propagating fileless malware to emerge in 2019

WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems.

“Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said Corey Nachreiner, CTO at WatchGuard Technologies.

Read more about the infosec predictions for 2019 on Help Net Security.

USB Drives Deliver Dangerous Malware to Industrial Facilities

Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report by Honeywell. The industrial giant last year launched SMX, a product designed to protect facilities from USB-born threats. The company also uses it to determine the risk posed by USB drives to such organizations.

Honeywell has analyzed data collected from 50 locations across the U.S., South America, Europe and the Middle East. The enterprises in the study represented the energy, oil and gas, chemical manufacturing, pulp and paper, and other sectors. Honeywell said its product had blocked at least one suspicious file in 44% of the analyzed locations. Of the neutralized threats, 26% could have caused major disruptions to industrial control systems (ICS).

Read more about the findings of the Honeywell research on SecurityWeek.

The risk to OT networks is real, and it’s dangerous for business leaders to ignore

Data from the new CyberX CyberX Global ICS & IIoT Risk Report shows major security gaps remain in key areas such as plain-text passwords, direct connections to the internet, and weak anti-virus protections.

Although the prevalence of Windows XP and other legacy Windows systems has decreased year-over-year — driven top-down by management in the aftermath of NotPetya’s financial damage — CyberX is still finding unpatchable Windows systems in slightly more than half of all industrial sites.

Read more about the findings of the CyberX report that is based on data captured over the past 12 months from more than 850 production ICS networks across six continents, on Help Net Security.

ICS Security Plagued with Basic, Avoidable Mistakes

At least 33 percent of the security issues found in industrial control systems (ICS) are rated as being of high or critical risk. FireEye iSIGHT Intelligence compiled data from dozens of ICS security health assessment engagements performed by its Mandiant division, and found that these issues include unpatched vulnerabilities (32 percent); password issues (25 percent); and problems with architecture and network segmentation (11 percent).

In other words, ICS environments riddled with basic security snafus, meaning that the main security risks are eminently avoidable using best practices. However, these organizations have unique challenges that have contributed to their poor security posture.

Read more about the disturbing findings of the new research on Threatpost.

Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape

Industrial control systems (ICS) are increasingly being targeted as attackers take advantage of the Internet to target machines on organizations’ industrial networks.

Kaspersky Lab has published the findings of research investigating the threat landscape for industrial automation systems in the first half of 2018. Researchers pulled data from ICS computers that are part of organizations’ industrial infrastructure. Data shows the percentage of ICS machines hit with cyberattacks is steadily rising, from 36.6% in the first half of 2017, to 37.7% in the second half of 2017, to 41.2% in the first half of 2018.

Read more about the findings of the new research on DarkReading.

ICS Security: What It Is and Why It’s a Challenge for Organizations

Industrial control systems (ICS) security was much simpler before the web. Firewalls and demilitarized zones (DMZs) separating the corporate and plant networks either didn’t exist or weren’t necessary. Organizations were primarily concerned with physically protecting their systems.

For that reason, vendors designed control systems with automation and reliability in mind; all communications technologies were proprietary and lacked compatibility with Ethernet and TCP/IP. But then the Internet came, and with it, the threat of connectivity-enabled attacks that don’t require physical access to plants or their systems.

Read more about ICS Security and learn how organizations can best strengthen their ICS security on Tripwire.

Researchers Release Free TRITON/TRISIS Malware Detection Tools

A team of ICS experts who spent the past year studying and re-creating the so-called TRITON/TRISIS malware that targeted a Schneider Electric safety instrumented system (SIS) at an oil and gas petrochemical plant has developed open source tools for detecting it.

The researchers have demonstrated how the malware works, as well as a simulation of how it could be used to wage a destructive attack. TRITON/TRISIS was discovered in 2017 in a Middle Eastern plant after an apparent failure in the attack shut down its Triconex safety systems.

Read more about how researches have re-created the TRITON/TRISIS attack to better understand this epic hack of an energy plant, on DarkReading.

Industrial cybersecurity: Protecting OT from IT

A powerful technique for protecting OT from IT, or to enforce whatever separation is required to ensure the integrity of industrial control infrastructure, involves controlling the direction of traffic into or out of an ICS enclave.

At first glance, it might seem counterintuitive to restrict bidirectional traffic between OT devices and management systems, but closer inspection reveals that across IT/OT interfaces, almost all data flows are from OT to IT systems, and hardware unidirectional flow assurance provides strong risk reduction for OT.

Read more about how unidirectional gateways can protect ICS devices from malware according to Edward Amoroso, CEO of TAG Cyber, on Help Net Security.

Disruption: The True Cost of an Industrial Cyber Security Incident

Industrial control systems are essential to the smooth operation of various national critical infrastructure. While once segmented from the web, these systems are now becoming increasingly more networked and remotely accessible as organizations transform to meet the digital age. This development potentially exposes industrial control systems to digital threats.

One of the most serious threats confronting industrial control systems today is the Internet of Things (IoT). Organizations and users are becoming more and more dependent on Internet-connected devices, so much so that there’s not enough time to secure them.

Read more about threats against industrial control systems, which should not be underestimated by industrial professionals because the costs of disruption can be significant to the business, on Tripwire.

Visibility: An Essential Component of Industrial Cyber Security

As more and more devices are connected to the process control network, there are more and more risks related to potential impacts from industrial cyber security events, some of which may not even be targeted against industrial control systems (ICS). For instance WannaCry ransomware actually shut down entire plants without that being its primary objective. Is this a risk you can ignore?

An industrial cyber security event is anything that can negatively impact the ability to view, monitor and control the industrial process. Such situations can come from human error, equipment failure, or malicious activity. Industrial cyber security is a never ending journey, for the threat landscape is always changing as technology advances. There are, however, fundamental measures that we need to take.

Read about a number of best practices to mitigate risk for industrial cyber security events on Tripwire.