Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

December 13, 2024 at 07:33AM Iran-affiliated hackers have developed IOCONTROL, a custom malware targeting IoT and operational technology systems in Israel and the U.S. It can compromise various devices like cameras and PLCs, enabling attackers to shut down services and steal data. The malware functions via MQTT and employs advanced evasion tactics. **Meeting Takeaways – … Read more

New IOCONTROL malware used in critical infrastructure attacks

December 12, 2024 at 03:48PM Iranian threat actors are deploying a new malware, IOCONTROL, to attack IoT devices and critical infrastructure systems in Israel and the U.S. It targets various devices, including routers and fuel management systems, potentially causing disruptions. Linked to the CyberAv3ngers group, it is difficult to detect with current antivirus tools. ### … Read more

ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks

November 21, 2024 at 08:37AM Censys reports over 145,000 internet-exposed industrial control systems (ICS) across 175 countries, with 38% in North America. The U.S. has 48,000 such systems. Many are vulnerable human-machine interfaces, particularly in water and agriculture sectors. Additionally, a Kaspersky survey reveals 90% of UK industrial firms faced cyberattacks, highlighting significant security concerns. … Read more

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

November 21, 2024 at 06:11AM New research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) in 175 countries, with the U.S. having the highest exposure. Key protocols used are outdated, increasing vulnerability. Cyber attacks targeting ICS are rare but rising, necessitating enhanced security measures. The analysis underscores the importance of monitoring and securing critical infrastructure. … Read more

Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems

November 6, 2024 at 08:06AM The SANS 2024 report reveals a rise in attacks on industrial control systems, with 74.4% of incidents being non-ransomware related. Key attack vectors include remote services and supply chain compromises. While ransomware incidents are relatively low (12%), their impact on ICS/OT environments remains severe, affecting reliability and safety. **Meeting Takeaways: … Read more

Critical Auth Bugs Expose Smart Factory Gear to Cyberattack

November 1, 2024 at 01:20PM CISA warns of critical security vulnerabilities in Mitsubishi Electric and Rockwell Automation factory automation software, allowing remote code execution, authentication bypass, and denial-of-service. Two severe bugs (CVE-2023-6943, CVE-2024-10386) have high CVSS scores of 9.8. Manufacturers should apply mitigations promptly due to increased cyber threats from nation-state actors. ### Meeting Takeaways … Read more

Kansas Water Plant Pivots to Analog After Cyber Event

September 24, 2024 at 04:58PM A small city in Kansas experienced a “cybersecurity incident” at its water treatment facility on Sept. 22. Despite precautionary measures and enhanced security, the facility moved to fully manual operations. The incident prompted concerns about the cybersecurity posture, especially in modern facilities. The exact nature of cybersecurity at the new … Read more

Remote Access Sprawl Strains Industrial OT Network Security

September 11, 2024 at 10:04AM The exploding demand for remote access has created a vulnerable attack surface for industrial control systems, with many using multiple inadequate remote access tools. Critical infrastructure sectors are at risk, and cyberattackers have already exploited such tools in high-profile breaches. The report emphasizes the need for better management, security standards, … Read more

ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA

September 11, 2024 at 05:15AM The September 2024 Patch Tuesday saw security advisories from Siemens, Schneider Electric, and ABB, addressing critical vulnerabilities in their products, including authentication bypass, remote code execution, and privilege escalation issues. CISA also issued advisories for various ICS vulnerabilities, emphasizing the importance of implementing available mitigations and workarounds. Based on the … Read more

CISA Flags ICS Bugs in Baxter, Mitsubishi Products

September 6, 2024 at 04:11PM CISA warned about vulnerabilities in healthcare and manufacturing industries’ industrial control systems. Baxter’s Connex Health Portal had severe vulnerabilities, including unauthorized access and SQL injection, and Mitsubishi Electric’s MELSEC had denial-of-service vulnerabilities. CISA advised organizations to update their systems and minimize network exposure due to the increasing cyber threats facing … Read more