#OperationalTechnology – Page 3

Pro-Iran Attackers Access Multiple Water Facility Controllers

December 4, 2023 by Xynik

December 4, 2023 at 01:05PM Iran-linked CyberAv3ngers hacked US infrastructure, compromising logic controllers in multiple states. The FBI-led interagency alert followed a Pennsylvania water authority breach, indicating potential control disruptions in critical utilities. The attackers exploited weak security, with a 10-day undetected access, prompting urgent system evaluations. Meeting Takeaways: 1. **Attack on U.S. Infrastructure by … Read more

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

December 1, 2023 by Xynik

December 1, 2023 at 09:58PM The FBI, CISA, NSA, EPA, and INCD issued a joint advisory about Iranian IRGC-affiliated cyber actors targeting operational technology, specifically Israeli-made Unitronics PLCs used in critical sectors in the US. Since November 2023, these actors have exploited poor security, primarily default passwords, to deface and potentially disrupt systems. Mitigations include … Read more

Locking down Industrial Control Systems

November 30, 2023 by Xynik

November 30, 2023 at 03:53AM Global industrial automation spending hit $172.26 billion in 2022, with expected annual growth of 10.5% through 2030. As ICS deployments surge, security risks follow. SANS offers comprehensive ICS security training and resources to bolster defenses against these emerging threats, as per CISA’s call for collective cyber-defense action. Meeting Takeaways: 1. … Read more

Hackers breach US water facility via exposed Unitronics PLCs

November 29, 2023 by Xynik

November 29, 2023 at 01:13PM CISA alerts of a cyber intrusion at a U.S. water facility via internet-exposed Unitronics PLCs, without harming drinking water. The agency advises replacing default passwords, using MFA, disconnecting PLCs from the internet, using firewalls, backing up systems, changing ports, and updating firmware to bolster security. Key Takeaways from Meeting Notes: … Read more

Weapons Systems Provide Valuable Lessons for ICS/OT Security

October 26, 2023 by Xynik

October 26, 2023 at 10:39AM Insights from the ICS Cybersecurity Conference highlighted the value of applying cybersecurity techniques and penetration testing used in weapons systems to secure industrial control systems (ICS) and operational technology (OT). Vulnerabilities such as poorly secured connectivity and outdated software were identified during penetration testing on weapons systems. Cybersecurity techniques for … Read more