ICS & IoT Security News

21 Jan 2018
Hacker Infects Gas Pumps with Code to Cheat Customers
Russia - Russian Federal Security Service (FSB) arrested hacker Denis Zayev in Stavropol, on charges that he created several software programs designed to swindler gas customers. The software, which was found only on gas stations located predominantly throughout the south of Russia,  manipulates electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tanks. Not only did pumps display false data, but also cash registers and back-end systems, cloaking sales data tied to the sale of a station’s illicit surplus gasoline.
[More: threatpost.com | rosbalt.ru | securityaffairs.co ]

16 Jan 2018
Researchers Offer a 'VirusTotal for ICS'
US - S4x18 CONFERENCE – Miami – A team of researchers plans to release an open source online tool for capturing and vetting industrial control system (ICS) malware samples that operates as a sandbox with honeypot features. David Atch, vice president of research for CyberX, outlined details of the free, Web-based sandbox tool he and his team initially developed for research purposes. "It's like a VirusTotal for ICS," he explains in an interview.
[More: darkreading.com ]

16 Jan 2018
Trisis has mistakenly been released on the open internet
Germany - The source code of Trisis, an ICS malware targeting Schneider Electric's Triconex Safety Systems, has been available for nearly anyone to copy since Dec. 22. Schneider Electric has mistakenly posted a sensitive computer file related to Trisis, Library.zip, for scanning in VirusTotal, three sources familiar with the matter told CyberScoop. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye. The upload to VirusTotal, a public malware repository, provided the remaining puzzle piece needed for someone to reconstruct Trisis from publicly available artifacts. Shortly posting to VirusTotal, Schneider Electric received a request from a third party to take the file down, and promptly complied with that request. See related SITREP 26.
[More: cyberscoop.com | github.com ]

15 Jan 2018
Serious Flaws Found in Phoenix Contact Industrial Switches
Germany - According to advisories published last week by ICS-CERT and its German counterpart CERT@VDE, Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. The security holes affect 3xxx, 4xxx and 48xx series switches running firmware versions 1.0 through 1.32. The vendor addressed the weaknesses in version 1.33, but researchers told SecurityWeek that it took the company roughly 160 days to release patches, which they haven’t been able to verify. According to ICS-CERT, the vulnerabilities are rated as remotely exploitable, and requires low skill level to exploit.
[More: ICSA-18-011-03 | securityweek.com | isssource.com ]

13 Jan 2018
Lenovo Discovers and Removes Backdoor in Networking Switches
China - The Chinese company said it found the backdoor in the firmware of RackSwitch and BladeCenter networking switches, and has released firmware updates earlier this week.
The discovery was made after an internal security audit of firmware for products added to Lenovo's portfolio following the acquisitions of other companies. Lenovo says the backdoor was added in 2004 in RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System) at the request of a customer, when ENOS was maintained by Nortel's Blade Server Switch Business Unit.

[More: bleepingcomputer.com | securityaffairs.co | securityweek.com ]

12 Jan 2018
ICS Vendors Assessing Impact of Meltdown, Spectre Flaws
US - Organizations that provide solutions for critical infrastructure sectors, including medical device and industrial control systems (ICS) manufacturers, have started assessing the impact of the recently disclosed Meltdown and Spectre exploits on their products. Among the major vendors include ABB, Siemens, BD, Schneider Electric, & Rickwell Automation. While not all ICS vendors mentioned it, any patches and mitigations for the Spectre and Meltdown vulnerabilities should be tested before being deployed to critical systems, particularly since some of them may cause devices to become unstable.
[More: securityweek.com ]

12 Jan 2018
Thousands Stranded as Hongkong's MTR Service Disruptions Hit East Rail Line
HK - MTR Corporation saw services on its East Rail Line disrupted twice on Thursday, with the first one due to a problem with the signalling system, leaving thousands of rush-hour passengers stranded. A total of 14 trains were stuck on the tracks in between stations, with many passengers stranded in rail cars. According to the MTR Service Update, the rail line’s train control system malfunctioned and trains could not be regulated.
Hongkong had experienced its worst disruption of 10-hours in Aug'17, which was due to a rare concurrent failure of three computer systems that control the rail signalling apparatus. "It is very rare," MTR engineer Wong Yuen Wood was quoted as saying about the Aug'17 incident. "I can't remember a similar problem in more than 10 years. They tried to reboot the systems, but it didn't work." Normally, train services would not be affected if one computer system failed, as long as either of the other two still worked. See related.

[More: ejinsight.com | hongkongfp.com | scmp.com ]

11 Jan 2018
Researchers Find 147 Vulnerabilities in 34 SCADA Mobile Applications
US - IoActive and Embedi researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems. The top security weaknesses were code tampering flaws which were found in 94 percent of apps, insecure authorization in 59 of apps, reverse engineering affecting 53 percent of apps, insecure data storage which accounted for 47 percent of apps, insecure communication in 38 percent of apps and client code quality in 35 percent of the apps. The vulnerabilities could allow an attacker to compromise industrial network infrastructure by allowing them to disrupt an industrial process or cause a SCADA operator to unintentionally perform a harmful action on the system, according to the whitepaper.

In an unrelated recent development, Siemens has announced the latest release of its cloud-based Internet of Things (IoT) operating system, MindSphere, which will be hosted in AWS. See SITREP28.

[More: scmagazine.com | tad.group |  securityweek.com ]

10 Jan 2018
Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC
US - A firmware update released a few weeks ago by Rockwell Automation for its MicroLogix 1400 programmable logic controllers (PLCs) patches a potentially serious vulnerability. According to Rockwell Automation, several MicroLogix 1400 PLCs running version 21.002 and earlier of the firmware are affected by a buffer overflow vulnerability that can be triggered by sending specially crafted Modbus TCP packets to affected devices. The flaw can be exploited remotely by an unauthenticated attacker.
[More: securityweek.com ]

9 Jan 2018
Wi-Fi Alliance Launches WPA3 Protocol with New Security Features
US - The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things. This is welcome news, given that a Wi-Fi exploit was uncovered late last year which affected all modern Wi-Fi networks using WPA or WPA2 security encryption, letting attackers eavesdrop on traffic between computers and wireless access points. The new WPA3 features will include “robust protection” when passwords are weak, and will also simplify security configurations for devices that have limited or no display interface.
[More: zdnet.com | theverge.com | thehackernews.com ]

 Trainings & Events 

 Featured ICS Solutions [SPONSORED POSTS]  

 REDCONSA Digital Publications 

Latest Research Papers & Technical Instruction for ICS Against NotPetya Wiper Malware on Unpatched Windows Systems

Related Video Demonstrations on Mitigation Procedures

Last Line Of Defense Against NotPetya Wiper On Unpatched Windows Systems (Win 7 & 2008)


Last Line Of Defense Against NotPetya Wiper On Unpatched Windows Systems (Win XP & 2003)

Copyright © 2018 REDCON Security Advisors, All rights reserved.

Our mailing address is:
ADVISORS@REDCONSA.SG