ICS & IoT Security News

20 Feb 2018
Palo Alto Releases Industrial Firewall
US - Palo Alto Networks announced the introduction of its ruggedized PA-220R next-generation firewall. This new NGFW appliance is designed to prevent successful cyberattacks in the network environments of industrial control systems, or ICS, and supervisory control and data acquisition, or SCADA, systems. Palo Alto Networks said the product works with various industrial applications and protocols, including OSIsoft PI, Siemens S7, Modbus, DNP3, and IEC 60870-5-104. 

[More: prnewswire.com | paloaltonetworks.com | securityweek.com ]

16 Feb 2018
Siemens Leads Launch of Global Cybersecurity Initiative
Germany - ICS/SCADA giant Siemens, along with IBM, Airbus, Allianz, Daimler, NXP, SGS, T-Mobile, and the Munich Security Conference, today outlined a new global effort aimed at making cybersecurity a default major component and philosophy for businesses and governments in order to protect critical infrastructure, businesses, and individuals worldwide.

[More: darkreading.com | siemens.com ]

15 Feb 2018
Russian Military Blamed for NotPetya Cyber Attack
UK - Both the UK & US governments have officially claimed Russian military intelligence was responsible for the NotPetya attack last June, which took down IT systems in Ukraine before spreading to 64 other countries, including the UK. Moscow denies being behind the attack, calling such claims "Russophobic". One of the most affected victim is shipping giant Maersk, which miraculously managed to reinstall 50,000 computers under 10 days (See Sitrep 33

[More: bbc.com | independent.co.uk | reuters.com ]

14 Feb 2018
NIST Working on Global IoT Cybersecurity Standards
US - The National Institute of Standards and Technology (NIST) Interagency International Cybersecurity Standardization Working Group (IICS WG) released a major draft Report laying out its view of the IoT landscape and attempting to capture domestic and international efforts to create standards. NIST has now published the draft NISTIR document and is seeking feedback, especially on the information about the state of cybersecurity standardization for IoT by April 18.

[More: wileyconnect.com | csrc.nist.gov | nist.gov ]

13 Feb 2018
DoubleDoor: IoT Botnet Bypasses Firewall & Modem Security with Two Backdoors
US - A newly discovered Internet of Things (IoT) botnet is using two exploits to ensure it can not only bypass authentication on targeted devices, but also render additional protections useless, NewSky Security has discovered. The first malicious code uses a Juniper Networks SmartScreen OS exploit, and the second uses a Zyxel modem backdoor exploit to take full control over the IoT device.

[More: blog.newskysecurity.com | helpnetsecurity.com | securityaffairs.co ]

9 Feb 2018
Russian Nuclear Scientists Arrested for 'Bitcoin Mining Plot'
Russia - Russian security officers have arrested several scientists working at a top-secret Russian nuclear warhead facility for allegedly mining crypto-currencies. The suspects had tried to use one of Russia's most powerful supercomputers to mine Bitcoins, media reports say. The supercomputer was not supposed to be connected to the internet - to prevent intrusion - and once the scientists attempted to do so, the nuclear centre's security department was alerted. They were handed over to the Federal Security Service (FSB), the Russian news service Mash says. It appears that this is the 2nd revelation of ICS systems being exploited by insiders for mining crypto-currencies, after a similar occurrence in Europe (SITREP 34)

[More: bbc.com | thehackernews.com | theverge.com ]

8 Feb 2018
Cisco Aware of Attacks Exploiting Critical Firewall Flaw
US - Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. The flaw affects almost all products running ASA software. Cisco had first notified customers about the availability of fixes on January 29 (SITREP32) , which initially said the security hole was related to the webvpn feature. It later discovered that more than a dozen other features were impacted as well. The company released new patches this week after identifying new attack vectors and determining that the original fix had been incomplete.

[More: securityweek.com | bleepingcomputer.com | tools.cisco.com | nvd.nist.gov (CVE-2018-0101) ]

7 Feb 2018
European Sewage Plant Hit by Cryptocurrency Mining Malware
Europe - The attack is the first public discovery of an unauthorized cryptocurrency miner impacting industrial controls systems (ICS) or SCADA (supervisory control and data acquisition) servers. Security firm Radiflow which made the discovery, has been able to determine that the cryptocurrency mining software was on the water utility's network for approximately three weeks before it was detected. The malware was probably installed after someone used a browser on a server to visit a website they shouldn't have. The servers were running Windows XP and CIMPLICITY SCADA software from GE Digital.  The malware decreases response times of the HMI in monitoring time-sensitive changes on an ICS network.

[More: eweek.com | securityweek.com | theregister.co.uk ]

6 Feb 2018
Windows 10 Ransomware Protection Bypassed
Spain - The Controlled Folder Access (CFA) in Windows 10—which Microsoft promoted as a reliable anti-ransomware measure under the Windows Defender Exploit Guard in October 2017, can be easily bypassed with the use of 'boobytrapped' Office files, according to work from security researcher based in Spain. According to the researcher, a ransomware developer could easily bypass Microsoft CFA anti-ransomware feature by adding simple scripts that bypass CFA via OLE objects inside Office files, which are automatically whitelisted. Microsoft was informed about the findings and that the company confirmed that they would resolve the issue “through an improvement to the Controlled Folder Access functionality.” However, it appears that the tech giant doesn’t see the bug as a security vulnerability, “because Defender Exploit Guard isn't meant to be a security boundary.”

[More: bleepingcomputer.com | techrepublic.com | securityweek.com ]

1 Feb 2018
Flaws in Popular Gas Station Software Exposed for Abuse
Israel - The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store's network. An attacker could also simply alter fuel prices and steal petrol. The vulnerable system, SiteOmat automation software, belongs to an Israeli company named Orpak Systems, which makes fuel-management software. Besides discovering a great number of vulnerable Orpak system gas stations connected to the Internet, the researchers also found a user manual on Orpak's website that contained the default password. This would allow remote hackers to bypass the password protection on the front end of the system and access any Orpak gas station, whether the owner had changed the default password or not. In an unrelated case, a hacker was arrested in Russia for manipulating electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tanks (SITREP32).

[More: motherboard.vice.com | scmagazine.com | trendmicro.com ]

 Trainings & Events 

Special Discount of USD200 available for REDCONSA's Partners. Please email to advisors@redconsa.sg for more information.

Past Year Videos

 Featured ICS Solutions [SPONSORED POSTS]  

 REDCONSA Digital Publications 

Latest Research Papers & Technical Instruction for ICS Against NotPetya Wiper Malware on Unpatched Windows Systems

Copyright © 2018 REDCON Security Advisors, All rights reserved.

Our mailing address is:
ADVISORS@REDCONSA.SG