Industrial Security


  • Securing Computerized Vehicles from Potential Cybersecurity Threats

    June 6, 2021

    Like technology itself, cybersecurity is ever-evolving and encompassing more areas of our lives, including transportation. Popular science fiction movies have led us to expect flying taxis and private space travel as the future of transportation. If that is going to become an eventual reality, the first steps towards that future are “smart cars” and automated ...

  • Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

    May 27, 2021

    Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse ...

  • Threats From a Compromised 4G/5G Campus Network

    May 27, 2021

    Over the past two decades, industrial sectors and everyday users have reaped the benefits of advancements in telecom technologies. At present, the catalyst and basis for future changes is 5G. A sign of this continuing development and influence for some industries is their investment in non-public networks (NPN), also commonly referred to as campus networks. The ...

  • Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

    May 25, 2021

    Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels ...

  • Russian to be deported after foiled Tesla ransomware plot

    May 24, 2021

    A Russian man was sentenced Monday to what amounted to time already served in U.S. government custody and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing ...

  • Florida water treatment plant was involved in second security incident before poisoning attempt: report

    May 21, 2021

    A new study from Dragos has found that a water treatment plant in Oldsmar, Florida — where hackers attempted to poison the town’s water earlier this year — was also involved in another potential breach at the same time. A browser being used on the plant’s network was traced back to a “watering hole” attack that ...

  • DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

    May 11, 2021

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed DarkSide ransomware against the pipeline company’s information technology (IT) network. At this time, there is no indication that the entity’s ...

  • Industrial Cybersecurity: Guidelines for Protecting Critical Infrastructure

    May 11, 2021

    Over the weekend, the Alpharetta, GA based Colonial Pipeline was hit by an extensive ransomware attack that shut down its information technology (IT) and industrial operational technology (OT) systems. Simply put, an all-too-common ransomware event targeting IT systems encouraged a voluntary shutdown on the production side (OT) of the business to prevent further exposure. Colonial ...

  • US and Australia warn of escalating Avaddon ransomware attacks

    May 10, 2021

    The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. The FBI said in a TLP:GREEN flash alert last week that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, ...

  • Suspected Chinese state hackers target Russian submarine designer

    April 30, 2021

    Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document. The threat actor targeted Rubin Central Design ...

  • Microsoft finds memory allocation holes in range of IoT and industrial technology

    April 30, 2021

    The security research group for Azure Defender for IoT, dubbed Section 52, has found a batch of bad memory allocation operations in code used in Internet of Things and operational technology (OT) such as industrial control systems that could lead to malicious code execution. Given the trendy vulnerability name of BadAlloc, the vulnerabilities are related to ...

  • Just What The Cyber Doctors Ordered – OT For Pharmaceutical Companies

    April 20, 2021

    Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News. A couple of ...

  • Government intervenes in sale of UK chip designer Arm over national security implications

    April 19, 2021

    A “high-level manager” of the FIN7 hacking group has been sentenced to ten years in prison. The planned $40bn (£29bn) sale of UK-based chip designer Arm Holdings will be scrutinised by regulators over potential national security concerns after an intervention by the government. Digital secretary Oliver Dowden has stepped in after current owner, Japanese conglomerate Softbank, agreed ...

  • The Security dilemma of smart factories [Part 3] Fundamental security risks in robot languages

    April 19, 2021

    Industrial robots are the core of the automation of manufacturing processes in smart factories, and are the most important components as they support the manufacture of all kinds of products such as automobiles, aircraft, processed foods, and pharmaceuticals. In addition, as equipment that realizes unmanned manufacturing in the post-COVID-19 world where minimal or no contact ...

  • Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure

    April 13, 2021

    High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks—such as the Internet. In Mandiant’s experience, the concept of an ‘air gap’ separating OT assets from external networks rarely ...

  • NAME:WRECK DNS vulnerabilities affect over 100 million devices

    April 13, 2021

    Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in widespread TCP/IP stacks ...

  • New survey report released: The state of industrial cybersecurity (Part 3)

    April 12, 2021

    This is the final installation of our three-part blog series, explaining the state of industrial cybersecurity based on the result of survey Trend Micro conducted in the US, Germany and Japan in November 2021. Part 1: Converging IT and OT with people, process and technology Part 2: Most factories have already implemented technical measures but are still ...

  • New survey report released: The state of industrial cybersecurity (Part 2)

    April 6, 2021

    This article is a second part of our three-part blog series, explaining the result of Trend Micro’s latest survey about industrial cybersecurity. The previous post showed the result of this survey- most IT and OT people recognize the biggest challenge is technology rather than people and process. We also found some gaps of awareness between ...

  • Industrial IoT Needs to Catch Up to Consumer IoT

    April 5, 2021

    When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the gap, but concerted efforts have ...

  • USB threats to ICS systems have nearly doubled

    April 1, 2021

    The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, ...