Industrial Security


  • Factory Security Problems from an IT Perspective (Part 3): Practical approach for stable operation

    June 1, 2020

    This article is the last in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. As explained in the first two articles, a factory network that accounts for diverse conditions and environments requires a well-balanced consideration ...

  • Forward-looking security analysis of smart factories [Part 2] Security risks of industrial application stores

    May 26, 2020

    On May 11, 2020, Trend Micro released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of 5 columns, based on the results of this research, we will look at the security risks to be aware of when promoting smart factories by examining overlooked attack ...

  • Factory Security Problems from an IT Perspective (Part 2): People, processes, and technology

    May 26, 2020

    This article is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. Before beginning to consider countermeasures, in the first article we explained the source of the challenges while focusing on the differences ...

  • Factory Security Problems from an IT Perspective (Part 1): Gap between the objectives of IT and OT

    May 21, 2020

    In the cybersecurity industry, key words such as “smart factories,” the “Industrial Internet of Things (IIoT),” and “Industry 4.0” have come to the fore. The business environment that the manufacturing industry operates in is undergoing drastic changes and entering a transition period. Nowadays, it may be difficult to find companies that do not include Digital ...

  • Threats and Consequences A Security Analysis of Smart Manufacturing Systems

    May 11, 2020

    In the era of Industry 4.0, there has been increasing adoption of smart manufacturing technologies by organizations looking to improve their manufacturing efficiency. While this has provided plenty of benefits, such as enhanced productivity at lower costs, it has also introduced new attack vectors that can be exploited by threat actors looking to gain a foothold ...

  • Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment

    April 20, 2020

    A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can ...

  • PoetRAT Trojan targets energy sector using coronavirus lures

    April 17, 2020

    Government and energy sectors are being targeted in a new campaign that weaponizes the coronavirus outbreak. On Thursday, Cisco Talos researchers Warren Mercer, Paul Rascagneres and Vitor Ventura published an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) striking both the Azerbaijan government and utility companies. According to the team, the malware attacks supervisory control ...

  • WildPressure APT targets industrial-related entities in the Middle East

    March 24, 2020

    In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have ...

  • Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats

    March 23, 2020

    There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, ...

  • UK Department for Business, Energy and Industrial Strategy is looking for organisations who can support in the supply of ventilators and ventilator components

    March 20, 2020

    The Department for Business, Energy and Industrial Strategy (BEIS) is looking for organisations who can support in the supply of ventilators and ventilator components across the United Kingdom as part of the Government’s response to COVID-19. These questions aim to identify the suitability and readiness of organisations to be involved in the initiative. There are three ...

  • The IIoT Threat Landscape: Securing Connected Industries

    March 18, 2020

    The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the vast industrial landscape, the scale of threats likewise grows. With that being said, some components of ...

  • Critical Bugs in Rockwell, Johnson Controls ICS Gear

    March 10, 2020

    Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in Rockwell Automation gear affect MicroLogix 1400 Controllers, MicroLogix 1100 Controllers and RSLogix 500 Software. The ...

  • Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

    February 24, 2020

    Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims across a variety of industry verticals many millions of dollars in ransom and ...

  • Assessment of Ransomware Event at U.S. Pipeline Operator

    February 19, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on 18 February 2020 on a ransomware incident impacting a natural gas compression facility at an unidentified U.S. pipeline operator. The ransomware event impacted both IT and ICS assets by causing loss of view and control impacts that caused the facility to implement controlled shutdown processes ...

  • Fake Smart Factory Honeypot Highlights New Attack Threats

    January 24, 2020

    A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems (ICS) face with increased exposure to the internet. While in the past ICS networks were traditionally proprietary and closed systems, the advent of ...

  • Oil-and-Gas APT Pivots to U.S. Power Plants

    January 10, 2020

    A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part of a broader trend in which cybercriminals focused on critical infrastructure are branching ...

  • Critical Flaws in VNC Threaten Industrial Environments

    November 22, 2019

    The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible servers in systems that use the code. The ...

  • ICS Cyberwarfare: The Latest Threat to America’s Power Grid

    November 20, 2019

    The modern world is dependent on electricity, and the United States is no exception. I remember the notorious blackouts that affected the eastern U.S. and Canada in August 2003. The duration of the mass power outage lasted anywhere between several hours and a week depending on where you were. I was in Hamilton, Canada, and ...

  • ICS Attackers Set To Inflict More Damage With Evolving Tactics

    October 31, 2019

    Future attacks on industrial control system (ICS) networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remains extraordinarily difficult to mount successful attacks on critical ...

  • Insurance Pays Out a Sliver of Norsk Hydro’s Cyberattack Damages

    October 30, 2019

    On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to shut down or isolate several plants and ...