- Agenda Ransomware Uses Rust to Target More Vital Industries
December 16, 2022
This year, ransomware-as-a-service (RaaS) groups like BlackCat, Hive, and RansomExx have developed versions of their ransomware in Rust, a cross-platform language that makes it easier to tailor malware to different operating systems like Windows and Linux. In this blog entry, Trend Micro shed light on Agenda (also known as Qilin), another ransomware group that has ...
- Cyber Signals: Risks to critical infrastructure on the rise
December 14, 2022
Today, the third edition of Cyber Signals was released spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. In this edition, we share new insights on wider risks that converging IT, Internet of Things (IoT), and operational technology (OT) systems pose to critical infrastructure. Cyber Signals presents ...
- CISA Releases Three Industrial Control Advisories
December 8, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds One ...
- Industry 4.0: CNC Machine Security Risks – Part 3
December 6, 2022
In this final installation of Trend Micro three-part blog series, Trend Micro researchers lay out countermeasures that enterprises can do to protect their machines. They’ll also discuss their responsible disclosure as well as the feedback they got from the vendors they evaluated. Countermeasures Trend Micro found that only two of the four vendors analyzed support authentication. Neither ...
- Industry 4.0: CNC Machine Security Risks – Part 2
December 2, 2022
In part one, Trend Micro researchers discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. The researchers also laid out how we evaluated the chosen vendors for Trend Micro research. For this blog, Trend Micro will continue discussing their ...
- Industry 4.0: Computer Numerical Controls (CNC) Machine Security Risks – Part 1
November 29, 2022
Computer numerical controls (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity. This increased connectivity has made them more software-dependent and therefore more vulnerable to attacks. This vulnerability is due ...
- CISA Releases Seven Industrial Control Systems Advisories
November 29, 2022
CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-333-01 Mitsubishi Electric GOT2000 ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products ICSA-22-333-03 Hitachi ...
- CISA Releases Eight Industrial Control Systems Advisories
November 22, 2022
CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-326-01 AVEVA Edge ICSA-22-326-02 Digital Alert Systems DASDEC ICSA-22-326-03 Phoenix Contact Automation Worx ICSA-22-326-04 GE ...
- Vulnerable SDK components lead to supply chain risks in IoT and OT environments
November 22, 2022
Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply chains, like Log4J and ...
- More than 17 million control system cyber incidents are hidden in plain sight
November 18, 2022
Control system cyber incidents are more plentiful and impactful than most observers expect – more than 17 million directly resulting in more than 34,000 deaths. While there have been more than 1,200 electric grid cyber-related incidents, that doesn’t adequately reflect the true impact on customers and the economy. The majority of the 17 million-plus control ...
- CISA Releases Two Industrial Control Systems Advisories
November 17, 2022
CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-321-01 Red Lion Crimson ICSA-22-321-02 Cradlepoint IBR600 Read more… Source: U.S. Cybersecurity and Infrastructure Security ...
- Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems
November 15, 2022
A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ...
- CISA Releases One Industrial Control Systems Advisory
November 1, 2022
CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Largest EU copper producer Aurubis suffers cyberattack, IT outage
October 28, 2022
German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack’s spread. Aurubis is Europe’s largest copper producer and the second largest in the world, with 6,900 employees worldwide, and produces one million tonnes of copper cathodes yearly. In an announcement published on their website, ...
- CISA Releases Four Industrial Control Systems Advisories
October 28, 2022
CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-300-01 Rockwell Automation FactoryTalk Alarm and Events Server ICSA-22-300-02 SAUTER Controls moduWeb ICSA-22-300-03 Rockwell ...
- Biden now wants to toughen up chemical sector’s cybersecurity
October 27, 2022
The White House is adding the chemical sector to a program launched last year to improve cybersecurity capabilities within America’s critical infrastructure industries. The addition makes chemical facilities and manufacturers the fourth sector under the Biden Administration’s Industrial Control Systems (ICS) Cybersecurity Initiative, which rolled out in July 2021 following the ransomware attack on Colonial Pipeline ...
- Manufacturing Cybersecurity: Trends & Survey Response
October 27, 2022
Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and ...
- CISA Releases Three Industrial Control Systems Advisories
October 20, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-293-01 Bentley Systems MicroStation Connect ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump ...
- CISA Releases Two Industrial Control Systems Advisories
October 18, 2022
CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-291-01 Advantech R-SeeNet ICSA-21-336-06 Hitachi Energy APM Edge (Update A) Read more… Source: U.S. Cybersecurity and Infrastructure ...
- CISA Releases Twenty-Five Industrial Control Systems Advisories
October 13, 2022
CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-286-01 Siemens LOGO! ICSA-22-286-02 Siemens Industrial Edge Management ICSA-22-286-03 Siemens Solid Edge ICSA-22-286-04 Siemens SIMATIC ...