- Budworm: Espionage Group Returns to Targeting U.S. Organizations
October 13, 2022
The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...
- ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach
October 8, 2022
Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting stolen files on their data leak site. The RansomHouse gang added ADATA files to their data leak site on Tuesday, claiming they stole 1TB worth of documents in a 2022 cyberattack.The threat actors also leaked samples of allegedly stolen files, ...
- CISA Releases Three Industrial Control Systems Advisories
October 7, 2022
CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-284-01 Altair HyperView Player ICSA-22-284-02 Daikin SVMPC1 and SVMPC2 ICSA-22-284-03 Sensormatic Electronics C-CURE 9000 Read more… Source: ...
- The secrets of Schneider Electric’s UMAS protocol
September 29, 2022
UMAS (Unified Messaging Application Services) is a proprietary Schneider Electric (SE) protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU (part numbers BMEP* and BMEH*) and Modicon M340 CPU (part numbers BMXP34*). Controllers are configured and programmed using engineering software – EcoStruxure™ Control Expert (Unity ...
- Control System Defense: Know the Opponent
September 22, 2022
Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. These cyber actors, including advanced persistent threat (APT) groups, target OT/ICS assets to achieve political gains, economic advantages, or destructive effects. Because OT/ICS systems physical operational processes, cyber ...
- Threat landscape for industrial automation systems for H1 2022
September 8, 2022
For the first time in five years of observations, the lowest percentage in the first half of the year was observed in March. During the period from January to March, the percentage of attacked ICS computers decreased by 1.7 p.p. Among regions, the highest percentage of ICS computers on which malicious objects were blocked was observed ...
- CISA Releases Five Industrial Control Systems Advisories
September 6, 2022
CISA has released five Industrial Control Systems (ICS) advisories on September 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-249-01 Triangle Microworks Library ICSA-22-249-02 AVEVA Edge 2020 R2 SP12020 R2 ICSA-22-249-03 Cognex 3D-A1000 Dimensioning ...
- CISA releases two Industrial Control Systems Advisories
August 31, 2022
CISA has released two Industrial Control Systems (ICS) advisories on September 01, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSMA-22-244-01 Contec CMS8000 ICSA-22-244-01 Delta Electronics DOPSoft Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA Releases 12 Industrial Control Systems Advisories
August 29, 2022
CISA has released 12 Industrial Control Systems (ICS) advisories on August 30, 2022. These advisories provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-242-01 Hitachi Energy FCP ICSA-22-242-02 Hitachi Energy GWS ICSA-22-242-03 Hitachi Energy MSM ICSA-22-242-04 Hitachi Energy RTU500 ...
- CISA releases 7 Industrial Control Systems Advisories
August 22, 2022
CISA has released 7 Industrial Control Systems (ICS) advisories on August 23, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-235-01 ARC Informatique PcVue ICSA-22-235-02 Delta Industrial Automation DIALink ICSA-22-235-03 myScada Pro ICSA-22-235-05 Measuresoft ScadaPro Server ICSA-22-235-06 ...
- Grandoreiro banking malware targets manufacturers in Spain, Mexico
August 19, 2022
The notorious ‘Grandoreiro’ banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico. The malware has been active in the wild since at least 2017 and remains one of the most significant threats of its kind for Spanish-speaking users. The recent campaign, spotted ...
- CISA releases 5 Industrial Control Systems Advisories
August 18, 2022
CISA has released 5 Industrial Control Systems (ICS) advisories on August 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-172-01 Mitsubishi Electric MELSEC iQ-R, Q, and L Series CPU Module and MELIPC ...
- #StopRansomware: Zeppelin Ransomware
August 11, 2022
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022. The FBI and CISA encourage organizations to implement the recommendations in the Mitigations section ...
- Automotive supplier breached by 3 ransomware gangs in 2 weeks
August 10, 2022
An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach ...
- New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
August 6, 2022
A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to ...
- Botnet malware disguises itself as password cracker for industrial controllers
July 18, 2022
Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems. These programs offer to crack passwords for specific programmable logic controllers, according to security shop Dragos this month. According to their online ads, the cracking tools can help unlock products from more than a dozen electronics manufacturing ...
- The industrial internet of things is still a big mess when it comes to security
July 14, 2022
Critical infrastructure is increasingly targeted by cyber criminals – and while those responsible for running industrial networks know that securing operational technology (OT) and the Industrial Internet of Things (IIoT) is vital, they’re struggling, resulting in networks being left vulnerable to attacks. According to analysis by cybersecurity company Barracuda, 94% of industrial organisations have experienced a ...
- How America’s Cargo Ports Defend Against Cyberthreats
July 13, 2022
America’s ports move approximately $5.4 trillion in goods annually, making them a unique target for cybercriminals. Protecting these transportation hubs is essential to preserving the supply chain and keeping the U.S. economy running. More than 500 cyberattacks occurred in the marine industry in 2020, according to the U.S. Coast Guard. These exploits are aimed at both ...
- Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
July 11, 2022
It’s extremely rare for hackers, who operate in the digital world, to cause damage in the physical world. But a cyber-attack on a steel maker in Iran two weeks ago is being seen as one of those significant and troubling moments. A hacking group called Predatory Sparrow said it was behind the attack, which it said caused ...
- What to do about inherent security flaws in critical infrastructure?
July 3, 2022
The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that ...