https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018
The two biggest challenges in 2018 will continue to be protecting against unauthorized access, and patching/updating the software of the device. Companies must not neglect the security problems of IoT and IIoT devices. Cyberattacks on the Internet of Things (IoT) are already a reality.
According to Gartner‘s market researchers, global spending on IoT security will increase to $1.5 billion this year.
1,725 Comments
Tomi Engdahl says:
100M IoT Devices Exposed By Zero-Day Bug https://threatpost.com/100m-iot-devices-zero-day-bug/174963/
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.. see also https://www2.guardara.com/2021/09/23/guardara-uncovers-key-zero-day-vulnerability-in-popular-iot-message-broker-software/
Tomi Engdahl says:
Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others
https://hackaday.com/2021/09/23/bluetooth-vulnerability-arbitrary-code-execution-on-the-esp32-among-others/
Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore University of Technology and Design found a serious vulnerability in a large variety of Bluetooth devices. Having now been disclosed, it is known as the BrakTooth vulnerability.
Full details are not yet available; the research team is waiting until October to publicly release proof-of-concept code in order to give time for companies to patch their devices. The basic idea however, is in the name. “Brak” is the Norweigan word for “crash,” with “tooth” referring to Bluetooth itself. The attack involves repeatedly attempting to crash devices to force them into undesired operation.
The Espressif ESP32 is perhaps one of the worst affected. Found in all manner of IoT devices, the ESP32 can be fooled into executing arbitrary code via this vulnerability, which can do everything from clearing the devices RAM to flipping GPIO pins. In smart home applications or other security-critical situations, this could have dire consequences.
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://asset-group.github.io/disclosures/braktooth/
Tomi Engdahl says:
https://threatpost.com/100m-iot-devices-zero-day-bug/174963/
Tomi Engdahl says:
Cyber Threats to Global Electric Sector on the Rise
https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-sector-on-the-rise/
The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: TALONITE, KAMACITE, and STIBNITE. A full two-thirds of the 15 AGs that Dragos actively tracks are performing Industrial Control Systems (ICS)-specific targeting activities focused on electric utility operations.
Although disruptive attacks have not been publicly observed since 2016, as adversaries and their sponsors invest more effort and money into obtaining such capabilities, the risk of a disruptive or destructive attack on the electric utility industry is growing significantly.
Moreover, supply chain risks and ransomware attacks continue to enable intrusions and have disruptive impacts on electric utility operations.
Tomi Engdahl says:
BrakTooth vulnerabilities impact closed-source Bluetooth stacks used in chips from Espressif, Intel, Qualcomm…
https://www.cnx-software.com/2021/09/13/braktooth-vulnerabilities-bluetooth-espressif-intel-qualcomm/
BrakTooth is a family of new security vulnerabilities in commercial, closed-source Bluetooth Classic stacks that range from denial of service (DoS) via firmware crashes and deadlocks to arbitrary code execution (ACE) in certain IoT devices.
Tomi Engdahl says:
https://therecord.media/meet-meris-the-new-250000-strong-ddos-botnet-terrorizing-the-internet/
Tomi Engdahl says:
There should not be medical devices and Internet connectivity on same network.
But for some it used to be too normal have them on same network, and I quess that some still work on this bad way (due organizational reasons like stupidity, incompetence and lack of budget to do changes)
Tomi Engdahl says:
Today’s cars are mobile data centers, and that data needs to be protected https://www.helpnetsecurity.com/2021/10/01/cars-mobile-data-centers/
Our cars can no longer be considered as independent machines providing for our personal transportation. The integration of mobile communications, infotainment, geo-location, and emergency monitoring systems render cars as a connected device within a distributed mesh of different data services.
Tomi Engdahl says:
Introduction to ICS Security Part 3
https://www.sans.org/blog/introduction-to-ics-security-part-3/
In part 3 we will look at Remote Access Connections into ICS, examine why they are here to stay, and review the best practices for securing them.
Tomi Engdahl says:
Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites
https://www.securityweek.com/hackers-can-exploit-apple-airtag-vulnerability-lure-users-malicious-sites
Apple’s AirTag product is affected by a vulnerability that could be exploited by hackers to lure unsuspecting users to phishing or other types of malicious websites.
Security consultant Bobby Rauch discovered that AirTags, which Apple sells for $30 and advertises as a “supereasy way to keep track of your stuff,” are affected by a stored cross-site scripting (XSS) vulnerability.
While the issue has not been patched by Apple, Rauch disclosed its details this week after becoming frustrated with the tech giant’s vulnerability reporting process.
https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/
Tomi Engdahl says:
Boutique “Dark” Botnet Hunting for Crumbs https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/
As I have said before, Internet of Things (IoT) devices are best compared to Mosquitos. Individually, they are annoying. But their large number makes them the most deadly animal around. Many botnets like Mirai or Mozi are going after simple exploits affecting large numbers of devices. These mosquito hunters are like birds in the sense that they live from large numbers of vulnerable devices. But aside from these more visible botnets, there are smaller, “Boutique”
botnets. They go after less common vulnerabilities and pick systems that the major botnets find not lucrative enough to go after. Usually, only a few vulnerable devices are exposed. Taking the animal analogy a bit too far: These are like crustaceans on the ocean floor living off what the predators above discard.
Tomi Engdahl says:
Medtronic urgently recalls insulin pump controllers over hacking concerns https://www.bleepingcomputer.com/news/security/medtronic-urgently-recalls-insulin-pump-controllers-over-hacking-concerns/
Medtronic is urgently recalling remote controllers for insulin pumps belonging to the MiniMed Paradigm’ family of products, due to severe cybersecurity risks. The controllers that should be returned to the vendor are models MMT-500 and MMT-503, used with Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps. These devices were sold in the United States between August 1999 and July 2018, and it is estimated that there are 31, 310 vulnerable units in use by diabetic patients in the country at the moment.
Tomi Engdahl says:
Singapore inks pact with Finland to mutually recognise IoT security labels https://www.zdnet.com/article/singapore-inks-pact-with-finland-to-mutually-recognise-iot-security-labels/
Year after it introduced a security labelling programme for consumer Internet of Things devices, Singapore has signed an agreement with Finland to recognise each nation’s respective cybersecurity labels, touting it as the first such pact. Touting it as the first of such bilateral recognition, Singapore says the partnership aims to reduce the need for duplicated testing.
Tomi Engdahl says:
Medtronic Recalls Medical Devices Due to Security Risks That Can Lead to Injury, Death
https://www.securityweek.com/medtronic-recalls-medical-devices-due-security-risks-can-lead-injury-death
Medical device maker Medtronic is recalling remote controllers used with some of its insulin pumps due to cybersecurity risks that could lead to injury and even death.
The recall is related to a series of vulnerabilities discovered by a team of cybersecurity researchers in 2018. In June 2019, the U.S. Food and Drug Administration (FDA) and Medtronic informed the public of a recall of MiniMed 508 and Paradigm series insulin pumps due to vulnerabilities that could allow an attacker to remotely hack the devices.
The FDA and Medtronic said that some affected users — whose devices were under warranty — were notified as early as August 2018.
That recall is now being expanded by Medtronic to the optional remote controllers associated with the affected insulin pumps. Users of these devices have been sent updated instructions, including for stopping the use of impacted controllers and returning them.
The FDA said more than 31,000 devices have been recalled in the United States. The agency and Medtronic noted that the affected MiniMed MMT-500 and MMT-503 controllers are no longer manufactured or distributed.
Tomi Engdahl says:
Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS
https://www.securityweek.com/hackers-could-disrupt-industrial-processes-flaws-widely-used-honeywell-dcs
A distributed control system (DCS) product offered by Honeywell is affected by vulnerabilities that could allow malicious actors to disrupt industrial processes.
Researchers at industrial cybersecurity firm Claroty discovered that Honeywell’s Experion Process Knowledge System (PKS) is affected by three types of vulnerabilities. Two of them, CVE-2021-38395 and CVE-2021-38397, have been assigned a severity rating of critical and can allow an attacker to remotely execute arbitrary code on the system or cause a denial of service (DoS) condition.
The third flaw, tracked as CVE-2021-38399 and classified as high severity, is a path traversal issue that can allow an attacker to access files and folders.
Vulnerabilities found in Honeywell DCSThe industrial giant published a security advisory for these vulnerabilities in February, when it informed customers about its plans for releasing patches this year. Some versions of the impacted products, however, will not receive fixes.
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
https://www.claroty.com/2021/10/05/blog-research-target-dcs-finding-fixing-critical-bugs-in-honeywell-experion-pks/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/10/07/iot-tietoturvamerkinta-kansainvalistyy/
Tomi Engdahl says:
Unpatched Dahua cams vulnerable to unauthenticated remote access https://www.bleepingcomputer.com/news/security/unpatched-dahua-cams-vulnerable-to-unauthenticated-remote-access/
Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing. The authentication bypass flaws are tracked as CVE-2021-33044 and CVE-2021-33045, and are both remotely exploitable during the login process by sending specially crafted data packets to the target device. For more details on how that works, you may check out the proof of concept (PoC) that was part of todays full disclosure, which has been posted on GitHub.
Tomi Engdahl says:
Who Is Hunting For Your IPTV Set-Top Box?
https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/
Ever considered starting a company to create software for TV channel distribution over IP? It is big business with service providers “converging” their networks. Everything is better over IP. Why not TV?
Having TVs and set-top boxes with two-way IP connectivity allows you to collect all kinds of data from your users. Imagine you cannot only charge people for the content, but you can also sell their data to advertisers. You will know exactly what they watch and when. Are they flipping channels during commercials?
Tomi Engdahl says:
Botnet abuses TP-Link routers for years in SMS messaging-as-a-service scheme https://therecord.media/botnet-abuses-tp-link-routers-for-years-in-sms-messaging-as-a-service-scheme/
Since at least 2016, a threat actor has hijacked TP-Link routers as part of a botnet that abused a built-in SMS capability to run an underground Messaging-as-a-Service operation. Across the years, these infected routers were used to send out betting tips, verification codes, confirmation for online payments and donations, and for sending cryptic messageswhich researchers have yet to crack their meaning.
Tomi Engdahl says:
Singapore tweaks cybersecurity strategy with OT emphasis https://www.zdnet.com/article/singapore-tweaks-cybersecurity-strategy-with-ot-emphasis/
Singapore has tweaked its cybersecurity strategy to beef up its focus on operational technology (OT), offering a new competency framework to provide guidance on skillsets and technical competencies required for OT industry sectors. The revised national cybersecurity roadmap also looks to bolster the overall cybersecurity posture and foster international cyber cooperation. The 2021 cybersecurity strategy also would build on efforts to safeguard Singapore’s critical information infrastructure (CII) and other digital infrastructure, said Cyber Security Agency (CSA). The government organization said it would work with CII operators to beef up the cybersecurity of OT systems where cyber attacks could pose physical and economic risks.
CSA defines OT systems to include industrial control, building management, and traffic light control systems that encompass monitoring or changing “the physical state of a system”, such as controlling railway systems.
“Many OT systems are historically designed to be standalone and not connected to the internet or external networks. However, with the introduction of new digital solutions in OT systems to increase automation and facilitate data collection and analysis, this has introduced new cybersecurity risks to what used to be a relatively ‘safe’ air-gapped operating environment,” it said.
To address such risks, it noted, enterprises needed a framework from which they could get guidance on processes, structures, and skills required to manage their OT cybersecurity.
Called the OT Cybersecurity Competency Framework, it is touted to provide a “more granular breakdown” and reference of cybersecurity skills and technical competencies required for OT industry sectors. It aims to plug existing gaps in OT cybersecurity training, according to CSA. Previously, OT systems owners including those in CII sectors would take guidance from the Skills Framework for ICT, parked under SkillsFuture Singapore, to identify skills gaps and develop training plans.
Jointly developed with Mercer Singapore, the new OT security framework offered roadmaps of various job roles and the corresponding technical skills and core competencies required. Both OT and IT systems owners could refer to the reference guide to provide adequate training and plot employees’ career progression, while training providers could use it to identify technical competencies and certifications needed to support local training needs, CSA said.
Tomi Engdahl says:
Hardware Bolsters Medical Device Security https://www.darkreading.com/vulnerabilities-threats/hardware-bolsters-medical-device-security
The medical device industry has transformed over the last decade, driven by an explosion in the Internet of Mobile Things and increased connectivity. As complexity around the technology, supply chains, and management of these devices grows, so have security concerns.
Traditionally benefiting from no connectivity, or security through obscurity, today’s medical devices are complex systems with multiple layers of commodity-based hardware and software. As a result, medical devices today are more vulnerable to generic threats that target mainstream software libraries and operating systems like Windows and Linux.
Tomi Engdahl says:
Valeanturit tunkeutuvat verkkoihin Tällä hetkellä yleisin keino, jolla järjestelmiin murtaudutaan
https://www.tivi.fi/uutiset/tv/1f5c9a14-32bb-4ce0-a39d-e9374a53ec02
Viime toukokuussa Yhdysvallat lähes pysähtyi. Maan suurimpaan polttoaineputkeen tehtiin kyberhyökkäys, jonka seurauksena lähes 9000 kilometrin mittaisessa putkistossa ei siirretty yhtäkään litraa bensiiniä, dieseliä, lentopetrolia tai lämmitysöljyä. Insta Groupin toimitusjohtaja Henry Nieminen nostaa esille yhden äärimmäisen tärkeän asian, miten yritykset voisivat joko estää kokonaan tai vähintään saada kyberhyökkäysten vahingot minimiin.
Tomi Engdahl says:
Coding for Regulated Energy Systems
October 5, 2021
https://shiftleft.grammatech.com/coding-for-regulated-energy-systems
North American Electric Reliability Corporation’s supply chain regulations could cost millions for those out of compliance. Dick Brooks explains how this impacts third party software providers of NERC-related systems.
The stakes are high for energy companies acquiring third-party software. They face fines of up to $1 million per day if they’re found to be out of compliance with NERC’s newest supply chain risk management regulations.
In this interview, we ask Dick Brooks, co-founder and lead software engineer at Reliable Energy Analytics, about how developers are adhering to these guidelines, particularly those working on energy and ICS third party apps.
Q: Can you refresh us on requirements for software supply chain development?
The North American Electric Reliability Corporation defines the cyber security infrastructure protection standards for the energy industry. Last year, NERC’s software supply chain CIP standards went into effect, which require electric entities to verify the integrity and authenticity of a software package before making any baseline configuration changes. That means that NERC auditors will come on sight and look for evidence that companies are following these regulations and checking the authenticity of software suppliers before making any changes.
https://www.nerc.com/pa/Stand/Reliability%20Standards/CIP-010-3.pdf
Tomi Engdahl says:
Breathing Life into Obsolete Medical-Device Designs
Oct. 5, 2021
Authorized distribution and licensed semiconductor manufacturing can extend the life of medical devices after component end-of-life by providing long-term product support to mitigate the risks of obsolescence.
https://www.electronicdesign.com/technologies/embedded-revolution/article/21177478/rochester-electronics-inc-breathing-life-into-obsolete-medicaldevice-designs?utm_source=EG%20ED%20Analog%20%26%20Power%20Source&utm_medium=email&utm_campaign=CPS211004062&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
Tomi Engdahl says:
The Security Challenge Of Protecting Smart Cities https://www.forbes.com/sites/chuckbrooks/2021/10/10/the-security-challenge-of-protecting-smart-cities/
As we continue to move forward in the Industry 4.0 era of greater connectivity between the physical and digital, the promise and development of smart cities become a more likely vision. While the term may have differing definitions, the term smart city usually connotes creating a public/private infrastructure to orchestrate the integration of transportation, energy, water resources, waste collections, smart-building technologies, and security technologies and services in a central location.
Tomi Engdahl says:
Farm equipment security at DEF CON 29
https://www.kaspersky.com/blog/hacking-agriculture-defcon29/42402/
One of the most unusual presentations at the DEF CON 29 conference, held in early August, covered farm equipment vulnerabilities found by an Australian researcher who goes by the alias Sick Codes.
Vulnerabilities affecting the major manufacturers John Deere and Case IH were found not in tractors and combine harvesters, but in web services more familiar to researchers.
Tomi Engdahl says:
OT Cybersecurity Firm Shift5 Raises $20 Million to Protect Planes, Trains and Tanks
https://www.securityweek.com/ot-cybersecurity-firm-shift5-raises-20-million-protect-planes-trains-and-tanks
Shift5, an operational technology (OT) cybersecurity company specializing in transportation infrastructure and weapons systems, this week announced raising $20 million in a Series A funding round.
The funding was led by 645 Ventures, with participation from Squadra Ventures, General Advance, and First In.
“Shift5′s data-driven solution integrates directly onto existing vehicle platforms, collecting and enriching data from on-board digital components and continuously monitoring data streams for security and operational anomalies. Its analytics platform provides cybersecurity intrusion detection, smarter maintenance, and improved operational intelligence for fleet operators,” the company said in a press release announcing the funding round.
OT Security Firm Nozomi Networks Raises $100 Million
https://www.securityweek.com/ot-security-firm-nozomi-networks-raises-100-million
Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in a Series D pre-IPO-funding round.
Tomi Engdahl says:
https://www.etteplan.com/stories/3-tips-towards-developing-cybersecure-products
Tomi Engdahl says:
Critical infrastructure security dubbed ‘abysmal’ by researchers https://www.zdnet.com/article/critical-infrastructure-security-dubbed-abysmal-by-researchers/
The “abysmal” state of security for industrial control systems (ICSs) is putting critical services at serious risk, new research finds.
Tomi Engdahl says:
Security Risks of Client-Side Scanning
https://www.schneier.com/blog/archives/2021/10/security-risks-of-client-side-scanning.html
Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption.
Lisäksi: https://arxiv.org/abs/2110.07450 -Bugs in our Pockets: The Risks of Client-Side Scanning
Tomi Engdahl says:
https://www.zdnet.com/article/owasp-updates-top-10-vulnerability-ranking-for-first-time-since-2017/
https://owasp.org/Top10/
Tomi Engdahl says:
Microsoft, Intel and Goldman Sachs Lead New Supply Chain Security Initiative
https://www.securityweek.com/microsoft-intel-and-goldman-sachs-lead-new-supply-chain-security-group-tcg
Microsoft, Intel and Goldman Sachs will lead a new work group focusing on supply chain security at the Trusted Computing Group (TCG).
TCG is a non-profit organization that develops, defines and promotes open and vendor-neutral industry specifications and standards for trusted computing platforms, including the widely used Trusted Platform Module (TPM).
TCG has several work groups, including for cloud, embedded systems, infrastructure, IoT, mobile, PC clients, servers, software stack, storage, trusted network communications, TPM, and virtualized platforms.
The organization this week announced a new work group focusing on supply chain security. Representatives of Microsoft, Intel and Goldman Sachs will lead the new group, which will work on developing guidance for supply chain security standards.When we think about cyber threats, we often imagine a lone attacker sitting in a dark room, furiously typing as green text spreads across the screen in order to gain access to sensitive information or assume control of some system to which they would otherwise not have access. While this sort of threat does exist, we now see a much greater threat in the form of coordinated adversaries attempting to compromise the supply chains of our industries and governments. These adversaries exploit supply chain vulnerabilities, stealing intellectual property, exploiting software vulnerabilities, surveilling and disrupting critical infrastructure, and engaging in other malicious activity. To address these vulnerabilities, we need to recognize that within each phase of product lifecycles, from design, manufacture, and transport, to provisioning, utilization, and decommission, there are serious risks.
To effectively protect our infrastructure and devices throughout product lifecycles, we must also consider the components of these products and computing systems. In the hardware supply chain, we see a specific and growing set of threats which are much more difficult for any one organization to protect against. Taken together, supply chain threats now affect a broad range of industries and organizations, from critical infrastructure, military and defense, and financial services, to consumer electronics, education, and healthcare. Mitigating or eliminating these threats is the goal of Supply Chain Security.
Tomi Engdahl says:
The Security Challenge Of Protecting Smart Cities
https://www.forbes.com/sites/chuckbrooks/2021/10/10/the-security-challenge-of-protecting-smart-cities/?sh=41176e2c7d26
As we continue to move forward in the Industry 4.0 era of greater connectivity between the physical and digital, the promise and development of smart cities become a more likely vision. While the term may have differing definitions, the term “smart city” usually connotes creating a public/private infrastructure to orchestrate the integration of transportation, energy, water resources, waste collections, smart-building technologies, and security technologies and services in a central location.
In the past several years, cities have migrated from analog to digital and have become increasingly “smarter.” A smart city uses digital technologies for information and communication technologies to enhance quality and performance of urban services, to reduce costs and resource consumption, and to engage more effectively and actively with its citizens. A smart city is indeed a laboratory for applied innovation. A smart city and its accompanying ecosystem can influence and impact the industrial verticals including transportation, energy, power generation, and agriculture.
Tomi Engdahl says:
https://www.securityweek.com/ics-security-experts-share-tales-trenches-part-2
Tomi Engdahl says:
It is the consultants’ job not to say, ‘No, you can’t do this,” but rather, ‘Here is how you solve this problem in a way that minimizes risk to your organization’.”
https://www.securityweek.com/ics-security-experts-share-tales-trenches-part-2
Tomi Engdahl says:
https://www.securityweek.com/supporting-cybersecurity-awareness-month
Tomi Engdahl says:
Introduction to ICS Security Part 3
In part 3 we will look at Remote Access Connections into ICS, examine why they are here to stay, and review the best practices for securing them.
https://www.sans.org/blog/introduction-to-ics-security-part-3/
Tomi Engdahl says:
How the IEC 61850 standard structures the electrical industry
https://www.stormshield.com/news/how-the-iec-61850-standard-structures-the-electrical-industry/
Tomi Engdahl says:
Rolling out your RBAC Infrastructure to Electrical Substations
https://www.linkedin.com/pulse/rolling-out-your-rbac-infrastructure-electrical-chaitanya-bisale?articleId=6694158507568197632
https://standards.iteh.ai/catalog/standards/clc/23403375-90cd-4325-9e93-bbd11b7a649d/en-iec-62351-8-2020
Tomi Engdahl says:
A SANS 2021 Survey: OT/ICS Cybersecurity
https://www.nozominetworks.com/downloads/SANS-Survey-2021-OT-ICS-Cybersecurity-Nozomi-Networks.pdf
The OT cybersecurity landscape has changed significantly in the past two years. We have seen significant attention and overall growth of investment in securing our critical ICS/OT systems, but we still need some progress in key areas. Key industry-wide insights from this survey include:• Steady growth in ICS-focused cybersecurity positions• Overall increase in budget allocation for ICS cybersecurity efforts• Steady increase in the influence of regulatory regimes to drive cybersecurity investments• Increase in cloud adoption (and use primary for operational outcomes)• Significant adoption of MITRE ATT&CK® framework for ICS (given its relatively recent release)
Tomi Engdahl says:
ATT&CK® for Industrial Control Systems
https://collaborate.mitre.org/attackics/index.php/Main_Page
ATT&CK for ICS is a knowledge base useful for describing the actions an adversary may take while operating within an ICS network. The knowledge base can be used to better characterize and describe post-compromise adversary behavior. Please see the overview page for more information about ATT&CK for ICS.
The MITRE ATT&CK for ICS Matrix is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied. Some techniques span more than one tactic because they can be used for different purposes.
Tomi Engdahl says:
Threat landscape for industrial automation systems in H1 2021
https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h1-2021/104017/
Tomi Engdahl says:
This is how a cybersecurity researcher accidentally broke Apple Shortcuts
https://www.zdnet.com/article/this-is-how-a-cybersecurity-researcher-accidentally-broke-apple-shortcuts/#ftag=RSSbaffb68
Detectify explains how investigating CloudKit resulted in Shortcuts disruption for users back in March.
Tomi Engdahl says:
“IoT is like an onion! Both have layers that sometimes make you (Wanna) cry”. That is one of the quotes from Udo Schneider, IoT Security Evangelist at Trend Micro EMEA.
Tomi Engdahl says:
Research finds consumer-grade IoT devices showing up… on corporate networks
Considering the slack security of such kit, it’s a perfect storm
https://www.theregister.com/2021/10/21/iot_devices_corporate_networks_security_warning/
Tomi Engdahl says:
IoT Hacking and Rickrolling My High School District
https://whitehoodhacker.net/posts/2021-10-04-the-big-rick
Tomi Engdahl says:
Many Ransomware Attacks on OT Organizations Involved Ryuk: IBM
https://www.securityweek.com/many-ransomware-attacks-ot-organizations-involved-ryuk-ibm
Many attacks that impacted organizations with operational technology (OT) networks in 2021 involved ransomware, and operators of the Ryuk ransomware in particular appear to gravitate towards this type of target, according to research conducted by IBM’s X-Force cybersecurity unit.
The company says ransomware has been by far the top attack type launched against OT organizations to date in 2021, accounting for 32% of attacks. The Ryuk ransomware has been involved in many of these attacks and IBM says there has been more documented cases of Ryuk ending up on OT networks compared to most other ransomware strains.
Singleton told SecurityWeek ahead of the event that the study is based only on attacks that have the potential to affect industrial control systems (ICS) or OT systems, including attacks involving insiders, remote access trojans, or IoT botnets.
“Manufacturing and transportation are the two operational technology-related industries X-Force most commonly observes Ryuk actors target, but we know Ryuk actors also love energy and utilities, industrial distribution, oil and gas, and healthcare,” Singleton explained.
While in many attacks the Ryuk ransomware actually makes it to ICS or other OT systems, there are attacks that only hit IT systems directly but still cause disruption to operational systems.
“Ransomware attacks on IT systems alone often also have operational impact because operational systems are shut down as a precaution,” Singleton said. “Our research shows that ransomware attacks have an operational impact 56% of the time—even when the ransomware does not get onto the OT network.”
Ryuk ransomware operators encrypt files found on the victim’s network in an effort to convince them to pay a ransom, but they sometimes also steal valuable data to increase their chances of getting paid. However, in the attacks where Ryuk got into OT networks, IBM did not observe any data theft.
Singleton says OT organizations should focus on segmentation if they want to reduce the risk of significant damage.
“In every instance we have seen where Ryuk got into an OT network, poor network segmentation played a role,” the expert said. “Paying close attention to domain controllers, limiting domain administrator accounts, locking them down and auditing them heavily can decrease the chances ransomware actors can gain access to domain controllers—which is key to deploying ransomware—and in some cases can even decrease opportunities to move over to the OT network.”
Tomi Engdahl says:
https://www.tivi.fi/kumppanisisallot/insta/nain-rakennetaan-luottamus-iot-laitteiden-dataan-varmenteet-ja-pki-kaiken-perustana/
Tomi Engdahl says:
Electronic Warfare System On Air Force F-16 Gets Capability Update In Flight
https://www.thedrive.com/the-war-zone/41793/electronic-warfare-system-on-air-force-f-16-gets-capability-update-in-flight
The ability to upgrade the capabilities of electronic warfare systems remotely opens a path to being able to respond to new threats in real-time.
Tomi Engdahl says:
EU to adopt new cybersecurity rules for smartphones, wireless, IoT devices
https://therecord.media/eu-to-adopt-new-cybersecurity-rules-for-smartphones-wireless-iot-devices/
The European Commission has ordered an update to the Radio Equipment Directive in order to introduce new cybersecurity guidelines for radio and wireless equipment sold on the EU market, such as mobile phones, tablets, fitness trackers, and other smart IoT devices.