Cybersecurity

Claroty Research on Ovarro TBox RTUs and TWinSoft Engineering Software (products used in water/wastewater systems)

Industrial cybersecurity firm Claroty released its research regarding findings of vulnerabilities affecting Ovarro’s TBox remote terminal units (RTUs) and TWinSoft engineering software. ICS-CERT has published ICS Advisory ICSA-21-054-04. Claroty’s research highlights findings in implementations of Ovarro’s proprietary version of the Modbus protocol which allows for malicious code to be injected through the modification of an update package.

Read more about Claroty Research on Ovarro TBox RTUs and TWinSoft Engineering Software (products used in water/wastewater systems)

IT Systems of Honeywell Impacted by Malware

On Tuesday, industrial component manufacturing giant Honeywell issued a statement that its IT systems had been disrupted by malware. Limited information was given beyond working with Microsoft to assess and remediate the situation and that the investigation is ongoing.

Read more about IT Systems of Honeywell Impacted by Malware

FBI’s IC3 2020 Internet Crime Report

On par with the annual Verizon Data Breach Investigation Report, is the FBI’s IC3 Internet Crime Report for fan favorite and most frequently referenced. So, without further ado, the 2020 Internet Crime Report has been released.

Read more about FBI’s IC3 2020 Internet Crime Report

VANADINITE – New ICS Threat Activity Group Potentially Linked to Use of Ransomware Against Industrial Organizations

In its recent ICS Cybersecurity 2020 Year in Review Report (shared in the Security & Resilience Update for February 25, 2021) Dragos revealed four new ICS threat activity groups, KAMACITE, VANADINITE, STIBNITE, and

Read more about VANADINITE – New ICS Threat Activity Group Potentially Linked to Use of Ransomware Against Industrial Organizations

Secure Architecture Design – Network Segmentation

Network segmentation is a fundamental defense-in-depth strategy to limit communications across network boundaries and protect assets from unauthorized access. However, a commonly identified weakness during risk assessments is often a lack of appropriate network segmentation.

Read more about Secure Architecture Design – Network Segmentation

Blended Threat Awareness – Cyber Attackers Compromise Security Cameras

Used across multitude of facilities, often unmanaged and connected to the corporate network with little to no security, surveillance cameras provide an avenue for compromise. Compromise that usually leads to serious privacy concerns, but also opens the lens of access to the broader corporate network and for launching future attacks against customers. Attackers claim to have obtained privileged credentials for a high-level administrator at Verkada, an enterprise security camera solutions company.

Read more about Blended Threat Awareness – Cyber Attackers Compromise Security Cameras

Security Awareness – Ransomware Round-up

A quick-hit of recent ransomware activity and developments.

Read more about Security Awareness – Ransomware Round-up

Greater Preparedness and Security in Light of Oldsmar, Regardless of Intent or Motivation

Risk management firm, The Gate 15 Company reviews the February 5, 2021 blended threat (cyber-physical) incident at the Oldsmar, Florida Water Treatment Plant in a recent blog post titled, “Blended Threats: Did Florida’s Cyber Attack Whet Your Appetite for Better Preparedness and Security?” The post highlights the blended threat concerns and reviews some best practices and mitigation actions drawn from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities for greater preparedness.

Read more about Greater Preparedness and Security in Light of Oldsmar, Regardless of Intent or Motivation

Dragos 2020 ICS Cybersecurity Year in Review

In case you haven’t seen it yet, Dragos published its 2020 ICS Cybersecurity Year in Review yesterday. This years' report has some cool interactive elements displayed as an executive summary. Based on extensive experience, assessments, and incident response insights, Dragos shares its observations, lessons learned, and recommendations in this annual data-driven analysis of Industrial Control System (ICS)/Operational Technology (OT) focused cyber threats and vulnerabilities.

In addition to several key findings and recommendations for ICS defenders, read the report for more on:

Read more about Dragos 2020 ICS Cybersecurity Year in Review

OT/ICS Security – Going From A(ir Gap) to Z(ero Trust)

Zero trust has become a bit of a buzzword lately, especially since the disclosure of the SolarWinds incident. In addition, it’s possible that the concept of zero trust is thought of as applicable only to IT systems and may have industrial systems operators dismissing it. But as the air-gap continues to erode in favor or greater (remote) access to control systems, zero trust becomes essential.

Read more about OT/ICS Security – Going From A(ir Gap) to Z(ero Trust)

You are here

Cybersecurity

Claroty Research on Ovarro TBox RTUs and TWinSoft Engineering Software (products used in water/wastewater systems)

IT Systems of Honeywell Impacted by Malware

FBI’s IC3 2020 Internet Crime Report

VANADINITE – New ICS Threat Activity Group Potentially Linked to Use of Ransomware Against Industrial Organizations

Secure Architecture Design – Network Segmentation

Blended Threat Awareness – Cyber Attackers Compromise Security Cameras

Security Awareness – Ransomware Round-up

Greater Preparedness and Security in Light of Oldsmar, Regardless of Intent or Motivation

Dragos 2020 ICS Cybersecurity Year in Review

OT/ICS Security – Going From A(ir Gap) to Z(ero Trust)

Pages

You are here

Cybersecurity

Pages

Footer Email Signup