You are here

Home » Cybersecurity

Cybersecurity

OT/ICS Asset Inventory – Passive Scanning vs. Selective Probing

While the value of asset inventory usually goes unchallenged, it is still surprising how few organizations are doing it effectively. World renowned Stuxnet and ICS cybersecurity expert, Ralph Langner discusses the importance of OT/ICS asset inventory, along with the differences between passive scanning and selective probing. Mr. Langner concisely describes what is technically meant by passive scanning, as well as its limitations, including devices and characteristics that will likely not be detected.

RASPITE Threat Group Targets U.S. Electric Utility Organizations

ICS cybersecurity firm Dragos is tracking a threat group they dub RASPITE, that is currently actively targeting U.S. electric organizations. RASPITE’s primary focus is on ICS-operating entities; however, the group has not yet demonstrated any capability to disrupt or destroy ICS-specific operations. The group’s primary tactics include strategic web compromise (a.k.a., watering hole) and Windows credential harvesting.

AVEVA Wonderware License Server (ICSA-18-212-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory regarding a vulnerability of an improper restriction of operations within the bounds of a memory buffer in AVEVA Wonderware License Server. The vulnerability affects Wonderware License Server v4.0.13100 and prior using the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior); only users with the Counted Licenses feature with “ArchestrAServer.lic” are affected. Successful exploitation of this vulnerability may result in remote code execution with administrative privileges.

AVEVA InTouch Access Anywhere (ICSA-18-212-04) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory regarding a cross-site scripting (XSS) vulnerability in AVEVA InTouch Access Anywhere remote access software. The vulnerability affects AVEVA InTouch Access Anywhere, 2017 Update 2 and prior that use vulnerable jQuery libraries prior to version 3.0.0. Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code due to improper neutralization of input during web page generation.

Johnson Controls Metasys and BCPro (ICSA-18-212-02)

The NCCIC has released an advisory regarding an information exposure through an error message vulnerability in Johnson Controls Metasys and BCPro products. The vulnerability affects Metasys System, Versions 8.0 and prior, and BCPro (BCM), all versions prior to 3.0.2. Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the Metasys or BCPro server, allowing an attacker to target a system for attack.

Davolink DVW-3200N (ICSA-18-212-01)

The NCCIC has released an advisory regarding the use of a password hash with insufficient computational effort vulnerability in Davolink DVW-3200N network switches. All versions of DVW-3200N prior to version 1.00.06 are affected. Successful exploitation of this vulnerability may result in a remote attacker obtaining the password to the device, as the device generates a weak password hash that is easily cracked. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level.

Business Continuity and Resilience – Considerations for Building an ICS Cybersecurity Strategy

Critical infrastructure organizations face cyber threats of all kinds, from state-sponsored and cyber crime actors to traditional IT threats. However, observations have identified common attack methodology and tradecraft regardless of industry. Gary Williams, Senior Director of Cybersecurity Services Offer Management at Schneider Electric, discusses how, while the threats and methods are similar, the uniqueness of OT environments requires security leaders to adopt different defense strategies, including greater employee engagement.

ICS Network Segmentation - The Difference Between an Internal Incident or Front Page Headline

There is no silver bullet in cybersecurity, but some strategies, like network segmentation, provide more bang for the cybersecurity buck. Effective network segmentation requires thorough knowledge about what is in the environment. This knowledge includes information beyond just the endpoints, such as regarding normal operational process workflows, as well as expected network communications. ICS cybersecurity expert Galina Antova discusses the priceless role network segmentation plays in protecting OT networks. Ms.

Government Agencies Receiving Suspicious Envelopes with Malware Infected CDs

The Delaware Information & Analysis Center (DIAC) has released a Cyber Alert warning that several state, local, tribal, and territorial governments have reported receiving suspicious envelopes containing malware infected CDs originating from China. Key features of these envelopes include Chinese postmarks, confusingly-worded letters with occasional Chinese characters, and SOCKO brand CD-Rs. DIAC’s alert contains sample photos of a letter, envelope, and CD. Members are encouraged to notify WaterISAC if they receive one of these envelopes. 

Dark Web Cyber Crime Market Thriving

Demand for malware creation is three times greater than supply, according to research by Positive Technologies into more than 10,000 hack-for-hire and malware-related postings on Dark Web markets. Its analysis included 25 sites on the Dark Web in Russian and English, with a total registered user base of about three million people. The leading type of malware available was cryptocurrency miners (20%), followed by hacking utilities (19%), botnet malware (14%), remote access Trojans (RATs) (12%), and ransomware (12%).

Pages

Subscribe to Cybersecurity