Cybersecurity

The U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) has issued an alert in response to recently disclosed exploits that target unsecure configurations of SAP components. According to the alert, a presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network.

The NCCIC has published an advisory on use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities in Orpak SiteOmat. Versions prior to 6.4.414.122 and 6.4.414.084 are affected. Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration, and payment information.

A report from cybersecurity company Coveware provides some interesting statistics on ransomware incidents that were experienced in the first quarter of 2019. Coveware found the average ransom for these incidents increased by nearly 90% to $12,762, as compared to $6,733 in the fourth quarter of 2018. According to Coveware, this reflected increased infection by more expensive types of ransomware, including Ryuk, which are typically used in targeted attacks on larger organizations.

The NCCIC has released an advisory on uncontrolled resource consumption and stack-based buffer overflow vulnerabilities in Rockwell Automation CompactLogix 5370. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to render the web server unavailable and/or place the controller in a major non-recoverable faulted state (MNRF).