Industrial Security


  • US cyberwar against Russia is hypothetical possibility, says Kremlin spokesman

    June 17, 2019

    Russian Presidential Spokesman Dmitry Peskov believes that the United States’ cyberwar against Russia is a hypothetical possibility. He made the statement to the media in response to claims by The New York Times that US secret services over the past year were increasingly active in their attempts to cripple computer malware inside Russia’s power grid. Peskov ...

  • TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies

    June 14, 2019

    XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas. XENOTIME, the APT group behind the TRISIS industrial control system (ICS) event, has expanded its focus beyond the oil and gas industries, according to researchers. The group has recently been seen probing the networks of electric utility organizations ...

  • As hackers get smarter, America’s energy industry is shoring up its defenses

    April 22, 2019

    America is under attack. Every day, we’re besieged by a group of enemy combatants. Nameless, faceless, and spread throughout the world, this group is united by a single aim: to upend American life as we know it. These attackers are not soldiers or terrorists in the traditional sense. They are hackers, on a mission to cause ...

  • 4 Stuxnet-Related APTs Form Gossip Girl, an ‘Apex Threat Actor’

    April 9, 2019

    The infamous Stuxnet family of industrial sabotage malware is likely the work of a mysterious “supra-group” that Chronicle researchers Juan Andres Guerrero Saad and Silas Cutler have dubbed Gossip Girl; and it’s a group that turns out to be larger and far busier than previously known. In a session at the Security Analyst Summit 2019 in Singapore this ...

  • Study Highlights ‘Relentless’ Attacks On Critical Infrastructure

    April 9, 2019

    Cyber-attacks on critical infrastructure are “relentless and continuous”, with successful attacks often taking systems offline, a new study has found. The study by the Ponemon Institute, based on a survey of 701 security professionals in seven countries, including the UK, found that 90 percent of respondents said their systems had been affected by at least one successful attack ...

  • Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

    March 29, 2019

    A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it. A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. The vulnerability was identified in Rockwell Automation’s PowerFlex 525 ...

  • Half of industrial control system networks have faced cyberattacks, say security researchers

    March 27, 2019

    Industrial control systems in manufacturing, energy, chemical and other environments are coming under an increasing number of cyberattacks, as hacking groups of all kinds attempt to breach these networks. By targeting industrial systems attackers can potentially do vast amounts of damage, ranging from using backdoors to make off with sensitive data, causing the network to shut down ...

  • Industrial Network Switches Rife with Vulnerabilities

    March 12, 2019

    Industrial switches used to build networks in the oil and gas and maritime logistics sectors, as well as broader critical national infrastructure (CNI) are rife with security vulnerabilities, according to cybersecurity company Positive Technologies. The Framingham, Massachusetts-based company said it had identified five vulnerabilities in US-based Moxa’s EDS-405A, EDS-408A, and EDS-510A series switches, including three that are “highly ...

  • Report: Industrial control systems face uphill security battles in 2019

    February 15, 2019

    Dragos, a security firm that specializes in industrial control systems (ICS) has released three year-in-review reports that cover vulnerabilities reported in 2018, the 2018 threat landscape, and lessons it learned in responding to ICS security incidents. IT security professionals operating in an ICS environment should take a look at all three reports: Not only do they paint ...

  • Siemens Warns of Critical Remote-Code Execution ICS Flaw

    February 12, 2019

    Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management (DRM) solution that affects the SICAM 230 process control system. SICAM 230 is used for a broad range of industrial control system (ICS) applications, including use as an integrated energy system for ...