TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies

XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas. XENOTIME, the APT group behind the TRISIS industrial control system (ICS) event, has expanded its focus beyond the oil and gas industries, Read More …

As hackers get smarter, America’s energy industry is shoring up its defenses

America is under attack. Every day, we’re besieged by a group of enemy combatants. Nameless, faceless, and spread throughout the world, this group is united by a single aim: to upend American life as we know it. These attackers are Read More …

4 Stuxnet-Related APTs Form Gossip Girl, an ‘Apex Threat Actor’

The infamous Stuxnet family of industrial sabotage malware is likely the work of a mysterious “supra-group” that Chronicle researchers Juan Andres Guerrero Saad and Silas Cutler have dubbed Gossip Girl; and it’s a group that turns out to be larger Read More …

Study Highlights ‘Relentless’ Attacks On Critical Infrastructure

Cyber-attacks on critical infrastructure are “relentless and continuous”, with successful attacks often taking systems offline, a new study has found. The study by the Ponemon Institute, based on a survey of 701 security professionals in seven countries, including the UK, found that Read More …

Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it. A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component Read More …

Half of industrial control system networks have faced cyberattacks, say security researchers

Industrial control systems in manufacturing, energy, chemical and other environments are coming under an increasing number of cyberattacks, as hacking groups of all kinds attempt to breach these networks. By targeting industrial systems attackers can potentially do vast amounts of damage, Read More …

Industrial Network Switches Rife with Vulnerabilities

Industrial switches used to build networks in the oil and gas and maritime logistics sectors, as well as broader critical national infrastructure (CNI) are rife with security vulnerabilities, according to cybersecurity company Positive Technologies. The Framingham, Massachusetts-based company said it had identified Read More …

Report: Industrial control systems face uphill security battles in 2019

Dragos, a security firm that specializes in industrial control systems (ICS) has released three year-in-review reports that cover vulnerabilities reported in 2018, the 2018 threat landscape, and lessons it learned in responding to ICS security incidents. IT security professionals operating Read More …

Siemens Warns of Critical Remote-Code Execution ICS Flaw

Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management (DRM) solution that affects the SICAM 230 process control system. SICAM 230 is used for a Read More …

Security alert for vulnerabilities in Siemens PLCs

Siemens has issued a security alert about the company’s Simatic S7-1500 programmable logic controllers (PLCs) after security researchers at Positive Technologies reported “serious vulnerabilities” that exposed industrial processes to denial-of-service (DoS) attacks. The researchers warn that, left unpatched, the vulnerabilities can be exploited by cyber Read More …