Industrial Security


  • Cisco zero-day exploited in the wild to crash and reload devices

    November 1, 2018

    The Cisco security team has revealed earlier the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The vulnerability has been exploited in the wild, according to a security advisory the company published a few hours ago. No patches are available at the time of writing. Cisco says it ...

  • Thousands of critical energy and water systems exposed online for anyone to exploit

    October 30, 2018

    While you likely don’t stop to think about water or energy industries when you grab a drink of water or flip on the lights, you would definitely notice if your electricity or water stopped working. You might not know why they stopped working at first, but since critical infrastructure is connected online, then it’s not outside ...

  • Critical Infrastructure & Supply Chain Remain Highly Vulnerable to Attacks

    October 24, 2018

    This week, the National Cyber Security Alliance (NCSA) reminds us that, “our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic ...

  • FireEye links Russian research lab to Triton ICS malware attacks

    October 24, 2018

    A Russian research laboratory is behind cyber-attacks on critical infrastructure, including on a Saudi petrochemical plant, according to a report published today by US cyber-security firm FireEye. The cyber-attacks took place in 2017 and deployed a never-before-seen malware strain known as Triton –or Trisis– specifically engineered to interact with Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers According to ...

  • GreyEnergy: New malware campaign targets critical infrastructure companies

    October 17, 2018

    The hacking group which took down Ukrainian power grids is systematically targeting critical infrastructure in Ukraine and beyond in what security researchers believe could be cyber espionage and reconnaissance ahead of future attacks. Dubbed GreyEnergy by researchers at ESET, the group is believed to have been active over the last three years and to be linked to ...

  • How Shodan helps identify ICS cybersecurity vulnerabilities

    October 17, 2018

    An industrial control system is essentially a collection of computers that monitor and control industrial systems. They make the world move and help with everything from food processing to transportation to running the espresso maker at your local Starbucks. The challenge is an industrial control system (ICS) can be readily attacked by advanced persistent threat groups, ...

  • German manufacturers lose $50B to cyber attacks, SMBs at greatest risk

    September 14, 2018

    Two-thirds of German manufacturers have faced cyberattacks, racking up $50 billion in costs, according to a Bitkom survey released on Thursday. Acting as Europe’s largest economy, Germany has recently been a hot bed for cyber criminals. Bitkom surveyed 503 managers and security chiefs from Germany’s entire manufacturing sector, determining SMBs—the economy’s main backbone—to be the most ...

  • More than 40% of ICS computers were attacked in H1 2018

    September 11, 2018

    More than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were attacked by malicious software at least once during the first half of 2018. The most impacted countries turned out to be Vietnam, Algeria and Sri Lanka, while the safest region for industrial machines was Denmark. These are among the ...

  • High-Severity Flaws Patched in Schneider Electric Products

    August 29, 2018

    Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221, can be exploited remotely, according to dual advisories released by ICS-CERT on Tuesday. The ...

  • Can you recover the power grid after a cyberattack? The Department of Energy finds out

    August 6, 2018

    The US Department of Energy (DoE) is planning a “hands-on” test of the real-world consequences associated with successful cyberattacks against core country services. Cyberattacks levied against critical infrastructure, smart grids, and utilities are not a future possibility; but rather, they are happening now. Ukraine’s power grid blackout in 2016 was one of the first real indicators that ...