Archive for the ‘critical infrastructure’ Category

DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

May 1st, 2019
In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found

Posted in critical infrastructure, cybersecurity, DHS, Homeland Security, patch update, Software security, Vulnerability | Comments (0)

Mysterious safety-tampering malware infects a second critical infrastructure site

April 10th, 2019
Critical infrastructure sites such as this oil refinery in Port Arthur, Texas, rely on safety systems.

Enlarge / Critical infrastructure sites such as this oil refinery in Port Arthur, Texas, rely on safety systems. (credit: IIP Photo Archive)

Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents.

There had been compromises of critical infrastructure sites before. What was unprecedented in this attack—and of considerable concern to some researchers and critical infrastructure operators—was the use of an advanced piece of malware that targeted the unidentified site’s safety processes. Such safety instrumented systems (SIS) are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, a SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents.

By focusing on the site’s SIS, the malware carried the threat of physical destruction that depending on the site and the type of accident had the potential to be serious if not catastrophic. The malware was alternately named Triton and Trisis, because it targeted the Triconex product line made by Schneider Electric. It’s development was ultimately linked to a Russian government-backed research institute.

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, critical infrastructure, Industrial Control Systems, malware, Policy, Triton | Comments (0)

Russia was likely behind dangerous critical infrastructure attack, report says

October 24th, 2018
Russia was likely behind dangerous critical infrastructure attack, report says

Enlarge (credit: Eni An Energy Company)

Malware that caused a dangerous operational failure inside a Middle Eastern critical infrastructure facility was most likely developed by a Russian government-backed research institute, researchers from US security firm FireEye said Tuesday.

The malware, alternately dubbed Triton and Trisis, was most likely designed to cause physical damage inside critical infrastructure sites, such as gas refineries and chemical plants, FireEye researchers said in a report published in December. The attack worked by tampering with a safety instrumented system, which the targeted facility and many other critical infrastructure sites use to prevent unsafe conditions from arising. FireEye’s December report said a nation state was most likely behind the attack, but stopped short of identifying the country.

In a report published Tuesday, FireEye said its researchers now assess with high confidence that the malware used in the attack was developed with the help of the Central Scientific Research Institute of Chemistry and Mechanics in Moscow. The assessment was based on a variety of evidence that not only implicated the institute, which in Russian is abbreviated as CNIIHM, but also a specific professor who works there. Evidence linking the CNIIHM to the attack—which FireEye now calls TEMP.Veles—included malware that was tested inside the institute, artifacts left inside the malware used in the attack, an IP address belonging to CNIIHM, and the malware developer’s operating hours, which showed them observing the work a normal work schedule in Moscow.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, critical infrastructure, FireEye, russia | Comments (0)

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

October 24th, 2018
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON, also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety

Posted in critical infrastructure, FireEye, hacking news, ICS Malware, industrial control system, malware, Russian hackers, SCADA Malware, Scada system, Trisis, Triton Malware | Comments (0)

‘Gloomy times ahead’ for security on critical infrastructure, warn experts

August 21st, 2017

NIST is raising awareness that security through obscurity has become a thing of the past – but are we doing enough to protect infrastructure such as dams and power plants?

Posted in critical infrastructure, government security, Industrial Control Systems, process sensors, Security threats | Comments (0)

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated…

Read the whole entry… »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

Exploits Available for Siemens Molecular Imaging Vulnerabilities

August 4th, 2017

ICS-CERT published advisories this week warning users of Siemens molecular imaging products of publicly exploits for Windows 7 versions of those devices.

Posted in critical infrastructure, health care, molecular imaging products, Siemens, vulnerabilities | Comments (0)

Vulnerable Radiation Monitoring Devices Won’t Be Patched

July 26th, 2017

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Posted in Black Hat, critical infrastructure, Digi, firmware vulnerabilities, hardware hacking, IOActive, Ludlum Portal Monitors, Mirion WRM2 protocol, nuclear power plant security, radiation monitoring devices, RF analysis, Ruben Santamarta, vulnerabilities | Comments (0)

Siemens Patches Authentication Bypass Flaw in SiPass Server

July 14th, 2017

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server.

Posted in authentication bypass, critical infrastructure, Man in the middle, Siemens, Siemens patches, Siemens SIMATIC Sm@rtClient for Android, Siemens SiPass integrated server, vulnerabilities | Comments (0)

Energy, Nuclear Targeted with Template Injection Attacks

July 10th, 2017

Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities.

Posted in Cisco Talos, critical infrastructure, Critical infrastructure attacks, docx, GitHub, Phishery, phishing attack, Relationship ID, Server Message Block, SMB server, URL injector, WebDAV, Wolf Creek Nuclear Operating Corporation | Comments (0)