Microsoft released a new security update on June 17th in an attempt to patch a vulnerability which allowed the Stuxnet Virus to exploit Windows systems. The Stuxnet Virus which attacks Industrial Control Systems was first discovered in 2010 when it infected Iranian Programmable Logic Controllers. Stuxnet compromises controllers by first targeting Windows operating systems and […]
Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest networking equipment to find was […]
Researchers at antivirus firm ESET have discovered a new strain of malware, dubbed Industroyer, that appears to have been designed to target power grids. The experts published a detailed analysis of the malware, they speculated the malicious code has been involved in the December 2016 attack on an electrical substation in Ukraine. “Win32/Industroyer is a sophisticated piece […]
Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide. After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives. […]
The security researchers at the Georgia Institute of Technology have simulated a ransomware-based attack on PLCs in a water treatment plant. The security researchers at the Georgia Institute of Technology have conducted an interesting research on the potential impact of ransomware on industrial control systems (ICS). The researchers David Formby, a Ph.D. student in the Georgia […]
Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]
The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]
At the Black Hat Europe 2016 two security researchers devised undetectable attacks that could be used to hack PLC systems avoid being detected. Security researchers at the Black Hat Europe 2016 have presented a new attack method that could be used to hack programmable logic controllers avoid being detected. programmable logic controllers are essential components for […]
CyberX experts at the SecurityWeek’s 2016 ICS Cyber Security Conference disclosed a critical flaw in the Schneider Industrial Firewalls. This week, at the SecurityWeek’s 2016 ICS Cyber Security Conference, researchers at industrial security firm CyberX disclosed several important vulnerabilities. The experts demonstrated how hackers can target ICS systems and passing security measures in places. Among the vulnerabilities disclosed by […]
Kaspersky Lab has launched a new global computer emergency response team (CERT), the Kaspersky Lab ICS-CERT, focusing on industrial control systems (ICS).. Kaspersky has anticipated launching an Industrial Control Systems CERT. Of course, I’m joking, anyway I always sustained that the creation of a similar structure represents an important achievement for the cyber security of any government. Kaspersky […]