The US ICS-CERT published its annual vulnerability coordination report for FY 2015 that provided information about security holes reported to the agency. The US ICS-CERT has published its annual vulnerability coordination report for the fiscal year 2015. The report included detailed information about security vulnerabilities reported to the US ICS-CERT in 2015. “ICS-CERT is pleased to announce the release of […]
Two security researchers have developed an undetectable PLC rootkit that will present at the upcoming Black Hat Europe 2016. The energy industry is under unceasing attack, cyber criminals, and state-sponsored hackers continue to target the systems of the companies in the sector. The Stuxnet case has demonstrated to the IT community the danger of cyber attacks, […]
FireEye documented more than 1,500 vulnerabilities affecting ICS disclosed in the past 15 years, and some of them are still present. Security of critical infrastructure is a pillar of the cyber strategy of any government, both the NIS directive and Warsaw NATO summit stressed the importance of a proper security posture to protect our systems from cyber […]
Security experts from Damballa that analyzed the SFG malware confirmed that it was not designed to target SCADA systems in the energy industry Recently, experts from the SentinelOne security firm spotted a sophisticated malware dubbedSFG, a spawn of Furtim malicious code, targeting at least one European energy company. Media speculated the existence of a powerful SFG […]
Experts at FireEye spotted IRONGATE a mysterious strain of malware that appears to be designed to target industrial control systems (ICS). Security researchers at FireEye have spotted a new strain of malware IRONGATE has been designed to compromise industrial control systems (ICS). The malicious code was designed to manipulate a specific industrial process in a simulated Siemens control […]
The Ukranian power blackout has demonstrated the worrying effects of the SCADA hacking, other countries like UK fear similar attacks. All the warnings from security experts throughout the years have unfortunately been disregarded, when it comes to the hackersâ threats in strategical spots, such as that of power generation. As a result, hackers have acted […]
The APT group behind the attacks against critical infrastructure in Ukraine is spreading BlackEnergy malware through specially crafted Word documents. Malicious campaigns leveraging the BlackEnergy malware are targeting energy and ICS/SCADA companies from across the world. The threat actors behind the recent attacks based on the popular malware are now targeting critical infrastructure in Ukraine. In […]
Security experts from SCADA StrangeLove group disclosed SCADAPASS, a list of default credentials for ICS and SCADA systems. Recently I wrote about the SCADA StrangeLove research team reporting their study on the level of cyber security implemented in modern railroad systems . Now the SCADA StrangeLove group has published a list of default credentials, dubbed âSCADAPASS,â associated with industrial […]
How much cost a zero-day for an industrial control system? Where is to possible to buy them and who are the main buyers of these commodities? We have discussed several times about the importance of zero-day in cyber attacks against computer systems, the exploitation of previously unknown vulnerabilities is a prerogative of well-funded hacking groups such as state-sponsored crews. […]
The nuclear industry is still unprepared to respond cyberattacks exposing civil nuclear facilities worldwide at risk of cyber attacks. Civil nuclear facilities worldwide are privileged targets for cyber attacks, according to a new report published this week by the Chatham House. The Stuxnet attack that targeted Iranian nuclear facilities demonstrated the risks for cyberattacks, for the first […]