Weekly Executive Summary for Week of January 27, 2017

Critical Vulnerability Found in Schneider Electric Wonderware Historian An advisory warning was published by the Industrial Control System Cyber Emergency Response Team (ICS-CERT) detailing a vulnerability that was found in the Schneider Electric Wonderware Historian.  Exploitation of this vulnerability, CVE-2017-5155, allows the attacker to compromise the Continue Reading

Windows Trojan Targets Russian Crane Manufacturers

Source: http://www.securityweek.com/new-trojan-used-spy-russian-crane-manufacturers, http://news.drweb.com/news/?i=10306&lng=en(SecurityWeek, Doctor Web) A Windows Trojan dubbed BackDoor.Crane by the security company Doctor Web has been found targeting two major Russian companies that specialize in cranes and auxiliary equipment. When researchers at the Doctor Web initially discovered the malware it seemed to have Continue Reading

Cyber Attack on German Nuclear Power Plant

Source: http://www.securityweek.com/german-nuke-plant-hit-disruptive-cyber-attack-report, http://www.bbc.com/news/technology-36158606(SecurityWeek, BBC News) PCs were infected with several viruses, these computers were used at a German nuclear power plant known as Rheinisch-Westfälisches Elektrizitätswerk(RWE).  The attack was marked as disruptive rather than destructive, the Director of National Intelligence James Clapper said it wasn’t an attack “since Continue Reading

Israeli Startup Reveals it’s Platform That Provides Broad Support for ICS and OT environments

Source: http://www.securityweek.com/claroty-emerges-stealth-promising-extreme-visibility-industrial-networks (Security Week) An Israeli startup called ‘Claroty’ has come forth from stealth mode and announced its security platform which is designed to provide ‘extreme visibility’ into Operational Technology (OT) environments to protect critical infrastructure from cyber threats. The company says it’s been able to quietly Continue Reading

Threat Group “Operation Ghoul” Targets Industrial Sectors Around the Globe

Source: http://www.securityweek.com/organizations-30-countries-targeted-operation-ghoul , https://threatpost.com/operation-ghoul-targeting-middle-eastern-industrial-engineering-organizations/119928/ (SecurityWeek, Threatpost) Threat group dubbed as Operation Ghoul has been targeting  industrial, petrochemical, naval, military, aerospace, solar energy, and other sectors. Their activities can be traced back as far as March 2015 where they have been trying to make a profit by hijacking Continue Reading

Internet Scan Reveals More Than 100 Critical Infrastructures Exposed Online

Source: https://threatpost.com/scan-reveals-hydropower-plants-other-critical-infrastructure-exposed-online/119316/ In the Fall of 2015 researchers at Wache of Berlin conducted an Internet scan of the IPv4 address space, with the intent to search for specific routers used by industrial control systems(ICS). But one researcher Tim Philipp Schafers started to uncover unauthenticated web applications Continue Reading

Malware Offers Backdoor to Critical Infrastructure Targets

Source: https://www.helpnetsecurity.com/2016/07/13/malware-backdoor-critical-infrastructure-targets/, http://www.theregister.co.uk/2016/07/12/scada_malware/ Security researchers at SentinelOne labs have discovered a new form of malware dubbed SFG, which targets industrial automation control systems. It has already infected at least one European energy company, and could drop a payload that would extract data or potentially shut down Continue Reading

Verizon Investigation: Water Treatment Plant Hacked

Resources: http://news.softpedia.com/news/hackers-modify-water-treatment-parameters-by-accident-502043.shtml http://www.uhwo.hawaii.edu/cyber/index.php/hackers-on-the-high-seas-and-in-plumbing-too-verizons-data-breach-digest-report/ http://www.theregister.co.uk/2016/03/24/water_utility_hacked/ More details arise from Verizon’s data breach digest where their RISK team was asked to come investigate a breach. Hacktivists were responsible for the hacking of a water treatment plan that I mentioned in an older post. Portions of the facility Continue Reading

DHS Warning about Ukrainian Electric Grid Attack

Posted March 9, 2016 Source: https://fcw.com/articles/2016/03/09/rockwell-ukraine-grid.aspx Further Reading: http://www.uhwo.hawaii.edu/cyber/index.php/blackenergy-trojan-used-in-attack-against-ukrainian-critical-infrastructure/ The Department of Homeland Security is warning critical infrastructure providers that cyber attacks like the one that hit Ukraine’s electrical grid are hard to detect and recover from. There is no evidence as of yet of anything similar Continue Reading