As smart devices become more prevalent and are used in critical situations, software developers will have to understand that they now have a greater responsibility to keep their software products safe.
The security of an enterprise is not only dependent on the organization itself, but also on the security of their IT supply chain and contractors. These represent potential weak points into the security of any organization.
Attackers are actively attempting to compromise Internet-facing gas pump monitoring systems. We began searching for these devices to see if we could glean any intelligence on attacks that have occurred against these devices.
A cyber attack on a German steel plant has been confirmed to suffer a significant amount of damage, putting the spotlight on the evident lack of security across a number of different critical facilities and institutions.
During a security evaluation of AIS, we found that both the implementation, as well as the protocol specification of AIS, is affected by several threats, from spoofing and hijacking to availability disruption.
The United States Industrial Control System Cyber Emergency Response Team recently released an advisory warning operators of industrial control systems that there is an active cyber crime campaign targeting them with Trojans and backdoor attacks.
After beginning an investigation into the affiliated malware samples and domains used by the Sandworm team, we found that the group is likely targeting SCADA-centric victims using GE Intelligent Platform’s CIMPLICITY HMI solution suite.