Dec 14 2021

Modern cars: A growing bundle of security vulnerabilities

Category: OT/ICS,Scada SecurityDISC @ 9:55 am
Modern cars: A growing bundle of security vulnerabilities
Cars are becoming increasingly smart and an extension to our mobile phones. How is this impacting users’ security and privacy?

With the expansion of our technology in use, our vulnerability surface increases dramatically. Ultimately, this is yet another vulnerability to keep in mind for your own safety and security. As we grow in our technology and dependence thereon, that inherently expands the opportunity for bad actors to take advantage of the dependence. The difference with car vulnerability, however, is you’re not just talking about your personal data being compromised, but rather the influence over your car while driving could affect your immediate physical safety.

In terms of privacy, the onboard computers of used, rented, or crashed/totaled vehicles can contain sensitive residual data from previous drivers such as contact and calendar details, unencrypted videos, and more.

What are the biggest vulnerabilities of today’s modern cars?

The lack of one single “gate keeper” is a substantial issue when it comes to modern car vulnerability. The patchwork of various technologies being meshed together for the overall car means not only is there not one single overseer of that technology but also that protocols are set without security in mind because they need to be able to easily communicate with each other.

In addition, we see the same vulnerabilities that you have with your phones and computers: protocol vulnerability. The difference is what the bad actors could have access to: electronic control units (ECUs) which all communicate to access and control the subsystems in a car such as your braking or navigation system. Not only could the hacker access the vehicle information resulting in influence on the car such as the alert systems within the vehicle, but could also access personal information such as home addresses or phone IPs.

What are the techniques hackers could use to compromise a car?

Hacking Connected Cars: Tactics, Techniques, and Procedures

Tags: cars security, Hacking Connected Cars

Nov 10 2021

Most CIOs and CISOs underestimate the risk of an OT breach

Category: CISO,OT/ICS,vCISODISC @ 10:27 am
Most CIOs and CISOs underestimate the risk of an OT breach

“Not only do enterprises rely on OT, the public at large relies on this technology for vital services including energy and water. Unfortunately, cybercriminals are all too aware that critical infrastructure security is generally weak. As a result, threat actors believe ransomware attacks on OT are highly likely to pay off,” said Skybox Security CEO Gidi Cohen. “Just as evil thrives on apathy, ransomware attacks will continue to exploit OT vulnerabilities as long as inaction persists.”

The research unearths the uphill battle that OT security faces – comprised of network complexity, functional silos, supply chain risk, and limited vulnerability remediation options. Threat actors take advantage of these OT weaknesses in ways that don’t just imperil individual companies – but threaten public health, safety, and the economy.

Key takeaways

Organizations underestimate the risk of a cyberattack

Fifty-six percent of all respondents were “highly confident” their organization will not experience an OT breach in the next year. Yet, 83% also said they had at least one OT security breach in the prior 36 months. Despite the criticality of these facilities, the security practices in place are often weak or nonexistent.

CISO disconnect between perception and reality

Seventy-three percent of CIOs and CISOs are highly confident their OT security system will not be breached in the next year. Compared to only 37% of plant managers, who have more firsthand experiences with the repercussion of attacks. While some refuse to believe their OT systems are vulnerable, others say the next breach is around the corner.

Compliance does not equal security

To date, compliance standards have proven insufficient in preventing security incidents. Maintaining compliance with regulations and requirements was the most common top concern of all respondents. Regulatory compliance requirements will continue to increase in light of recent attacks on critical infrastructure.

Complexity increases security risk

Seventy-eight percent said complexity due to multivendor technologies is a challenge in securing their OT environment. In addition, 39% of all respondents said that a top barrier to improving security programs is decisions are made in individual business units with no central oversight.

Cyber liability insurance is considered sufficient by some

Thirty-four percent of respondents said that cyber liability insurance is considered a sufficient solution. However, cyber liability insurance does not cover costly “lost business” that results from a ransomware attack, which is one of the top three concerns of the survey respondents.

Exposure and path analysis are top cybersecurity priorities

Forty-five percent of CISOs and CIOs say the inability to conduct path analysis across the environment to understand actual exposure is one of their top three security concerns. Further, CISOs and CIOs said disjointed architecture across OT and IT environments (48%) and the convergence of IT technologies (40%) are two of their top three greatest security risks.

Functional silos lead to process gaps and technology complexity

CIOs, CISOs, Architects, Engineers, and Plant Managers all list functional silos among their top challenges in securing OT infrastructure. Managing OT security is a team sport. If the team members are using different playbooks, they are unlikely to win together.

Supply chain and third-party risk is a major threat

Forty percent of respondents said that supply chain/third-party access to the network is one of the top three highest security risks. Yet, only 46% said their organization as a third-party access policy that applied to OT.

CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers

Aug 06 2021

14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Category: OT/ICSDISC @ 9:39 am
14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Considering that OT environments are increasingly in the crosshairs of attackers, the 14 vulnerabilities that JFrog and Forescout Research Labs recently discovered in NicheStack should make the likes of Siemens, Schneider Electric and Rockwell Automation take notice–and action.

Millions of programmable logic controllers (PLCs) and controllers from more than 200 device makers use NicheStack, a common, proprietary TCP/IP stack. NicheStack is employed in a wide array of critical infrastructure sectors globally like manufacturing plants, water treatment and power generation and transmission and distribution. It is the basis for numerous TCP/IP stacks and used by OEMS like Altera, Microchip, STMicroelectronics and Freescale.

“These vulnerabilities are very common in OT environments, as many major device vendors are listed as NicheStack customers,” said JFrog CTO Asaf Karas. “For instance, the stack is used in the Siemens S7 PLC, which is one of the most popular PLCs.”

The raft of flaws, dubbed INFRA:HALT, cover a wide gamut of threats–from remote code execution and denial of service (DoS) to TCP spoofing, information leak and DNS cache poisoning. The worst of the flaws, 2020-25928 and 2021-31226 logged CVSSv3.1 scores of 9.8 and 9.1, respectively.

At least for now, there’s a positive take: It seems adversaries have yet to stumble across the flaws. “We didn’t see any sign of exploitation,” said Karas.

He expressed surprise that the vulnerabilities had gone undiscovered. “The biggest surprise is that these kinds of vulnerabilities, that can be automatically detected, were not discovered for such a long time, especially given how critical they are and how common NicheStack is,” said Karas.

InterNiche Technologies has released patches for the vulnerabilities. Still, guarding against them is a thorny matter because, not surprisingly, patching across the supply chain is incredibly challenging from a logistics perspective and OT devices are critical in the environments that use them. So, while the best option for taking the teeth out of these flaws is upgrading to NicheStack v4.3, it might not be the route that many OT-driven businesses take.

14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Tags: OT controller, PLC

May 17 2021

Is 85% of US Critical Infrastructure in Private Hands?

Category: OT/ICS,Scada SecurityDISC @ 9:20 am
Is 85% of US Critical Infrastructure in Private Hands?

When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in private hands. It’s a handy number, and matches our intuition. Still, I have never been able to find a factual basis, or anyone who knows where the number comes from. Paul Rosenzweig investigates, and reaches the same conclusion.

Public Private Partnerships (PPP): Construction, Protection, and Rehabilitation of Critical Infrastructure

Discuss objectives and legal requirements associated with PPPs, the potential advantages and limitations of PPPs, and provide guidance as to how to structure a successful PPP for infrastructure investment.

Critical Infrastructure Risk Assessment

Tags: Critical infrastructure

May 13 2021

Security at Bay: Critical Infrastructure Under Attack

Category: OT/ICS,Scada SecurityDISC @ 10:33 pm
Security at Bay: Critical Infrastructure Under Attack

The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape,

The attack took place on May 7th where hackers used ransomware to cripple the defense of the company. As a result, all operations were forced to shut down as well as operating systems used by the company. A group named DarkSide claimed to be responsible for Colonial Pipelines attack.

The hacker group is active since august and are part of a professional crime industry that have caused damage of billions of dollars. President Biden has delivery remarks that point out to the involvement of Russia in the development of the ransomware. It is not clear if the Colonial company has paid the demands.

The attack brought to light how critical national infrastructure (CNI) is vulnerable and the need of new methodologies to address new menaces that are evolving on a daily basis on many different ways. As far as we know this attack have proved that the understanding of information security has become outdated as well the solutions that were supposed to protect companies assets.

The impact of the attack was far beyond then expected. Consumers were directely impacted with a hike on prices. Also, in South east some drivers started to stocking up as available oil dropped down in fuel stations. About 5,500 miles of pipeline were shutdown. To figure it out in numbers it represents 45% of fuel comsumed from texas to new york.

As reported by Recorded Future ransomware attack groups are gainning momentum and wide spreading throughout every and all sector. From industry to education everyone is on target of ransomware. It is importante to notice that hackers are publishing part of the data and demanding money to do not publish all the data stolen.

While the United States leads the attack of ransomware hackers are aiming to make other countries victims. Freedom and security are deeply rooted in the american dream, but today all the nation see this rights going down with the dangers of information security.

The US Department of Justice and a group of companies have created a task force to manage the issue of ransomware threat. However, the tools that were released by equation group in the past can be the tipping point to new attacks or development of new ways to bypass known protections.

Little is known yet how the company was breached but it was certanly that the goal was to obtain money instead of corrupting the system. Some parts of the system were restored and the company said it will update their systems. Part of operations are manual at this time but its not sure when the supplies will return to normal.

The question now is if the available supplies will be enough. The disruption of the supplies could lead to an impact on many sectors. Bitdefender released a decryption tool on january for an older version of the ransomware, but they said that for this new version the tool do not work. According to Bloomberg 100GB was stolen in just two hours. This is a remarkable event to be considered as the largest and successful act of cyberwarfare.

Finally we need to develop new systems and new tecnologies as this could be the starting of a surge of new threat actors and new attacks that can not be stopped by the actual protection solutions.  

Sources:

https://therecord.media/ransomware-tracker-threat-groups-focus-on-vulnerable-targets/

Colonial Attack Focus: Business Operations

Sep 27 2019

State of OT/ICS CyberSecurity

Category: OT/ICS,Scada SecurityDISC @ 6:42 pm

State of OT/ICS Cybersecurity 2019 [Infographic via SANS Institute]

State of ICS/OT CyberSecurity: pdf

Guide to Industrial Control Systems (ICS) Security

Independent Study Pinpoints Significant SCADA/ICS Security Risks

Cyber-Security and Governance for Industrial Control Systems


NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology



NSM/threat hunting in OT/ICS/SCADA environments
httpv://www.youtube.com/watch?v=_w8usX9_daE

The Convergence (and Divergence) of IT and OT Cyber Security
httpv://www.youtube.com/watch?v=7ZnfuFzB-XM

ICS Security Assessment Methodology, Tools & Tips


Subscribe to DISC InfoSec blog by Email




« Previous Page