Aug 06 2021

14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Category: OT/ICSDISC @ 9:39 am
14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Considering that OT environments are increasingly in the crosshairs of attackers, the 14 vulnerabilities that JFrog and Forescout Research Labs recently discovered in NicheStack should make the likes of Siemens, Schneider Electric and Rockwell Automation take notice–and action.

Millions of programmable logic controllers (PLCs) and controllers from more than 200 device makers use NicheStack, a common, proprietary TCP/IP stack. NicheStack is employed in a wide array of critical infrastructure sectors globally like manufacturing plants, water treatment and power generation and transmission and distribution. It is the basis for numerous TCP/IP stacks and used by OEMS like Altera, Microchip, STMicroelectronics and Freescale.

“These vulnerabilities are very common in OT environments, as many major device vendors are listed as NicheStack customers,” said JFrog CTO Asaf Karas. “For instance, the stack is used in the Siemens S7 PLC, which is one of the most popular PLCs.”

The raft of flaws, dubbed INFRA:HALT, cover a wide gamut of threats–from remote code execution and denial of service (DoS) to TCP spoofing, information leak and DNS cache poisoning. The worst of the flaws, 2020-25928 and 2021-31226 logged CVSSv3.1 scores of 9.8 and 9.1, respectively.

At least for now, there’s a positive take: It seems adversaries have yet to stumble across the flaws. “We didn’t see any sign of exploitation,” said Karas.

He expressed surprise that the vulnerabilities had gone undiscovered. “The biggest surprise is that these kinds of vulnerabilities, that can be automatically detected, were not discovered for such a long time, especially given how critical they are and how common NicheStack is,” said Karas.

InterNiche Technologies has released patches for the vulnerabilities. Still, guarding against them is a thorny matter because, not surprisingly, patching across the supply chain is incredibly challenging from a logistics perspective and OT devices are critical in the environments that use them. So, while the best option for taking the teeth out of these flaws is upgrading to NicheStack v4.3, it might not be the route that many OT-driven businesses take.

14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Tags: OT controller, PLC

May 17 2021

Is 85% of US Critical Infrastructure in Private Hands?

Category: OT/ICS,Scada SecurityDISC @ 9:20 am
Is 85% of US Critical Infrastructure in Private Hands?

When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in private hands. It’s a handy number, and matches our intuition. Still, I have never been able to find a factual basis, or anyone who knows where the number comes from. Paul Rosenzweig investigates, and reaches the same conclusion.

Public Private Partnerships (PPP): Construction, Protection, and Rehabilitation of Critical Infrastructure

Discuss objectives and legal requirements associated with PPPs, the potential advantages and limitations of PPPs, and provide guidance as to how to structure a successful PPP for infrastructure investment.

Critical Infrastructure Risk Assessment

Tags: Critical infrastructure

May 13 2021

Security at Bay: Critical Infrastructure Under Attack

Category: OT/ICS,Scada SecurityDISC @ 10:33 pm
Security at Bay: Critical Infrastructure Under Attack

The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape,

The attack took place on May 7th where hackers used ransomware to cripple the defense of the company. As a result, all operations were forced to shut down as well as operating systems used by the company. A group named DarkSide claimed to be responsible for Colonial Pipelines attack.

The hacker group is active since august and are part of a professional crime industry that have caused damage of billions of dollars. President Biden has delivery remarks that point out to the involvement of Russia in the development of the ransomware. It is not clear if the Colonial company has paid the demands.

The attack brought to light how critical national infrastructure (CNI) is vulnerable and the need of new methodologies to address new menaces that are evolving on a daily basis on many different ways. As far as we know this attack have proved that the understanding of information security has become outdated as well the solutions that were supposed to protect companies assets.

The impact of the attack was far beyond then expected. Consumers were directely impacted with a hike on prices. Also, in South east some drivers started to stocking up as available oil dropped down in fuel stations. About 5,500 miles of pipeline were shutdown. To figure it out in numbers it represents 45% of fuel comsumed from texas to new york.

As reported by Recorded Future ransomware attack groups are gainning momentum and wide spreading throughout every and all sector. From industry to education everyone is on target of ransomware. It is importante to notice that hackers are publishing part of the data and demanding money to do not publish all the data stolen.

While the United States leads the attack of ransomware hackers are aiming to make other countries victims. Freedom and security are deeply rooted in the american dream, but today all the nation see this rights going down with the dangers of information security.

The US Department of Justice and a group of companies have created a task force to manage the issue of ransomware threat. However, the tools that were released by equation group in the past can be the tipping point to new attacks or development of new ways to bypass known protections.

Little is known yet how the company was breached but it was certanly that the goal was to obtain money instead of corrupting the system. Some parts of the system were restored and the company said it will update their systems. Part of operations are manual at this time but its not sure when the supplies will return to normal.

The question now is if the available supplies will be enough. The disruption of the supplies could lead to an impact on many sectors. Bitdefender released a decryption tool on january for an older version of the ransomware, but they said that for this new version the tool do not work. According to Bloomberg 100GB was stolen in just two hours. This is a remarkable event to be considered as the largest and successful act of cyberwarfare.

Finally we need to develop new systems and new tecnologies as this could be the starting of a surge of new threat actors and new attacks that can not be stopped by the actual protection solutions.  

Sources:

https://therecord.media/ransomware-tracker-threat-groups-focus-on-vulnerable-targets/

Colonial Attack Focus: Business Operations

Sep 27 2019

State of OT/ICS CyberSecurity

Category: OT/ICS,Scada SecurityDISC @ 6:42 pm

State of OT/ICS Cybersecurity 2019 [Infographic via SANS Institute]

State of ICS/OT CyberSecurity: pdf

Guide to Industrial Control Systems (ICS) Security

Independent Study Pinpoints Significant SCADA/ICS Security Risks

Cyber-Security and Governance for Industrial Control Systems


NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology



NSM/threat hunting in OT/ICS/SCADA environments
httpv://www.youtube.com/watch?v=_w8usX9_daE

The Convergence (and Divergence) of IT and OT Cyber Security
httpv://www.youtube.com/watch?v=7ZnfuFzB-XM

ICS Security Assessment Methodology, Tools & Tips


Subscribe to DISC InfoSec blog by Email




« Previous Page