https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018
The two biggest challenges in 2018 will continue to be protecting against unauthorized access, and patching/updating the software of the device. Companies must not neglect the security problems of IoT and IIoT devices. Cyberattacks on the Internet of Things (IoT) are already a reality.
According to Gartner‘s market researchers, global spending on IoT security will increase to $1.5 billion this year.
1,645 Comments
Tomi Engdahl says:
https://www.kaspersky.fi/resource-center/threats/secure-iot-devices-on-your-home-network
Tomi Engdahl says:
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities
https://www.securityweek.com/energy-department-offering-9m-in-cybersecurity-competition-for-small-electric-utilities/
Small electric utilities in the US offered $9 million as part of a competition whose goal is to help them boost their cybersecurity posture.
The US Department of Energy on Wednesday announced a competition that can help smaller electric utilities obtain funding and technical assistance for improving their cybersecurity posture.
The competition, named the Advanced Cybersecurity Technology (ACT) 1 Prize Competition, is part of the Biden administration’s Rural and Municipal Utility Cybersecurity (RMUC) Program, which has set aside $250 million over a five-year period for enhancing cybersecurity at cooperative, municipal and small investor-owned electric utilities.
For the ACT 1 Prize Competition, which is the first in a series, the total budget is $8.96 million in cash and technical assistance.
The competition has three phases, focusing on commitment, planning and implementation.
Tomi Engdahl says:
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick?
https://www.securityweek.com/smart-cities-utopian-dream-security-nightmare-or-political-gimmick/
As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.
How much smart does a smart city need to be called smart? It’s not a trivial question. It goes to the heart of understanding the concept of connected cities: what is a smart city, what does it deliver, and is it worth the effort? And is it ultimately a utopian dream or a cybersecurity nightmare?
Tomi Engdahl says:
MITRE and CISA Release Open Source Tool for OT Attack Emulation
https://www.securityweek.com/mitre-and-cisa-release-open-source-tool-for-ot-attack-emulation/
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
The MITRE Corporation and the US Cybersecurity and Infrastructure Security Agency (CISA) today announced a new extension for the open source Caldera platform that emulates adversarial attacks against operational technology (OT).
The new Caldera for OT extension is the result of a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA, to help improve the resilience of critical infrastructure.
The Caldera cybersecurity platform provides automated adversary emulation, security assessments, and red-, blue-, and purple-teaming, and uses the MITRE ATT&CK framework as its backbone.
Caldera for OT, which also enables Factory and Security Acceptance Testing (FAT/SAT), is now available for industrial control systems (ICS) defenders to benefit from the open source platform as well.
https://github.com/mitre/caldera-ot
Tomi Engdahl says:
CISA Hires ‘Mudge’ to Work on Security-by-Design Principles
https://www.securityweek.com/cisa-hires-mudge/
Peiter ‘Mudge’ Zatko joins the US government’s cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles.
The U.S. government’s cybersecurity agency CISA on Monday confirmed the addition of Peiter ‘Mudge’ Zatko to its roster of prominent voices preaching the gospel of security-by-design and secure-by-default development principles.
Zatko, most recently the CISO at Twitter who blew the whistle on the social media giant’s security shortcomings, is joining the agency in a part-time capacity to work on the “security and resilience by design” pillar of the Biden administration’s National Cybersecurity Strategy.
A statement from CISA boss Jen Easterly confirmed Mudge’s addition as Senior Technical Advisor to work on shaping a culture of security-by-design everywhere.
“Mudge joins us in a part-time capacity to help us collaboratively shape a culture of security by design that is foundational to every security team, every C-suite, and every board room in the country,” Easterly said. Zatko’s hiring was first reported by the Washington Post.
Zatko is a famous hacker from the L0pht/cDc collectives who is credited for some of the earliest research work around buffer overflow vulnerabilities. He previously served as a DARPA program manager and created the Cyber Fast Track program that provided resources to hackers and hacker spaces.
Tomi Engdahl says:
IoT Security Handbook
https://www.arm.com/-/media/global/products/security-on-arm/ARM921_IoT_Security_Handbook_ST1_Digital.pdf?revision=36bb1433-a25e-4b00-9a85-c1c20f1fb725&rev=36bb1433a25e4b009a85c1c20f1fb725&hash=DE439F6370DF6DED524A099A290436987060723E
As we increasingly integrate
more devices in our lives, the
potential effect of security
breaches is huge!
Tomi Engdahl says:
PSA Certified: Making Secure Digital Transformation a Reality
https://www.arm.com/architecture/psa-certified
https://www.psacertified.org/
Tomi Engdahl says:
https://datatracker.ietf.org/doc/draft-tschofenig-rats-psa-token/
Tomi Engdahl says:
Arm Platform Security Architecture: Can It Secure The IoT?
By John Leonard April 10, 2019
https://blog.nordicsemi.com/getconnected/arm-platform-security-architecture-can-it-secure-iot
Why TrustZone Matters for IoT
https://blog.nordicsemi.com/getconnected/why-trustzone-matters-in-iot
Tomi Engdahl says:
PSA Certified: Making Secure Digital Transformation a Reality
https://www.arm.com/architecture/psa-certified
The industry is at a turning point in security. The PSA Certified 2022 Security Report revealed business leaders have placed security at the top of the priority list and are committed to addressing the lag between the rate of digital transformation and the speed of securing the ecosystem.
As the ecosystem prepares to tackle underlying security concerns, research shows that there are some barriers to overcome. In particular, cost remains a barrier to implementation – physical costs, the cost of security experts, and the price of independent evaluation.
https://www.psacertified.org/
Tomi Engdahl says:
PSA Certified 2023 Security Report
https://report.psacertified.org/
https://www.psacertified.org/blog/
Tomi Engdahl says:
https://www.arm.com/architecture/security-features/platform-security
https://www.psacertified.org/blog/common-device-security-myths-debunked/
Tomi Engdahl says:
The History of IoT Security
https://www.psacertified.org/blog/a-history-of-iot-security/
Tomi Engdahl says:
https://www.cnx-software.com/2017/10/25/arms-platform-security-architecture-aims-to-secure-the-internet-of-things-iot/
Tomi Engdahl says:
https://community.arm.com/arm-community-blogs/b/internet-of-things-blog/posts/the-iot-architects-practical-guide-to-security
Tomi Engdahl says:
ICS/OT
Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform
https://www.securityweek.com/cisco-finds-8-vulnerabilities-in-oas-industrial-iot-data-platform/
Vulnerabilities identified in the OAS Platform could be exploited to bypass authentication, leak sensitive information, and overwrite files.
Multiple vulnerabilities in the Open Automation Software (OAS) Platform can be exploited to bypass authentication, leak sensitive information, and overwrite files, Cisco warns.
Enabling communication and data transfer between servers, industrial control systems (ICS), IoT, and other types of devices, the OAS Platform is typically used in industrial operations and enterprise environments. It also supports logging and notifications, and cross-platform integrations.
On Wednesday, Cisco’s Talos security researchers disclosed eight vulnerabilities identified in the OAS Platform’s engine configuration management functionality, which allows users to load and save configurations to a disk and install them on other devices. Three of the bugs are rated high-severity.
The most important of these are CVE-2023-31242 and CVE-2023-34998, two authentication bypass flaws that can be exploited using specially-crafted requests. The first can be triggered using a sequence of requests, while the second through sniffing network traffic.
https://blog.talosintelligence.com/eight-vulnerabilities-in-open-automation/
Tomi Engdahl says:
MITRE and CISA Release Open Source Tool for OT Attack Emulation
https://www.securityweek.com/mitre-and-cisa-release-open-source-tool-for-ot-attack-emulation/
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
The MITRE Corporation and the US Cybersecurity and Infrastructure Security Agency (CISA) today announced a new extension for the open source Caldera platform that emulates adversarial attacks against operational technology (OT).
The new Caldera for OT extension is the result of a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA, to help improve the resilience of critical infrastructure.
The Caldera cybersecurity platform provides automated adversary emulation, security assessments, and red-, blue-, and purple-teaming, and uses the MITRE ATT&CK framework as its backbone.
Caldera for OT, which also enables Factory and Security Acceptance Testing (FAT/SAT), is now available for industrial control systems (ICS) defenders to benefit from the open source platform as well.
Tomi Engdahl says:
Your Wyze webcam might have let other owners peek into your house https://www.theverge.com/2023/9/8/23865255/wyze-security-camera-feeds-web-view-issue
Some Wyze security camera owners reported Friday that they were unexpectedly able to see webcam feeds that weren’t theirs, meaning that they were unintentionally able to see inside of other people’s houses. A Wyze spokesperson tells The Verge that this was due to a web caching issue.
Earlier on Friday, users on Reddit made posts about the issue. “Went to check on my cameras and they are all gone be replaced with a new one… and this isn’t mine!” wrote one user. “Apologies if this is your house / dog… I don’t want it showing up as much as you don’t want it!”
The user reports indicated that they were seeing the other feeds through Wyze’s web viewer at view.wyze.com. A Wyze employee told a user on Reddit that the page is “currently under maintenance” and that “we are working on this and will update when it’s available again.” Wyze’s status page posted a similar message on Friday at 5:44PM ET.
Tomi Engdahl says:
MITRE and CISA Release Open Source Tool for OT Attack Emulation
https://www.securityweek.com/mitre-and-cisa-release-open-source-tool-for-ot-attack-emulation/
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
Caldera for OT Plugins
https://github.com/mitre/caldera-ot
A collection of plugins that extend Caldera to the Operational Technology (OT) environment.
This repository contains all the Caldera for OT plugins as git submodules. As described in each individual plugin README, it is also possible to git clone a specific protocol plugin directly into the Caldera plugins directory, following the “Installation” guidance.
https://github.com/mitre/caldera
MITRE Caldera™
MITRE Caldera™ is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.
The framework consists of two components:
The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
Plugins. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more.
Tomi Engdahl says:
New Report Indicates Worldwide IoT Security Market To Become A US$4.4 Billion Opportunity By 2022
https://iot-analytics.com/new-iot-security-report/
PRESS RELEASE: Hamburg, Germany – 06 September 2017 //
IoT security has become a major focus area for businesses, consumers and regulators. This focus is driven by the increasing number of IoT devices being connected to the internet and the new threats and attack vectors emerging almost on a daily basis. IoT Analytics, a leading provider of market insights and strategic business intelligence for Industry 4.0 and the Internet of Things (IoT), today published a 294-page IoT security report focusing on sizing the opportunity of the IoT security market for the period 2017 to 2022.
Tomi Engdahl says:
New platform ‘to slash £6.6bn security testing costs’ as 77% in survey say it’s too expensive
https://www.iot-now.com/2019/01/11/91999-new-platform-slash-6-6bn-security-testing-costs-77-survey-say-expensive/
In a survey by Avord, provider of a new security testing platform, businesses have criticised the security testing industry for being too expensive. The report indicates that UK firms alone are spending more than £6.6 billion (US$8.41 billion {€7.30 billion}) annually protecting critical assets from cyber attacks.
Research from Avord – a revolutionary new security testing platform that launches today – puts the spotlight firmly on the security testing market, which is dominated by consultancies that provide services to businesses, sometimes at twice the daily rate of an independent tester. And with 77% of UK businesses claiming the cost of testing is too expensive, there is a clear demand for change, says Avord.
The challenges of security testing
Three in four businesses are currently initiating security testing to comply with organisational operating practices and standards, such as ISO27001, ITIL, ISF’s Standard of Good Practice for Information Security and public sector guidelines. However, most firms taking part in the study said that determining the risks associated with a sensitive data breach (72%) and cost (72%) were major challenges when it comes conducting tests.
The complexities and lack of security testing knowledge were also cited as key issues, with seven in 10 revealing ‘identifying when in the development process to test’ and ‘what kind of testing was required’ as further challenges. As a result, more than three quarters of businesses (82%) are now outsourcing security testing on their critical assets at considerable expense.
A surge in cyber crime
Worryingly, a third (33%) of UK businesses have battled an online security breach in the past 12 months, which have directly hit their bottom lines, lost them customers and damaged their brand reputations. Of those hit by a cyber-attack, 95% reported that the breach occurred partly or totally as a result of issues with the security testing process.
Tomi Engdahl says:
Security by Design
for
IoT Device Manufacturers
https://tec.gov.in/public/pdf/M2M/Security%20by%20Design%20for%20IoT%20Device%20Manufacturers.pdf
Tomi Engdahl says:
9 Important Security Requirements to Consider for IoT Systems
https://iotac.eu/9-important-security-requirements-to-consider-for-iot-systems/
Tomi Engdahl says:
https://www.dhs.gov/securingtheIoT
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
Symantec: Chinese cyberespionage group Redfly used the ShadowPad trojan to compromise a national grid in an Asian country from February 28 until August 3, 2023
‘Redfly’ hackers infiltrated power supplier’s network for 6 months
https://www.bleepingcomputer.com/news/security/redfly-hackers-infiltrated-power-suppliers-network-for-6-months/
An espionage threat group tracked as ‘Redfly’ hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months.
These new findings come from Symantec, who found evidence of ShadowPad malware activity in the organization’s network between February 28 and August 3, 2023, along with keyloggers and specialized file launchers.
The ShadowPad variant seen in the attacks masquerades its components (exe and dll) as VMware files, dropping them on the victim’s filesystem.
The program also achieves persistence by creating services named after VMware again, set to launch the malicious executable and DLL upon system boot.
The lengthy dwell period seen in this attack is characteristic of espionage actors who infect systems and keep a low profile to collect as much intelligence as possible.
While the attackers’ intent to disrupt the power supply remains uncertain, the potential risk poses a significant threat.
“Attacks against CNI targets are not unprecedented. Almost a decade ago, Symantec uncovered the Russian-sponsored Dragonfly group’s attacks against the energy sector in the U.S. and Europe,” concluded Symantec’s report.
“More recently, the Russian Sandworm group mounted attacks against the electricity distribution network in Ukraine that were directed at disrupting electricity supplies.”
Redfly: Espionage Actors Continue to Target Critical Infrastructure
National grid in Asia compromised by attackers using ShadowPad Trojan.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks
Espionage actors are continuing to mount attacks on critical national infrastructure (CNI) targets, a trend that has become a source of concern for governments and CNI organizations worldwide. Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian country for as long as six months earlier this year. The attackers managed to steal credentials and compromise multiple computers on the organization’s network.
Tomi Engdahl says:
Threat landscape for industrial automation systems. Statistics for H1 2023 https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/
In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.
That said, he percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022 – 26.8%.
Tomi Engdahl says:
ICS/OT
Every Network Is Now an OT Network. Can Your Security Keep Up?
https://www.securityweek.com/every-network-is-now-an-ot-network-can-your-security-keep-up/
Many previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into larger IT networks.
Every network today is now an OT network. Or it will be soon. Of course, part of this transformation is due to the ongoing convergence of OT and IT networks. As many of us have experienced, previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into our larger IT networks. This integration enables better controls, more responsiveness, broad interconnectivity for better communication, and seamless resource expansion, distribution, and redistribution. It also introduces new security risks.
But that’s just half the story. Modern enterprise IT networks must now include smart, energy-efficient physical resources. Fortinet’s new carbon-neutral campus, for example, includes integrated OT smart building elements like automated lighting, windows, shades, HVAC systems, and a wide variety of headless IoT devices—and we have had to integrate all of them into our IT network fully. As a result, our network, like many of yours, now faces many of the same challenges that industrial environments have experienced for years. These issues are compounded further in extended environments like smart cities or organizations with multiple smart campus environments.
And as more and more of your business operations are digitized, securing such complex, hybrid network environments will only become increasingly challenging. Add things like mobile workers, cloud-based services and resources, edge computing, and essential business applications like streaming video, and the legacy security solutions and strategies you have in place will inevitably begin to create bottlenecks and gaps in your protection—if they haven’t already.
Securing today’s expanding hybrid networks requires a holistic approach, beginning with rethinking how and where security is implemented. Here are five things your organization needs to consider before you spend another dollar on expanding your legacy security toolset.
Start with a universal, integrated security platform. Most organizations have dozens of point security solutions deployed across their distributed network that struggle to share real-time threat information and coordinate an effective response. Visibility and control are essential to effective security, but as networks expand, they struggle to keep up
Use security tools designed to operate as a single system. Your security platform must include a portfolio of security technologies designed to serve as a single, integrated solution. A centralized, single-pane-of-glass management system, consistent policy deployment and enforcement, the sharing of real-time threat intelligence, and the ability to operate natively in any cloud environment should be table stakes for designing and implementing a modern network security system. This includes solutions designed specifically for OT environments, including ruggedized systems, OT-specific modules, and deep interoperability with OT systems.
Converge your network and security. Many legacy systems treat networking and security as siloed functions, but it’s critical to build infrastructure and leverage solutions that bring security and networking together, meaning they have critical security functionality woven directly into their operations or, better yet, have been built on a security platform. Networking equipment that can implement security elements natively and in concert with the larger security posture ensures that IoT and OT devices connect to the network with the appropriate security context. For example, Secure SD-WAN converges security and networking functions to ensure optimal user experience without sacrificing security. Additionally, organizations can route traffic from IoT and OT devices for security checks in the cloud via SSE or SASE points of presence. This seamless convergence of networking and security means all devices, even those without an agent, connect securely.
Implement zero trust everywhere. One of the biggest risks of legacy network environments is that they were often built around an implicit trust model. Automatically trusting traffic that has passed through a demarcation point is a recipe for disaster, especially with highly mobile users and devices and widely deployed applications and other resources. Zero trust takes the opposite approach where every user, device, and application must be authenticated per session, are only granted access to the resources needed to do their job, and are monitored end to end to detect any deviations from their sanctioned behavior. Going a step further, universal zero trust network access, which applies the same principles to remote and on-premises users and devices, is the best way to ensure the same access controls are applied to any connection, regardless of location.
Use AI. But you need to understand it before you buy it. AI is the new buzzword in security and networking. It can potentially detect complex threats before they launch, fix misconfigurations, take on manual tasks to free up IT staff to work on higher-order issues, reduce the time to detect and respond to breaches, and much more. But there is remarkably little consistency in what vendors mean when they slap an AI label on their product.
Networks are undergoing the most rapid transformation in their history. And for a long time, we’ve been advising IT leaders that their security must keep up. And now, as nearly every IT network becomes an IT-OT network, the stakes are even higher. This means that if you’ve been putting off redesigning your security systems, now is the time to make it a priority.
Tomi Engdahl says:
ICS/OT
Number of Internet-Exposed ICS Drops Below 100,000: Report
https://www.securityweek.com/number-of-internet-exposed-ics-drops-below-100000-report/
The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019.
The number of internet-exposed industrial control systems (ICS) has continued to decrease over the past years, dropping below 100,000 as of June 2023, according to a report from cybersecurity ratings company Bitsight.
Companies and researchers regularly scan the internet for exposed ICS, and in the past decade they have reported seeing tens of thousands and even millions of systems, depending on their methodology and length of the study.
However, it’s interesting to see year-over-year trends from the same company, which presumably has a consistent methodology.
Bitsight has been tracking the number of internet-facing ICS, mapping these systems to its inventory of global organizations. It’s worth noting that while the company refers to the identified systems as ICS, they include — based on the targeted protocols — not only systems used in industrial environments, but also IoT, building management and automation devices, and other operational technology (OT).
The company’s analysis showed that the number of exposed systems has gradually decreased from roughly 140,000 in 2019 to less than 100,000 in June 2023.
“This is a positive development, suggesting that organizations may be properly configuring, switching to other technologies, or removing previously exposed ICSs from the public internet,” Bitsight noted.
In addition, the number of exposed organizations has dropped from approximately 4,000 to 2,300 over the same period. Entities that still have public-facing systems include organizations across 96 countries, including Fortune 1000 companies.
The top 10 impacted countries are the United States, Canada, Italy, the UK, France, the Netherlands, Germany, Spain, Poland and Sweden.
The most impacted sectors are education, technology, government, business services, manufacturing, utilities, real estate, energy, tourism, and finance.
In 2023, the most commonly observed protocols were Modbus, KNX, BACnet, Niagara Fox, Siemens’ S7, Ethernet/IP, Lantronix, Automatic Tank Gauge (ATG), Moxa’s NPort, and Codesys.
“While the aggregate number of exposed ICSs has been trending downward, we detected unique behavior on a protocol-by-protocol basis,” Bitsight explained. “Exposed systems and devices communicating via the Modbus and S7 protocols are more common in June 2023 than before, with the former increasing in prevalence from 2020 and the latter more recently from mid-2022.”
Bitsight also noted that companies should focus on securing specific protocols based on their location. For instance, systems using Codesys, KNX, Nport and S7 protocols are mainly in the European Union, while ATG and BACnet are primarily seen in the United States.
Tomi Engdahl says:
ICS/OT
NIST Publishes Final Version of 800-82r3 OT Security Guide
https://www.securityweek.com/nist-publishes-final-version-of-800-82r3-ot-security-guide/
NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.
NIST announced on Thursday that it has published the final version of its latest guide to operational technology (OT) security.
NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later. Now, Revision 3 of the OT security guide has been finalized.
The 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability and performance requirements.
“SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks,” NIST explained.
The guidance focuses on OT cybersecurity program development, risk management, cybersecurity architecture, and applying the NIST Cybersecurity Framework (CSF) to OT.
The latest revision’s updates include expansion in scope from industrial control systems (ICS) to OT in general, as well as updates to OT threats, vulnerabilities, risk management, recommended practices, current security activities, and tools and capabilities.
The document also aligns with other OT security guides and standards, and provides tailored security control baselines for low-, moderate- and high-impact OT systems.
SP 800-82 Revision 3 is available for download in PDF format for free from NIST’s website.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf
Tomi Engdahl says:
Bitsight identifies nearly 100,000 exposed industrial control systems https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems
Bitsight has identified nearly 100,000 exposed industrial control systems
(ICS) owned by organizations around the world, potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security and water systems, and more. ICSs — a subset of operational technology (OT) — are used to manage industrial processes like water flow in municipal water systems, electricity transmission via power grids, and other critical processes. Critical infrastructure sectors heavily rely on ICSs to control cyber-physical systems, compounding concerns that the exposed systems identified in this research could present significant risks to organizations and communities around the world.
Tomi Engdahl says:
Reuters:
BlackBerry plans to split its IoT and cybersecurity units and target a subsidiary IPO for the IoT unit in its next FY, after reviewing options since May 2023 — Canadian technology company BlackBerry (BB.TO), said on Wednesday it would separate its Internet of Things (IoT) …
BlackBerry to separate IoT and cybersecurity businesses, plans IPO
https://www.reuters.com/technology/blackberry-separate-iot-cybersecurity-business-units-2023-10-04/
Canadian technology company BlackBerry (BB.TO), said on Wednesday it would separate its Internet of Things (IoT) and cybersecurity business units and target a subsidiary initial public offering for the IoT business next fiscal year.
BlackBerry joins a number of companies that have split their units in recent years, favoring a leaner corporate structure to help investors better evaluate their separate businesses.
Tomi Engdahl says:
MALWARE & THREATSMirai Variant IZ1H9 Adds 13 Exploits to Arsenal
https://www.securityweek.com/mirai-variant-iz1h9-adds-13-exploits-to-arsenal/
A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices.
A variant of the Mirai botnet has recently updated its arsenal of tools with 13 exploits targeting vulnerabilities in IoT devices from D-Link, TP-Link, Zyxel, and various other manufactures, Fortinet reports.
Tracked as IZ1H9 and first discovered in August 2018, this Mirai variant is one of the most active, exploiting unpatched vulnerabilities in IoT devices to ensnare them and abuse them in distributed denial-of-service (DDoS) attacks.
Following the addition of exploits for several new security bugs earlier this year, IZ1H9 has recently expanded its arsenal once again, now packing approximately 30 exploits for D-Link, Geutebruck, Korenix, Netis, Sunhillo, Totolink, TP-Link, Yealink, and Zyxel flaws.
Exploitation of these vulnerabilities peaked on September 6, when Fortinet saw thousands of attack attempts.
Of the newly added exploits, four target D-Link issues tracked as CVE-2015-1187, CVE-2016-20017, CVE-2020-25506, and CVE-2021-45382. These critical-severity flaws allow remote attackers to execute arbitrary code on affected devices.
According to Fortinet, eight other exploits target arbitrary command execution bugs impacting the firmware that UDP Technology supplies to Geutebruck and other OEMs for their IP cameras.
Tomi Engdahl says:
US Government Releases Security Guidance for Open Source Software in OT, ICS
https://www.securityweek.com/us-government-releases-open-source-security-guidance-for-ot-ics/
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
Several US government agencies have teamed up to create new cybersecurity guidance for the use of open source software (OSS) in operational technology (OT).
Designed in line with CISA’s Open Source Software Security Roadmap, which was released in September, the new document (PDF) is meant to promote the understanding of OSS and its implementation in industrial control systems (ICS) and other OT environments, and to detail best practices on the secure use of OSS.
Authored by CISA, the FBI, the NSA, and the US Department of Treasury, the guidance provides recommendations on supporting OSS development, patching vulnerabilities, and using the Cross-Sector Cybersecurity Performance Goals (CPGs) for adopting security best practices.
Improving Security of Open Source Software in Operational Technology and Industrial Control Systems
https://www.cisa.gov/sites/default/files/2023-10/Fact_Sheet_Improving_OSS_in_OT_ICS_508c.pdf
Tomi Engdahl says:
ICS/OT
Critical Vulnerabilities Expose Weintek HMIs to Attacks
https://www.securityweek.com/critical-vulnerabilities-expose-weintek-hmis-to-attacks/
Weintek has patched critical and high-severity vulnerabilities found in its cMT series HMIs by industrial cybersecurity firm TXOne.
Tomi Engdahl says:
ICS/OT
Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
https://www.securityweek.com/milesight-industrial-router-vulnerability-possibly-exploited-in-attacks/
A vulnerability affecting Milesight industrial routers, tracked as CVE-2023-43261, may have been exploited in attacks.
A vulnerability affecting some industrial routers made by Chinese IoT and video surveillance product maker Milesight may have been exploited in attacks, according to exploit and vulnerability intelligence firm VulnCheck.
Several UR-series industrial cellular routers from Milesight (Ursalink) are affected by CVE-2023-43261, a serious vulnerability exposing system log files, such as ‘httpd.log’.
The exposed logs contain passwords for administrators and other users, which can be leveraged by remote, unauthenticated attackers to gain unauthorized access to the targeted device. The passwords are not stored in plain text in the log files, but they can be easily cracked.
Researcher Bipin Jitiya recently disclosed details of the vulnerability and made public a proof-of-concept (PoC) exploit. He informed Milesight about his findings, but the vendor said it had been aware of the flaw and released patches before the researcher reached out.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-43261
Inside the Router: How I Accessed Industrial Routers and Reported the Flaws
Router Vulnerability Hunt, From Google Dorks to Firmware Emulation — The Full Story
https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
CVE-2023-43261 – PoC
Critical Vulnerability Exposes Sensitive Information and Enables Unauthorized Access in Milesight Routers
https://github.com/win3zz/CVE-2023-43261
Affected Products: UR5X, UR32L, UR32, UR35, UR41 and there might be other Industrial Cellular Routers that could also be vulnerable.
Affected Firmware: I’ve confirmed the patch for firmware v35.3.0.7. Earlier versions may be vulnerable, but vendor confirmation is needed. I have made the request, but I have not received a response yet.
Tomi Engdahl says:
IoT Security
Academics Devise Cyber Intrusion Detection System for Unmanned Robots
https://www.securityweek.com/academics-devise-cyber-intrusion-detection-system-for-unmanned-robots/
Australian AI researchers teach an unmanned military robot’s operating system to identify MitM cyberattacks.
Two Australian academic researchers have devised a new cyber intrusion detection system that relies on AI to help unmanned military robots identify man-in-the-middle (MitM) cyberattacks.
Relying on deep learning convolutional neural networks (CNNs), the new cyber-physical system is meant to reduce the vulnerabilities of the robot operating system (ROS), which is used in both civilian and military robots.
Tested on a US Army GVT-BOT ground vehicle, the algorithm demonstrated a 99% accuracy, Fendy Santoso of Charles Sturt University and Anthony Finn of the University of South Australia (UniSA) note in their research paper (PDF).
The cyber-intrusion detection framework primarily focuses on detecting MitM attacks, but vulnerabilities in ROS make it prone to breaches, hijacking, denial-of-service (DoS), and other types of cyberattacks, the academics say.
These robots, the academics point out, are highly networked, because their different components, including sensors, actuators, and controllers rely on cloud services to transfer information and communicate.
“Robotic systems can be compromised at multiple different levels, namely, at the system, sub-system, component, or sub-component levels. Preventing these attacks is by no means trivial, especially for sophisticated, complex, and modern robots, which can work even under a fault-tolerant mode, blurring the line between normal operations and fault conditions,” the researchers note.
Trusted Operations of a Military Ground Robot in
the Face of Man-in-the-Middle Cyber-Attacks Using
Deep Learning Convolutional Neural Networks:
Real-Time Experimental Outcomes
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10210500
Tomi Engdahl says:
Artificial Intelligence
Applying AI to API Security
https://www.securityweek.com/applying-ai-to-api-security/
While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.
It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular topic. Like many popular topics, there is quite a bit of buzz and hype around it. All of a sudden, it seems that everyone you meet is leveraging AI in a big way.
As you can imagine, this creates quite a bit of fog around the topic of AI. In particular, it can be difficult to understand when AI can add value and when it is merely being used for its buzz and hype. Beyond buzz and hype, however, how can we know when AI is being leveraged in a useful way to creatively solve problems?
In my experience, AI works best when applied to specific problems. In other words, AI needs to be carefully, strategically, and methodically leveraged in order to tackle certain problems that suit it. While there are many such problems, API security is one such problem that I’ve experienced AI producing good results for.
Let’s take a look at five ways in which AI can be leveraged to improve API security:
API discovery: AI can be leveraged to study request and response data for APIs. Behavioral analysis can be performed to discover previously unknown API endpoints.
Schema enforcement/access control: As AI studies request and response data for APIs, there are other benefits beyond API discovery. Schemas for specific API endpoints can be learned and then enforced, and subsequent departures from learned schemas can be observed and then mitigated.
Exposure of sensitive data: Yet another benefit to AI studying request and response data for APIs is the ability to identify sensitive data in transit. This includes the detection and flagging of Personally Identifiable Information (PII) that is being exposed. The exposure of sensitive data, including PII, is a big risk for most enterprises. Improving the ability to detect and mitigate the exposure of sensitive data improves overall API security.
Layer 7 DDoS protection: While most enterprises have DDoS protection at layers 3 and 4, they may not have it at layer 7. With APIs, layer 7 is where the bulk of the action is. Thus, AI can be leveraged to help protect API endpoints from the misuse and abuse that can happen at layer 7. AI can be applied to analyze metrics and log data collected from an enterprise’s API endpoints. The visibility generated by this continuous analysis and baselining of API endpoint behavior provides insights and alerting on anomalies, which can then be used to generate layer 7 protection policies. Improved layer 7 DDoS protection means improved API security.
Malicious user detection: Malicious users, or clients, pose a significant risk to most enterprises. All client interactions, including those with API endpoints, can be analyzed for the enterprise over time, and outliers can be identified.
Both AI and API security are top of mind for most security professionals these days. While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs. Not surprisingly, like many technologies, AI works best when applied to specific problems that suit it. In my experience, API security happens to be one of those problems. By carefully, strategically, and methodically applying AI to API security, enterprises can improve their overall security postures.
Tomi Engdahl says:
Introduction to OT Device Cyber Hardening
In the realm of critical infrastructure and industrial operations, Operational Technology (OT) plays a pivotal role in managing and controlling essential systems like power grids, manufacturing processes, and water treatment facilities. These OT systems rely on specialized devices, networks, and software to ensure the seamless and secure functioning of vital services. However, as digital transformation continues to evolve, the convergence of OT with Information Technology (IT) has exposed OT devices to an escalating array of cyber threats. OT device cyber hardening is the practice of enhancing the cybersecurity posture of these devices to protect them from potential intrusions and to ensure the continuous, safe, and reliable operation of critical infrastructure. This introduction will delve into the key principles and strategies associated with OT device cyber hardening, highlighting its significance in safeguarding the infrastructure on which our society depends.
Tomi Engdahl says:
how to test IoT cevice cyber security
ChatGPT
Testing the cybersecurity of an IoT (Internet of Things) device is crucial to ensure its security and protect it from potential vulnerabilities. Here are steps you can take to test the cybersecurity of an IoT device:
Documentation and Analysis:
Start by gathering all available documentation related to the IoT device, including user manuals, technical specifications, and any security guidelines provided by the manufacturer. Analyze the device’s architecture, communication protocols, and potential security features.
Physical Security Assessment:
Ensure that physical access to the device is adequately restricted. Check for physical vulnerabilities such as exposed ports, reset buttons, or USB ports. If the device has any exposed interfaces, make sure they are adequately protected.
Network Assessment:
Assess how the device communicates over the network. This includes evaluating the security of its wireless (Wi-Fi, Bluetooth, etc.) and wired (Ethernet) connections. Test for the following:
Authentication mechanisms: Ensure that strong authentication methods are used for network communication.
Encryption: Data in transit should be encrypted using industry-standard encryption protocols.
Access control: Verify that access to the device and its data is restricted to authorized users only.
Firmware Analysis:
Review the device’s firmware for vulnerabilities. You can use static analysis tools to check for common security issues in the code. Look for outdated libraries and known vulnerabilities.
Penetration Testing:
Perform penetration testing on the device. This involves attempting to exploit vulnerabilities in the device to gain unauthorized access or control. It may include:
Password cracking
Port scanning
Man-in-the-middle attacks
Brute force attacks
Exploiting known vulnerabilities
Update and Patch Management:
Ensure that the device has a mechanism for receiving and installing updates and patches. Verify that the device can receive security updates in a timely manner.
User Authentication and Authorization:
Test the device’s user authentication and authorization mechanisms to ensure they are secure. This includes checking password policies, account lockout mechanisms, and role-based access control.
Data Security:
Verify how the device stores, processes, and transmits sensitive data. Ensure data is properly encrypted and protected. Check for insecure data storage or transmission methods.
Security Configuration Review:
Review the device’s security configuration settings. Ensure that default passwords are changed, unnecessary services are disabled, and security features are properly configured.
Privacy Assessment:
Consider the privacy implications of the device’s data collection and storage. Ensure it complies with relevant data protection regulations, like GDPR or CCPA.
Third-Party Components:
Examine any third-party components or libraries used by the IoT device for known vulnerabilities. Ensure they are kept up to date.
IoT Ecosystem Assessment:
Assess the entire IoT ecosystem, including any cloud services or mobile apps associated with the device. Verify that data transfer and storage in the ecosystem are secure.
Threat Modeling:
Develop a threat model specific to the IoT device to identify potential threats and vulnerabilities. Use this model to guide your testing efforts.
Documentation and Reporting:
Document your findings, including vulnerabilities, and report them to the device manufacturer. Provide clear details on the issues discovered and, if possible, suggestions for mitigation.
Re-Test:
After the manufacturer addresses the identified issues, re-test the device to ensure that the security flaws have been resolved.
Remember that IoT device security is an ongoing process. Regularly monitor and update the security of your devices as new vulnerabilities and threats emerge. Additionally, compliance with relevant standards and regulations, such as the IoT Cybersecurity Improvement Act, is essential for maintaining the security of IoT devices.
Tomi Engdahl says:
https://www.mouser.com/empowering-innovation/more-topics/designing-for-security?utm_source=endeavor&utm_medium=display&utm_campaign=ed-personifai-eit2022#video-security
Tomi Engdahl says:
How Quality 4.0 is changing operations for manufacturers
Quality 4.0 combines traditional qualities with Industry 4.0 technologies and concepts to improve manufacturing operations.
https://www.plantengineering.com/articles/how-quality-4-0-is-changing-operations-for-manufacturers/?oly_enc_id=0462E3054934E2U
Quality 4.0 insights
The concept of Quality 4.0 emphasizes the integration of emerging digital technologies, such as robotics, augmented reality, digital twins, blockchain and AI, into quality management processes.
Quality 4.0 not only focuses on technological advancements but also recognizes the crucial role of human workers as “human sensors” on the shop floor and empower them with modern tools, smart onboarding and training.
Industry 4.0 is affecting how devices connect with one another and changing how people work. While more information is good, it’s a question of effectively utilizing the data and making better decisions In his presentation “Quality 4.0: The Emerging Role Of AI And Digital Technologies Are Transforming Quality Management,” at the Automotive Smart Manufacturing 4.0 USA Summit 2023 in Detroit, Chris Kuntz, vice president of marketing at Augmentir, said Quality 4.0 is the next step, which emphasizes three steps.
Tomi Engdahl says:
Ensimmäiset kyberturvalliset kännykkämoduulit markkinoille
https://etn.fi/index.php/13-news/15455-ensimmaeiset-kyberturvalliset-kaennykkaemoduulit-markkinoille
Kesällä 2025 voimaantuleva EU:n radiolaitedirektiivi eli RED asettaa kovia vaatimuksia myös radiokomponenttien kyberturvallisuudelle. Sveitsiläinen u-blox on nyt ensimmäisenä esitellyt kännykkäverkon moduulit, jotka on sertifioitu ETSIn EN 303 645 -kyberturvallisuutta määrittelevien vaatimusten mukaisesti.
RED-direktiivi päivittyy ensi vuonna 3.3 d/e/f -määrityksillä. Niiden mukaan radiolaitteiden pitää täyttää ETSI EN 303 645 -standardin vaatimukset, jotta laitteet saavat RED-kyberturvallisuussertifioinnin. U-blox on ensimmäinen valmistaja, jonka mobiiliverkkojen moduulit LTE Cat 1- ja LTE Cat 4 -yhteyksiin on sertifioitu. Kyse on LARA-R6- ja LARA-L6-moduuleista.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/10/23/ensimmaiset-etsi-turvatut-kannykkamoduulit/
Tomi Engdahl says:
Yksi työkalu suojaa datan koodista pilveen
https://etn.fi/index.php/13-news/15459-yksi-tyoekalu-suojaa-datan-koodista-pilveen
Tietoturvayhtiö Palo Alto Networks kertoo julkistaneensa maailman ensimmäisen integroidun Code to Cloud -ratkaisun osaksi pilvipalveluita. Prisma Cloud -työkalujen laajennuksen on tarkoitus korvata nykyiset ratkaisut, joissa organisaatiot joutuvat käyttämään useita, jopa 6-10 erillistä työkalua tietoturvan takaamiseen.
Kuluneen vuosikymmenen aikana yritykset ja yhteisöt ovat luoneet ja ottaneet käyttöön erilaisia pilvisovelluksia ennennäkemättömällä tahdilla eikä merkkejä vauhdin hidastumisesta ole nähtävissä. Gartner-tutkimusyhtiön mukaan vuoteen 2027 mennessä peräti 65 prosenttia sovellusten työtaakasta tapahtuu ainakin osittain pilvipalveluissa. Kasvua ennustetaan peräti 20 prosenttia vuoden 2022 luvuista.
Joustavuuden lisäksi tämä tuo mukanaan lisää uhkia. Palo Alto Networksin tietoturvayksikkö Unit 42:n mukaan peräti 80 prosenttia tietoturva-aukoista löytyy pilviympäristöistä.
Palo Alto Networks vastaa pilvipalveluiden turvallisuushaasteisiin alan ensimmäisellä integroidulla Code to Cloud -ratkaisulla, joka on nyt julkistettu osana Prisma Cloud Darwin -julkaisua. Sen kantavana ajatuksena on tehdä pilvipalveluiden turvallisuudesta entistä luotettavampaa suojaamalla palvelut entistä kokonaisvaltaisemmin.
Uutta Code to Cloud -ratkaisua hyödyntävä Prisma Cloud -turvallisuusjärjestelmä takaa yhden kokonaisvaltaisen suojausalustan, joka kattaa koko pilvijärjestelmän yhdenmukaisella turvaratkaisulla. Näin järjestelmän osat myös keskustelevat keskenään, mikä tekee uhkilta suojautumisen entistä helpommaksi.
Prisma Cloud: Darwin Release Introduces Code to Cloud Intelligence
https://www.paloaltonetworks.com/blog/2023/10/announcing-innovations-cnapp-prisma-cloud/?utm_medium=earned&utm_source=Darwin-press-release
Tomi Engdahl says:
Government
CISA Unveils New HBOM Framework to Track Hardware Components
https://www.securityweek.com/cisa-unveils-new-hbom-framework-to-track-hardware-components/
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
Tomi Engdahl says:
How to Scan Your Environment for Vulnerable Versions of Curl
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.
https://www.darkreading.com/dr-tech/how-to-scan-environment-vulnerable-curl
Tomi Engdahl says:
A Hardware Bill of Materials
(HBOM) Framework for
Supply Chain Risk
Management
https://www.cisa.gov/sites/default/files/2023-09/A%20Hardware%20Bill%20of%20Materials%20Framework%20for%20Supply%20Chain%20Risk%20Management%20%28508%29.pdf
Tomi Engdahl says:
Zero Trust Data Security For Dummies
Discover how a Zero Trust Data Security architecture can improve your security posture and fortify your defenses against modern cyber threats.
https://www.rubrik.com/viewer?asset=zero-trust-data-security-for-dummies.pdf
Tomi Engdahl says:
https://www.enertec.fi/natiivi/3937/paranna-kyberturvallisuutta-kokonaispalvelukonseptilla?fbclid=IwAR2ZZp5pO1s9PQBtaXniiVmhww55E5irm5bDIfauD5bQz_6e2bi5yQT0eM4_aem_AWab6GqkHC4KqPTNYm_rI4kadHPqZHzJk7zQHLjAZKOyrPVUiWa2smN49lm770TKq59bpkxqTwTESxDaDoeGak8x
Tomi Engdahl says:
Intel stock stumbles on report Nvidia is building an Arm CPU for PC market
AMD also said to be working on an Arm-based PC chip
https://www.theregister.com/2023/10/23/nvidia_pc_cpu/