operational technology Archives - Cyber Security Minute

Palo Alto Announces Zero-Trust Security Solution for OT

Issued by: Dark Reading

The usage and connectivity of operational technology (OT) is rapidly growing as are the number of cyberattacks on OT environments. These attacks can disrupt operations, causing damage that can reach far beyond revenue and reputation to supply chain, human safety and critical infrastructure. To help companies keep their OT environments secure, Palo Alto Networks today…

Vulnerabilities

Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey

Issued by: Security Week

The 2022 OT/ICS Cybersecurity Report (PDF) is based on a survey of 332 individuals representing organizations of all sizes across every continent. Less than 11% of respondents said they had experienced a cyber intrusion in the last year, down from 15% in 2021, and 24% were confident that their systems were not breached, up from…

Network Security

Many Industrial Firms Say Cybersecurity Systems Cause Problems to Operations

Issued by: Security Week

Kaspersky reported recently that it only saw a small increase in the percentage of industrial control system (ICS) computers targeted in 2021, compared to the previous year. However, of the more than 300 respondents who took part in the latest survey, half reported seeing an increase in security incidents affecting ICS or other operational technology…

Vulnerabilities

Linux Systems Are Becoming Bigger Targets

Issued by: Dark Reading

When it comes to security, there are some low-lying threats that can cause big problems. One important example is malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. And, as the Linux footprint continues to expand, so, too, will attacks against it. Researchers from FortiGuard Labs noted…

Network Security

Shadowserver Starts Conducting Daily Scans to Help Secure ICS

Issued by: Security Week

The nonprofit cybersecurity organization is scanning the web for exposed services that use the Modbus industrial communications protocol on TCP port 502, but Shadowserver’s Piotr Kijewski told SecurityWeek that they plan on introducing many other ICS and operational technology (OT) protocol scans in the near future. Shadowserver has been working with national cybersecurity agencies, law…

Malware & Threats

OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks

Issued by: Security Week

The company’s researchers have analyzed the roughly 2,600 data leaks that resulted from ransomware attacks in 2021 and determined that approximately 1,300 of them impacted critical infrastructure and industrial organizations. An investigation of 70 of these leaks showed that ten of them contained technically sensitive OT information. Mandiant’s analysis included manually browsing through file listings…

Malware & Threats

Living Off the “Edge” of the Land

Issued by: Security Week

Edge computing is eminently practical in that it solves several important problems, many of which are related to the latency created when data must travel long distances. The edge offers significant functional and economic benefits, such as the emergence of a new breed of real-time applications. And the need for more edges has increased due…

Network Security

IT/OT Convergence Is More Than a Catchy Phrase

Issued by: Dark Reading

In light of recent incidents that impacted both information technology (IT) and operational technology (OT) environments, organizations are increasingly evaluating the risks associated with growing IT/OT convergence. IT environments include cloud computing, internal and outsourced Internet applications, and business and technical systems used across the organization, such as for e-commerce, human resources, and engineering. OT…

Vulnerabilities

Many Healthcare, OT Systems Exposed to Attacks by NUCLEUS:13 Vulnerabilities

Issued by: Security Week

Collectively referred to as NUCLEUS:13, the issues likely affect safety-critical devices, such as anesthesia machines, patient monitors and other types of devices used in healthcare. Other types of operational technology (OT) systems are also impacted. The most important of the newly identified issues is CVE-2021-31886 (CVSS score of 9.8), a stack-based buffer overflow that exists…

Malware & Threats

Critical Infrastructure Attack Trends: What Business Leaders Should Know

Issued by: Security Intelligence

Amateur threat actors have been able to compromise critical infrastructure like industrial control systems (ICS) and other operational technology (OT) assets more often lately. Compromises of exposed OT assets rose over the past 18 months, according to threat researchers at Mandiant, with attackers using readily-available tools and common techniques to gain access to the systems. Attackers…