Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Vulnerability in Industrial control system. Show all posts

Ransomware Attacks Continue Targeting U.S. Industrial Organizations

 

Industrial sectors have been facing a hard hit by ransomware gangs in recent years, with manufacturing companies being exposed to a higher risk. U.S organisations have particularly succumbed to cyberattacks as they experience large spikes. 
 
According to the industrial cybersecurity firm Dragos, 25 of the 48 threat groups known to target industrial organizations and infrastructure were active in the third quarter of 2022. Several new ransomware groups including Sparta Blog, Bianlian, Donuts, Onyx, and Yanluowang are among those on the list. 
 
As per Dragos Q3 analysis regarding the ransomware attacks on industrial organizations, North America was the site of 36% of all reported cases worldwide, with 46 incidents being reported. This represents a significant 10% increase from the previous quarter when the region was hit by 25% of cases. 
 
On the other hand, the analysis also detected that the rate of attacks at a global level remained flat quarter over quarter, with 128 incidents for Q3 vs 125 in Q2. 
 
Most of the observed attacks were targeted at the manufacturing sectors, totaling 68%. Out of the confirmed attacks (those publicly reported, seen in the firm's telemetry, or confirmed on the Dark Web), 88 were against the manufacturing segments, especially those producing metal products, which experienced a total of 12 attacks. 
 
As indicated by Stephen Banda, senior manager of security solutions of Lookout, the manufacturing sector is developing at a swift pace, digitizing manufacturing, inventory tracking, operations, and maintenance increase agility and efficiency, with less production downtime and greater nimbleness. However, it also opens up new attack surfaces for threat actors. 
 
“To remain competitive, manufacturers are investing in intellectual property and new technologies like digital twins […] In short, manufacturers are transforming the way they produce and deliver goods – moving toward industrial automation and the flexible factory. This transformation, known as Industry 4.0, puts pressure on mobile devices and cloud solutions.” States Stephen Banda to Dark Reading. Yet for most manufacturers, security solutions still remain on-premises, he adds. 
 
“This creates efficacy and scalability challenges when tasked with protecting productivity solutions that have moved to the cloud[…]Security therefore must also move to the cloud to adequately safeguard manufacturing operations,” notes the Lookout senior manager.

Vulnerability lets Hacker to access Building Control System of Google's Australian office


Earlier this year, Security Researchers Billy Rios and Terry McCorkle from Cylance demonstrated a newly discovered zero-day attack on the Industrial control system at the Kaspersky Threatpost Security Analyst Summit.

The Industrial control system is a computer-based system used to control electronic door locks, lighting systems, elevators, video surveillance camera, electricity and boiler system via the internet - used by the military, hospitals and others

The researcher noted the security flaw in the Tridium Niagara AX Framework allows a hacker to access the sensitive file of the system, "config.bog" file which contains username and password for all devices.

Their research reveals the Internet giant Google using Tridium Niagara for various Building Management Systems in their Google Wharf 7 building is also affected by this zero-day vulnerability.

Although Tridium has released a patch for the system, Google's fails to patch the vulnerability which allowed the researchers to access the config.bog file of Tridium device used by the Google.

The credentials stored in the config.bog file allowed them to get into the admin panel of the device.  The panel gave access to a variety of Building Management features including "Active Alamrs", "Active overrides", "Alarm console".

Researchers reported this issue to the Google Vulnerability Rewards Program (VRP).

The researchers stated more than 25,000 of building using the Tridium Niagara AX system that haven't patched the security hole are vulnerable to hack.

"If Google can fall victim to an ICS attack, anyone can." Researcher noted.