The immediate actions CISA recommends are to implement multifactor authentication, change system passwords (especially any default passwords), and use "a properly installed continuous OT monitoring solution to log and alert on malicious indicators and behaviors." By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions." Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. ![]() ![]() "The APT actors have developed custom-made tools for targeting ICS/SCADA devices. The advisory recommends familiar best practices for protecting ICS/SCADA systems, and explains the threat actor's tools as follows: It warns that "certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices using custom-made tools." The vulnerable systems include at least Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. Late yesterday the US Cybersecurity and Infrastructure Security Agency (CISA) announced that, with its partners in "the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI)" CISA had issued a joint Cybersecurity Advisory (CSA). The US Government hasn't made that attribution, but several security companies, notably Mandiant, have. Warning: threat actor targets industrial systems.Īnd circumstantial evidence points to Russia. Ukrainian Neptune anti-ship missiles are said to have scored against the guided missile cruiser Moskva, flagship of Russia's Black Sea Fleet, which is said to be burning and, in some reports, abandoned. The mayor of Mariupol says the civilian death toll in his city could exceed 20,000 as Russian forces continue their efforts to reduce the city. "The next Bangladesh heist is imminent unless the entire financial ecosystem does its utmost to minimise the attack surface and proactively detect attacks on the entry points," he warned.The UK's Ministry of Defence situation report this morning describes reversion to the norm of reliance on indiscriminate firepower. "Targeting financial organisations is part of their long term strategy and compromising global financial networks via small to medium-sized banks in Central and South America whose cyber defences may be less sophisticated poses a higher probability of success," Israeli said. Ofer Israeli, chief exec of Illusive Networks, said he believed the Lazarus Group was both behind the latest attack cyber-attack in Chile and likely to strike other banks. ![]() Meanwhile, Trend Micro reckoned that the wiper variant involved in the May attack in Chile was connected to the foiled heist in Mexico in January. The suggestion is that Lazarus Group was active at least at late as a fortnight ago, despite a rapprochement in relations between North Korea and the West that has led to peace talks in Singapore this week. Moscow-based Group-IB went even further in alleging that the Lazarus Group was controlled by Bureau 121, a division of the Reconnaissance General Bureau, a North Korean intelligence agency. Western intel agencies and private cybersecurity firms are near unanimous in pointing the finger of blame towards North Korea.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |