by John

Researchers at the Georgia Institute of Technology recently shed light on a less-discussed aspect of the threats of connecting the digital and physical worlds. In a study published in the journal Physical Review E, the researchers showed how hacked cars can cause mass mayhem by freezing traffic and gridlocking large cities. […] Yunker and his colleagues found that randomly hacking and stalling as much as 10 percent of cars during rush hour could bring traffic in a city such as Manhattan to a stand-still and disrupt critical services. This means that only a fraction of cars needs to be connected to the internet to make this threat a reality. [via CI Security 9/30/19]

Posted in IoT, IIoT, ICS-SCADA, Smart Cities

by John

“The abundance of technology investments gives firms a false sense of confidence in their security posture. Their challenges reveal a different story,” said the report. Security executives currently employ a variety of tools and technologies to identify risks and test the effectiveness of their security controls. As a result, they are left with point-in-time assessments that require them to cobble together data from disparate systems to truly understand the organisation’s security posture. This approach is reactive, labour-intensive, and insufficient in scale, explained the report. [via CI Security 9/30/19]

Posted in Cybersecurity & Infosec

by John

[via CI Security] Researchers say these new variants have the potential to impact cloud servers and heavily compromise information and insurance services and more. https://www.scmagazine.com/home/security-news/cybercrime/the-infamous-mirai-malware-has-grown-into-more-than-60-known-variants-and-has-since-set-its-sights-on-enterprise-devices/

As a result, connected devices at the enterprise level including medical devices, utility company meters, robots tracking warehouse inventory, and other devices are at risk. Devices connected to the cloud could allow Mirai adversaries to gain access to cloud servers, infect a server with additional malware dropped by Mirai, or expose all IoT devices connected to the server to further compromise.

Posted in IoT, IIoT, ICS-SCADA, Malware, PUPs and Botnets

by John

This week, Microsoft announced a critical vulnerability in Windows XP, 7 and 2003 systems. This vulnerability could be exploited and spread like WannaCry. [Read Krebs, https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/ ]

As we should realize, industrial IoT (IIoT) systems often are forced to run older versions of software, and may be running these operating systems. In addition, these workstations, embedded systems and other outdated devices running a vulnerable OS may not be quickly and easily patched. It is important to quickly develop a response strategy for this latest vulnerability to protect your industrial systems.

Posted in Vulnerabilities

by John

https://www.dhs.gov/sites/default/files/publications/national-critical-functions-overview-508.pdf

[via CI Security] “The National Critical Functions construct provides a risk management approach that focuses on better understanding the functions that an entity enables or to which it contributes, rather than focusing on a static sector-specific or asset world view. This more holistic approach is better at capturing cross-cutting risks and associated dependencies that may have cascading impact within and across sectors. It also allows for a new way to view criticality, which is linked to the specific parts of an entity that contribute to critical functions. By viewing risk through a functional lens, we can ultimately add resilience and harden systems across the critical infrastructure ecosystem in a more targeted, prioritized, and strategic manner.”

Posted in Critical Infrastructure, Cybersecurity & Infosec, Resiliency

by John

Posted in IoT, IIoT, ICS-SCADA

by John

Posted in Exploits & Attacks, IoT, IIoT, ICS-SCADA

by John

Posted in Science