Tag Archive for: THREATS.

Forescout: Security threats to exposed critical infrastructure go ignored

/in


HANNOVER, Germany — Internet exposure of Operational Technology (OT) and Industrial Control Systems (ICS) continues to be a critical infrastructure security issue despite decades of raising awareness, new regulations, and periodic government advisories. 

Forescout, a global cybersecurity leader, unveiled Better Safe Than Sorry, a seven-year analysis of internet-exposed OT/ICS data. The study was conducted by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure.

In the Better Safe Than Sorry report, Forescout researchers examine the realistic opportunities for a mass target attack of internet-exposed OT/ICS devices. These devices are fertile ground for abuse as attackers look no further than using basic rationale driven by current events, copycat behavior, or the emergencies found in new, off-the-shelf capabilities or readily available hacking guides to create chaos.

Forescout released Better Safe Than Sorry from HANNOVER MESSE, the world’s leading trade fair for industrial technology. Forescout researchers can discuss these findings in Hall 16, Booth: A12 in the IT & OT Circus, April 22-26.

“If these warnings sound familiar, it’s because they are. The looming potential for a mass target scenario is high,” said Elisa Costante, VP of Research at Forescout Research – Vedere Labs. “Forescout calls on vendors, service providers, and regulatory agencies to work collectively to prevent attacks on critical infrastructure that will spare no one.”

Top research highlights in the Better Safe Than Sorry report include:

  1. North America is making strides to close the gap, but there is still work to do around the world. The US and Canada significantly reduced the number of exposed devices during the study period by 47% in the US and 45% in Canada. The other top 10 countries increased the number of exposed devices:
    • Spain: 82%
    • Italy: 58%
    • France: 26%
    • Germany: 13%
    • Russia: 10%
  2. Proactive, targeted notification is urgently required. The Unitronics hacking incidents and a combination of regulatory alerts and media coverage led to a 48% reduction in internet exposed Unitronics PLCs within two…

Source…

TP-Link routers are still being bombarded with botnet and malware threats

/in


More than a year after a patch was released, hackers are still competing to compromise vulnerable TP-Link Wi-Fi routers.

A report from Fortinet claims half a dozen botnet operators are scanning for vulnerable TP-Link Archer AX21 (AX1800) routers after cybersecurity researchers discovered a high-severity unauthenticated command injection flaw in the endpoints early last year.

Source…

U.S. Dams Face Growing Cyber Threats

/in


Critical Infrastructure Security

Hacks on Unregulated Dams Can Result in Mass Casualties, Experts and Lawmakers Warn

Chris Riotta (@chrisriotta) •
April 18, 2024    

Hacking the Floodgates: U.S. Dams Face Growing Cyber Threats
Dams need better cybersecurity, warn experts. (Image: Shutterstock)

Could a hacker seize control of America’s dams, unleashing floods and chaos across vulnerable communities? Cybersecurity analysts and leading lawmakers warn it’s possible.

See Also: Transforming the vision for Public Sectors in Australia New Zealand


During an April hearing on cybersecurity threats to critical water infrastructure, Sen. Ron Wyden, D-Ore., used stunningly apocalyptic framing to raise his concerns.


“As the chairman of the subcommittee responsible for dams, I don’t want to wake up to a news report about a small town in the Pacific Northwest getting wiped out because of a cyberattack against a private dam upriver,” the senator said.


Influential voices in the cybersecurity field typically avoid alarmist scenarios, favoring practical, actionable responses to threats. But with the majority of dams under Federal Energy Regulatory Commission oversight not having undergone comprehensive cyber audits, and only four full-time employees tasked with overseeing 2,500 dams nationwide, experts agree with Wyden about the vulnerability of the sector to cyberattacks that could result in loss of human lives.


“Human life and safety are in play here,” Padriac O’Reilly, a water cyber risk advisor for the Defense Department and chief innovation officer of the cyber risk firm, CyberSaint, told Information Security Media Group. “Operational technology, population centers near dams, critical power generation capacity – all of these coupled with a lack of knowledge with respect to the maturity of cyber risk management adds up to a very concerning…

Source…

Exploited TP-Link Vulnerability Spawns Botnet Threats

/in


Endpoint Security
,
Governance & Risk Management
,
Internet of Things Security

Attackers Exploit Old Flaw, Hijack TP-Link Archer Routers

Prajeet Nair (@prajeetspeaks) •
April 17, 2024    

Exploited TP-Link Vulnerability Spawns Botnet Threats
Botnet are searching for unpatched TP-Link Archer AX21 routers. (Image: Shutterstock)

Half a dozen different botnets are prowling the internet for TP-Link-brand Wi-Fi routers unpatched since last summer with the goal of commandeering them into joining distributed denial-of-service attacks.

See Also: Cyber Hygiene and Asset Management Perception vs. Reality

Chinese router manufacture TP-Link in June patched a command injection vulnerability in its Archer AX21 router, a residential model that retails for less than $100. Consumer-grade routers are notorious for uneven patching, either because manufacturers are slow to develop patches or consumers don’t apply them. “Once they’re connected to the internet, they don’t care anymore about the router,” one industry CISO told Oxford University academics researching a 2023 paper.

The vulnerability, tracked as CVE-2023-1389, allows attackers to insert malicious commands by calling the “locale” API on the web management interface. Attackers use set_country to insert remote code since the unpatched routers don’t sanitize that input.

Researchers at Fortinet said Tuesday they’ve observed multiple attacks over the past month focused on exploiting the vulnerability – including botnets Moobot, Miori, the Golang-based agent “AGoent,” a Gafgyt variant and an unnamed variant of the infamous Mirai…

Source…