New research released on Friday, August 4, reveals the existence of multiple vulnerabilities in the products of the leading provider of photovoltaic panels, which if exploited in mass by a determined attacker could lead to a shutdown of one or more countries' power grids because of a domino effect.
Ruben Santamarta, a security researcher for IOActive, has found various vulnerabilities in nuclear radiation monitoring equipment from three vendors, who when contacted by the researcher, declined to fix the reported flaws, each for various reasons.
There is an insane amount of industrial robots connected to the Internet, and even worse, thousands are left with no form of user authentication whatsoever, open to attack from anyone skilled enough to know how to sabotage their mode of operation.
A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that they've detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment.
The vast majority of malware incidents that take place at industrial facilities around the world are just accidental infections, albeit a very small number of targeted attacks have also been detected.
It was a very slow week when it comes to ransomware, which is a great thing. Hopefully it will stay that way.The biggest news this week is the POC ransomware targeting ICS/SCADA that was demonstrated at RSA this week and the live streaming by Fabian Wosar of him reversing and cracking a a new ransomware called Hermes.
Researchers from the Georgia Institute of Technology (GIT) have created a proof-of-concept ransomware strain named LogicLocker that can alter programmable logic controller (PLC) parameters. The research team presented their work yesterday, at the RSA cyber-security conference in San Francisco.
Two researchers presenting at the Black Hat Europe security conference in London revealed a method of infecting industrial equipment with an undetectable rootkit component that can wreak havoc and disrupt the normal operations of critical infrastructure all over the world.