Neville DePass’ Post

🚨CISA released an alert warning that bad actors continue to exploit OT and industrial systems using unsophisticated means. It’s an important message for anyone in ICS security since much of the exploitation they’re seeing is preventable with relatively simple fixes. Though ICS, of course, has a slew of unique challenges that can be a barrier to implementation. The alert notes that “Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.” They urged operators to implement the recommendations in the CISA resource Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. Here are a few key recommendations from the CISA resource: ⚠️“Disconnect all HMIs, such as the touchscreens used to monitor or make changes to the system, or programmable logic controllers (PLCs), from the public-facing internet. If remote access is necessary, implement a firewall and/or virtual private network (VPN) with a strong password and multifactor authentication to control device access.” ⚠️“Implement multifactor authentication for all access to the OT network.” For additional information, see CISA’s More than a Password resource. ⚠️“Immediately change all default and weak passwords on HMIs and use a strong, unique password. Ensure the factory default password is not in use. Open the remote settings panel to confirm the old password is no longer shown.” ⚠️“Keep VNC updated with the latest version available and ensure all systems and software are up to date with patches and necessary security updates.” ⚠️“Establish an allowlist that permits only authorized device IP addresses. The allowlist can be refined to specific times of the day to further obstruct malicious threat actor activity; organizations are encouraged to establish alerting for monitoring access attempts.” ⚠️“Log remote logins to HMIs, taking note of any failed attempts and unusual times.” See the alert on CISA’s Cybersecurity Alerts and Advisories page (separate from their News page): Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means SEP 25, 2024 - Alert

🚨CISA released an alert warning that bad actors continue to exploit OT and industrial systems using unsophisticated means. It’s an important message for anyone in ICS security since much of the exploitation they’re seeing is preventable with relatively simple fixes. Though ICS, of course, has a slew of unique challenges that can be a barrier to implementation. The alert notes that “Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.” They urged operators to implement the recommendations in the CISA resource Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. Here are a few key recommendations from the CISA resource: ⚠️“Disconnect all HMIs, such as the touchscreens used to monitor or make changes to the system, or programmable logic controllers (PLCs), from the public-facing internet. If remote access is necessary, implement a firewall and/or virtual private network (VPN) with a strong password and multifactor authentication to control device access.” ⚠️“Implement multifactor authentication for all access to the OT network.” For additional information, see CISA’s More than a Password resource. ⚠️“Immediately change all default and weak passwords on HMIs and use a strong, unique password. Ensure the factory default password is not in use. Open the remote settings panel to confirm the old password is no longer shown.” ⚠️“Keep VNC updated with the latest version available and ensure all systems and software are up to date with patches and necessary security updates.” ⚠️“Establish an allowlist that permits only authorized device IP addresses. The allowlist can be refined to specific times of the day to further obstruct malicious threat actor activity; organizations are encouraged to establish alerting for monitoring access attempts.” ⚠️“Log remote logins to HMIs, taking note of any failed attempts and unusual times.” See the alert on CISA’s Cybersecurity Alerts and Advisories page (separate from their News page): Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means SEP 25, 2024 - Alert

Read this important advisory from CISA regarding Operational Technology and Industrial Control Systems vulnerabilities. #ICSsecurity #OTsecurity

🚨CISA released an alert warning that bad actors continue to exploit OT and industrial systems using unsophisticated means. It’s an important message for anyone in ICS security since much of the exploitation they’re seeing is preventable with relatively simple fixes. Though ICS, of course, has a slew of unique challenges that can be a barrier to implementation. The alert notes that “Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.” They urged operators to implement the recommendations in the CISA resource Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. Here are a few key recommendations from the CISA resource: ⚠️“Disconnect all HMIs, such as the touchscreens used to monitor or make changes to the system, or programmable logic controllers (PLCs), from the public-facing internet. If remote access is necessary, implement a firewall and/or virtual private network (VPN) with a strong password and multifactor authentication to control device access.” ⚠️“Implement multifactor authentication for all access to the OT network.” For additional information, see CISA’s More than a Password resource. ⚠️“Immediately change all default and weak passwords on HMIs and use a strong, unique password. Ensure the factory default password is not in use. Open the remote settings panel to confirm the old password is no longer shown.” ⚠️“Keep VNC updated with the latest version available and ensure all systems and software are up to date with patches and necessary security updates.” ⚠️“Establish an allowlist that permits only authorized device IP addresses. The allowlist can be refined to specific times of the day to further obstruct malicious threat actor activity; organizations are encouraged to establish alerting for monitoring access attempts.” ⚠️“Log remote logins to HMIs, taking note of any failed attempts and unusual times.” See the alert on CISA’s Cybersecurity Alerts and Advisories page (separate from their News page): Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means SEP 25, 2024 - Alert

🚨CISA released an alert warning that bad actors continue to exploit OT and industrial systems using unsophisticated means. It’s an important message for anyone in ICS security since much of the exploitation they’re seeing is preventable with relatively simple fixes. Though ICS, of course, has a slew of unique challenges that can be a barrier to implementation. The alert notes that “Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.” They urged operators to implement the recommendations in the CISA resource Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. Here are a few key recommendations from the CISA resource: ⚠️“Disconnect all HMIs, such as the touchscreens used to monitor or make changes to the system, or programmable logic controllers (PLCs), from the public-facing internet. If remote access is necessary, implement a firewall and/or virtual private network (VPN) with a strong password and multifactor authentication to control device access.” ⚠️“Implement multifactor authentication for all access to the OT network.” (For additional information, see CISA’s More than a Password resource). ⚠️“Immediately change all default and weak passwords on HMIs and use a strong, unique password. Ensure the factory default password is not in use. Open the remote settings panel to confirm the old password is no longer shown.” ⚠️“Keep VNC updated with the latest version available and ensure all systems and software are up to date with patches and necessary security updates.” ⚠️“Establish an allowlist that permits only authorized device IP addresses. The allowlist can be refined to specific times of the day to further obstruct malicious threat actor activity; organizations are encouraged to establish alerting for monitoring access attempts.” ⚠️“Log remote logins to HMIs, taking note of any failed attempts and unusual times.” See the alert on CISA’s Cybersecurity Alerts and Advisories page (separate from their News page): Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means SEP 25, 2024 - Alert

OT continues to be targeted. Onprem solutions are a must in these environments.

Ivanti Connect Secure VPN Under Siege: Critical Zero-Days Exploited for Widespread Breaches In January 2024, cybersecurity firm Volexity discovered two critical zero-day vulnerabilities in Ivanti Connect Secure, a widely used corporate VPN appliance. The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, allowed attackers to execute arbitrary code on affected systems without authentication. Volexity researchers noted that the vulnerabilities were being exploited in the wild by at least one Chinese nation-state threat actor, dubbed UTA0178. The researchers estimated that more than 1,700 Ivanti Connect Secure appliances had been compromised, affecting organizations in various industries, including aerospace, banking, defense, government, and telecommunications. Ivanti released a patch for the vulnerabilities on January 10, 2024, but organizations were strongly advised to apply the patch immediately and also to conduct thorough security scans to identify and address any potential compromises. Here's a summary of the key points: Two critical zero-day vulnerabilities were discovered in Ivanti Connect Secure, a popular VPN solution. The vulnerabilities allowed attackers to execute arbitrary code on affected systems without authentication. The vulnerabilities were being actively exploited by at least one Chinese threat actor. Ivanti released a patch for the vulnerabilities in January 2024. Organizations should apply the patch immediately and conduct security scans to identify and address any potential compromises. Written by ai

The NIS2 Directive, to be implemented in October 2024, expands the scope of the NIS Directive to include critical infrastructures in the connected mobility ecosystem. It emphasizes the need for comprehensive cybersecurity measures and timely incident reporting. The directive applies to a wider range of sectors and entities, with strict enforcement measures and fines for non-compliance. It also highlights the importance of EV charging operators in the EU's sustainable mobility strategy and encourages stakeholders to prioritize cybersecurity. Stakeholders should proactively strive for compliance and enhance their risk assessments and SOC capabilities to comply with the directive and protect against cyber threats.

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said. The company noted that a cyber attack on an OT system could allow malicious actors to tamper with critical parameters used in industrial processes, either programmatically via the programmable logic controller (PLC) or using the graphical controls of the human-machine interface (HMI), resulting in malfunctions and system outages. It further said that OT systems often lack adequate security mechanisms, making them ripe for exploitation by adversaries and executing attacks that are "relatively easy to execute," a fact compounded by the additional risks introduced by directly connecting OT devices to the internet. This not only makes the devices discoverable by attackers through internet scanning tools, but also be weaponized to gain initial access by taking advantage of weak sign-in passwords or outdated software with known vulnerabilities. https://lnkd.in/gjev8MQA

Wireless attacks refer to malicious activities aimed at exploiting vulnerabilities in wireless networks. These attacks target the confidentiality, integrity, and availability of wireless networks and the data transmitted over them. --Eavesdropping (Sniffing): Unauthorized interception of wireless network traffic to capture sensitive information transmitted over the air. Mitigation : Use strong encryption protocols like WPA3 for Wi-Fi networks. --Unauthorized Access: Gaining unauthorized access to a wireless network, often by cracking weak encryption or exploiting other security weaknesses, to steal data or launch other attacks. Mitigation : Implement strong encryption (WPA3), use complex passwords, and enable network access control (NAC). --Rogue Access Points: Setting up unauthorized wireless access points in a network to capture data from legitimate users or to provide attackers with backdoor access to the network. Mitigation : Conduct regular network scans, deploy Wireless Intrusion Prevention Systems (WIPS), and use MAC address filtering --Evil Twin Attacks: Creating a malicious Wi-Fi network that mimics a legitimate one, tricking users into connecting to it in order to steal credentials or other sensitive information. Mitigation : Employ network access controls and educate users to verify network authenticity before connecting --War Driving: Actively searching for wireless networks while moving around, often in a vehicle, using a portable computer or a mobile device to identify vulnerable networks to exploit. Mitigation : Prevent your wireless network from broadcasting its name to make it less visible to casual scanners --Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: Flooding a wireless network with excessive traffic to overwhelm it and render it unavailable to legitimate users. Mitigation : Implement rate limiting, use QoS policies, deploy anti-DoS hardware or software solutions. #wireless #wirelesssecurity #security #networksecurity #network #cc #cissp