Ian Hill hosted a roundtable discussion on disinformation warfare
Daily Archives: June 23, 2022
OT:ICEFALL Research from Forescout Explores Insecure-by-Design State of Operational Technology
OT:ICEFALL Research from Forescout Explores Insecure-by-Design State of Operational Technology
The latest research from Forescout’s Vedere Labs explores the state of risk management in operational technology through the lens of 56 insecure-by-design vulnerabilities.
Background
On June 20, Forescout’s Vedere Labs published their latest research findings into operational technology (OT) vulnerabilities titled OT:ICEFALL. This group has been examining vulnerabilities affecting OT security for a few years now and has produced notable findings including: NUCLEUS:13, NAME:WRECK, NUMBER:JACK and AMNESIA:33.
OT:ICEFALL sought to analyze and understand the prevalence and impact of insecure-by-design vulnerabilities in OT products. The researchers took a systemic look at OT risk management. The research notes that many factors complicate OT risk management including the certification of vulnerable products, lack of CVE assignment and supply chains propagating vulnerabilities. In the course of this research, Forescout also disclosed 56 vulnerabilities across nine vendor’s products. A tenth vendor is also affected by four vulnerabilities, but they are still going through the disclosure process.
Analysis
The 56 vulnerabilities are all tied to “insecure-by-design” flaws common in the OT space within the following products:
Vendor
Impacted Products
Bently Nevada
3700
TDI equipment
Emerson
DeltaV
Ovation
OpenBSI
ControlWave
BB 33xx
ROC
Fanuc
PACsystems
Honeywell
Trend IQ
Safety Manager FSC
Experion LX
ControlEdge
Saia Burgess PCD
JTEKT
Toyopuc
Motorola
MOSCAD
ACE IP gateway
MDLC
ACE1000
MOSCAD Toolbox STS
Omron
SYSMAC Cx series
Nx series
Phoenix Contact
ProConOS
Siemens
WinCC OA
Yokogawa
STARDOM
These vulnerabilities can be grouped into four categories:
Insecure engineering protocols
Weak cryptography or broken authentication schemes
Insecure firmware updates
Remote code execution via native functionality
In a worst case scenario, an attacker with network access to a vulnerable device could exploit some of these flaws to “remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.” According to Forescout, 35% of the 56 vulnerabilities disclosed could allow for firmware manipulation or remote code execution.
This research harkens back to past industrial attacks, like Industroyer and TRITON, that relied on similar insecure-by-design flaws in their targeted OT environments. It also traces its history to Project Basecamp, an effort by Digital Bonds in 2017 to “highlight and demonstrate the fragility and insecurity of most [supervisory control and data acquisition] SCADA and [distributed control system] DCS field devices.”
Proof of concept
There are no proofs-of-concept available for any of the 56 vulnerabilities disclosed. Because “many of [these vulnerabilities] will remain unpatched in production environments for a significant amount of time,” Forescout did not release any technical details of the individual vulnerabilities discovered through the course of its research.
Vendor response
Forescout does not provide specific details on whether or when any of the vendors will be patching these vulnerabilities. Organizations should monitor for vendor advisories from all of their OT providers.
The Cybersecurity and Information Security Agency has also published an advisory for OT:ICEFALL, along with five Industrial Controls Systems Advisories for some of the affected products. Yokogawa has also issued an advisory for the vulnerabilities in its STARDOM product.
Solution
The best defense for these vulnerabilities at this time is to ensure OT best practices are being followed.
Assess systems for vulnerable devices
Segment vulnerable devices, particularly from the internet
Use secure methods for remote access when that access is necessary to operations
Keep up to date on patches from vendors and establish remediation practices
Develop network monitoring rules to block or alert for anomalous traffic
Identifying affected systems
Tenable Research has developed plugins to identify devices that may be vulnerable to the OT:ICEFALL related flaws:
500655 – Saia Burgess OT:ICEFALL Multiple Potential Vulnerabilities
500656 – Honeywell OT:ICEFALL Multiple Potential Vulnerabilities
500657 – Omron OT:ICEFALL Multiple Potential Vulnerabilities
500658 – Emerson OT:ICEFALL Multiple Potential Vulnerabilities
Get more information
Full OT:ICEFALL Report
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 30-day trial of Tenable.io Vulnerability Management.
Amazon thinks it’s really cool that Alexa can mimic your dead grandma’s voice
Amazon has demonstrated an experimental feature that demonstrates how a child can choose to have a bedside story read to him by his Alexa… using his dead grandmother’s voice.
#InfosecurityEurope2022: The NCSC Sets Out the UK’s Cyber Threat Landscape
Marsha Quallo-Wright, deputy director for critical national infrastructure at the NCSC, discusses the latest cyber threat trends impacting the UK
NHS warns of scam COVID-19 text messages
The UK’s National Health Service has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19.
Read more in my article on the Tripwire State of Security blog.
Smashing Security podcast #280: Hot tub hijinx, and a sentient AI
Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Online Safety for Seniors – How to Keep Older Family Members Safe Online
Heard of the sandwich generation? Well, if you’ve got a tribe of kids and parents who are aging then you are a fully-fledged member! And as members of this special club, not only do we need to manage and keep our offspring in check, but we also have to reserve some energy to help our parents navigate life’s challenges which of course includes the online world.
In the broadest sense, the sandwich generation is the ‘caught in the middle’ generation who have living parents and children to care for. More often than not, it’s people like us, smack-bang in middle age, who support both their parents and children financially, physically, and/or emotionally. And with life expectancies looking rosier than ever and many of us choosing to have careers before we become parents, it’s inevitable that us middle-aged folks are feeling a little squeezed at both ends!
Digital Parenting Can Feel All Consuming
Getting our head around keeping our kids safe online can feel overwhelming for many of us. Keeping up with the latest apps, games and platforms can often feel relentless and let’s not forget about trying to weave in cyber safety messages to ensure our kids make safe decisions online too. But when the downside of not being vigilant about online safety is so great, it’s essential that we extend our digital education messages to the older members of the family too!
Over 90% of Aussie Seniors are Connected to the Internet
One of the silver linings of the pandemic is that it gave a real push to those who were resisting getting online. And in most cases, that was the older member of our society. Research from ACMA shows that by 2020, over 90% of Australian seniors had internet connectivity in their homes compared to 68% in 2017. But as we all know, owning a car and driving it are 2 very different tasks!
My parents, who are both in their late 70’s, do a pretty good job of managing their online lives. They bank online, are avid email senders and can even do a little Facetime, thanks to COVID! But they are a work in progress – like everyone. And while I try very hard to keep them up to date with new apps and risks, I have learnt over the years that less is more. That not overwhelming them is actually the key. In fact, the simpler I keep my updates and tips, the more likely they are to get onboard with my message.
So, in the spirit of the experience with my much-loved mum and Dad, I‘d like to share with you the top things you can do to keep your much loved older family members safe when they go online.
1. Invest in Protection Software
I accept that there are no real guarantees in life but there are risk-minimizing decisions. And ensuring all devices have top-level security software is one of those. Not only will this protect your loved ones from downloading viruses and malware, but it will also allow them to shop with confidence at approved ‘safe’ websites, help them manage their passwords, locate their devices plus loads more. It’s such a small price to pay for increased peace of mind. Check out McAfee’s Total Protection software which can protect your family’s entire fleet of devices.
2. It’s All About Passwords
A secure password is a key to keeping one’s online life safe so taking some time to formulate a strategy for older family members is so worthwhile. Downloading a password manager was a total life changer for me. Not only did it help me create complex passwords that no human could ever generate but it remembers them for me too. I only have to remember the master password and it then automatically logs me in! Now, if this was set up carefully for older family members, this could be an amazing tool to protect their online life.
I am also very aware that writing down passwords ‘in a special book’ is used very commonly. And if this is the only way that will work for your family members then try to make these passwords as complex as possible without overwhelming them. A complex, nonsensical sentence would work well here but just ensure each account has its own sentence in case the account gets hacked.
3. Software Updates
Out-of-date software is a little like leaving your front door unlocked – it makes it far easier for unwanted visitors. In almost every case, a software update includes a patch for a security vulnerability – a weak hole in the company’s software that could expose the user to risk. So, when I discovered that my parents were ignoring reminders for updates as they had become very annoying, I sprang into action! Most software updates can be automated so I strongly encourage taking some time to ensure all the software your family members use is set up to update automatically.
4. ScamWatch
Unfortunately, older Aussies are often the target of online scams. Scammers will work overtime to get their trust with the aim of extracting dollars or their personal details. I wish I had a silver bullet that would protect all vulnerable types from these cybercrims, but I don’t. The next best option is to talk about scams and some of the sneaky techniques scammers will use with them. I remind my parents regularly not to reply to emails from people they don’t know, not to even answer calls from numbers they aren’t familiar with and that if they receive a call from their bank and they aren’t sure whether it is legitimate, ask for the caller’s number so you can ring them bank – if the caller is legit, that won’t be a problem.
If you think about it, keeping your older family members only is simply an extension of keeping your kids safe. The messages and strategies are almost identical! So, if your older family members use a Messenger app, why not set up a family group chat with both the younger and older family members? You can share news stories about online risks and better still, get the kids involved too! So, next time your parents have an issue with their phone – the kids will be able to help out! Awesome!!
Take care
Alex xx
The post Online Safety for Seniors – How to Keep Older Family Members Safe Online appeared first on McAfee Blog.
#InfosecurityEurope2022: Actions Not Words: Hacking the Human Through Social Engineering
Jenny Radcliffe, The People Hacker, points to what cybersecurity can learn from a social engineer
Palo Alto adds out-of-band web application security features to Prisma Cloud
Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities. The vendor said the updates are designed to help organizations monitor and secure web applications without impacting performance. The move comes as businesses continue to expand their use of cloud environments and face demands in managing the complexity of cloud migration, securing applications across their lifecycle, and preventing web application attacks.
Prisma Cloud updates introduce “novel approach” to web application security
In a press release, Palo Alto stated that the latest Prisma Cloud version offers a novel approach to securing web applications and cloud environments that combines both inline and out-of-band methods. Until now, a primary approach to securing web applications has been to deploy inline web application firewalls (WAFs), but some organizations are reluctant to introduce WAFs or API security solutions inline to protect business-critical or sensitive applications due to performance and scalability concerns, the vendor said.
#InfosecurityEurope2022: Firms Look To Align Security and Business Risk
Boards increasingly expect to see a return on their investment in cybersecurity