Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware could enable deep lateral movement through the point-to-point and other non-routable connections they maintain to other low-level devices.
To exemplify such a scenario and highlight the risks, researchers from security firm Forescout used two vulnerabilities they discovered in Schneider Modicon PLCs to move deeper into a simulated OT architecture of a movable bridge and bypass all safety mechanisms to cause physical damage.
To read this article in full, please click here
More Stories
Squid Fishing in Japan
Fishermen are catching more squid as other fish are depleted. Blog moderation policy. Read More
Deepfake Ukrainian diplomat targeted US senator on Zoom call
The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top...
Governments Urge Improved Security and Resilience for Undersea Cables
The US, UK, EU and other global partners have called for a global approach to strengthening the security of global...
Ireland’s DPC Hits Meta with €91 Million Penalty for GDPR Violation
Ireland's Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations Read More
US Sanctions Crypto Exchanges for Facilitating Russian Cybercrime
The US has sanctioned Cryptex, PM2BTC and a Russian national for processing hundreds of millions of dollars derived from cybercrime...
NIST Recommends Some Common-Sense Password Rules
NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements...