Articles

Rare and dangerous Incontroller malware targets ICS operations

A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.

In the second major industrial control system (ICS) threat development this week, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory (CSA) warning of a complex and dangerous ICS threat. The CSA says that specific unnamed advanced persistent threat (APT) actors have exhibited the capability to gain complete system access to multiple ICS and supervisory control and data acquisition (SCADA) devices.

These agencies collaborated with a group of top-tier industrial control and security leaders including Dragos, Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric in drafting the alert. The CSA pointed specifically to three categories of devices vulnerable to the malware:

  • Schneider Electric programmable logic controllers (PLCs)
  • OMRON Sysmac NEX PLCs
  • Open Platform Communications Unified Architecture (OPC UA) servers

The malware consists of a package of dangerous custom-made tools targeting ICS and SCADA devices that can scan for, compromise and control affected devices once they have established initial access to the operational technology (OT) network.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Frauke Feind from Pixabay

Articles

New FBI strategy seeks to disrupt threat actors, help…

lead centered=”no”
The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.
/lead

Last week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint announcement about the potential threat that foreign-backed online journals pose in spreading misinformation ahead of the crucial 2020 US presidential election. This alert, intended to raise public awareness based on government intelligence, reflects a new strategic direction by the FBI to work with partners across the federal landscape to better protect the American public and its allies from cyber threats.

“It’s a complex threat environment where our greatest concerns involve foreign actors using global infrastructure to compromise US networks,” Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division said during a conference at Auburn University’s McCrary Institute organized to debut the Bureau’s new strategy.

Ugoretz said that among the many factors the FBI must now juggle in dealing with cyber threats are:

  • The increased attack surfaces stemming from widespread work-at-home arrangements due to the COVID-19 crisis
    Attackers’ growing willingness to exploit the increased vulnerabilities the wider attack surface make possible
    The increase in availability of tools that threat actors use to launch attacks
    Growth in the number of both criminal and nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Jack Young on Unsplash