Industrial Cyber Security Blog

Industrial Cyber Security Blog

13 Vulnerabilities Discovered in a Widely Used Industrial Router 11 Oct 2021
OTORIO’s Pen Testers discovered 13 highly severe vulnerabilities in one of InHand’s industrial routers
Four Critical Vulnerabilities Discovered in Bosch Rexroth WEB Interfaces 04 Oct 2021
With criticality scores of 10 and 8.6, these vulnerabilities are easy to exploit and allow unauthenticated attackers to penetrate and take over industrial control systems.
RaaS Strikes Again, the Latest Ransomware Attack Disrupts the Operations of Another Critical Infrastructure Operator 06 Aug 2021
The RaaS business model is a subscription-based model that works in a manner similar to Software as a Service (Saas) business models.
IT/OT Convergence Gains First Unified Cyber Security Solution 28 Jul 2021
OT, IT, and IoT are rapidly converging. All three domains are under increasing threats that steal vital information, halt production, and even put human lives at risk. The era of treating their cybersecurity needs separately is coming to a close.
Can a Simple Human Error Cost Your Company $50 Million? 23 Jul 2021
While Saudi Aramco is deep in the throes of a dangerous data leak and ransom demand, cybersecurity pros manning the gates at other critical industrial facilities had better consider the ramifications for their own company’s well-being and right away.
Selecting the Best Industrial Cyber-security Vendor 18 Jun 2021
Choosing the right security vendor for your company is a handful, especially in “insecure-by-design” environments like ICS/OT which require the highest level of expertise
The White House: No Company Is Safe From Being Targeted By Ransomware 04 Jun 2021
The letter sent out on June 3rd by the US National Security Council's top cyber official, less than a week after the DHS/TSA directive, leaves no doubt: No company is safe from being targeted by ransomware.
Cybersecurity Legislation 2021: The US Government Against Ransomware 03 Jun 2021
The recent flood of serious ransomware attacks on critical infrastructure targets – with the latest being the attack on Colonial Pipeline - has led the US government to turn up the heat on critical infrastructure cybersecurity measures.
Yet Another Large Packing Company Disrupted by a Cyberattack 27 May 2021
In 2021, the damage caused by cyberattacks has moved beyond data breaches and financial costs, to production shutdowns and severe operational disruptions.
It Takes a Village to Secure the Cyberspace 18 May 2021
We have a responsibility to share our experience and collaborate with the wider industrial cybersecurity community.
Colonial Pipeline Ransomware: Part of a Growing Trend of Industrial Cyberattacks 09 May 2021
200% Increase in Disruptive Industrial Cyber Attacks in Q1 2021
White House Highly Concerned about Critical Control System Cybersecurity - Four Quotes and Recommendations 14 Apr 2021
In this blog, we will review four of the main concerns expressed by the two US cybersecurity leaders and we will offer advice on how they can best be addressed.
Ransomware: Hospitals and Healthcare are Targets 01 Apr 2021
The explosion of ransomware attacks against healthcare provider networks demands a rethinking of cyber response policy.
Maritime Port Cyber Security: The Achilles Heel of the Global Economy 18 Mar 2021
Read this Blog to learn why securing the industrial networks, that control the world’s physical ports, demands a different type of maritime cybersecurity approach.
The Predictions Were Right: In 2021, Ransomware will Physically Impact Operations 15 Mar 2021
The trend of increasing ransomware attacks continues in 2021. Read about a few of the major operational disruptions that happened in the last 3 months.
Why We Integrated MITRE ATT&CK into RAM² Industrial Risk Management Platform 11 Mar 2021
In this blog, we’ll take a quick look into what MITRE ATT&CK is, and why we felt it was important enough to tie so closely to our RAM² solution.
OTORIO’s Pen-Testers discovered more than 20 vulnerabilities in a popular Industrial Remote Access Solution 02 Mar 2021
OTORIO’s Pen-Testers discovered more than 20 vulnerabilities in the MBConnect remote access solution. Attackers can disrupt production by exploiting these vulnerabilities.
Kia Ransomware Attack: Part of an Automotive Cyberattacks Trend? 18 Feb 2021
The recent KIA Ransomware attack is not the first cyberattack targeting automotive manufacturers
Florida’s Water Poisoned by Hackers: A Warning Signal 10 Feb 2021
We should consider the attack on Florida water systems a warning signal. What can we do to prevent a successful attack? Be proactive
Ransomware: The Cyber Attacks on The Automotive Industry 09 Feb 2021
Attacks across all sectors are growing bolder, more frequent, and exponentially more expensive. A recent report found that ransomware attacks targeting the industry were second only to those targeting government in prevalence.
OTORIO Unveils a GE-CIMPLICITY Security Hardening Open-Source Tool 02 Feb 2021
Today we are releasing a new Windows hardening tool for one of the most commonly used HMI/SCADA systems: GE Digital’s CIMPLICITY.
Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight 22 Jan 2021
OTORIO researchers joined forces with Check Point Research to analyze a large scale phishing campaign.
Ransomware: Is Industry Ready? 21 Jan 2021
In 2020, manufacturing and industry were increasingly in the crosshairs of ransomware threat actors. Attacks are growing bolder, more frequent, and exponentially more expensive.
The Two Sides of the OT-Security Equation 18 Jan 2021
In today’s volatile cybersecurity climate, the only way to truly mitigate damage is to prevent it. The question is, how?
2021 Cyber security predictions: These two words should keep security experts up at night 14 Dec 2020
Cyber security predictions for 2021 and the two words that should keep you up at night.
What We’ve Learned from the December 1st Attack on an Israeli Water Reservoir? 03 Dec 2020
On December 1st, 2020, an Iranian threat-actor published a video of a breach in an Israeli reclaimed water reservoir HMI system.
Supply Chain Cybersecurity: If You’re Insuring an Industrial Company, You Need to Watch Its Supply Chain Too 02 Nov 2020
Insurers dealing with supply chain cybersecurity should be aware of the risks in the industrial and manufacturing sectors.
Cybersecurity Threats Facing the Oil & Gas Sector 14 Oct 2020
This blog post gives an overview of how easy it is to perform cyberattacks on the oil and gas sector.
Operational Resilience Management: A Brave New World 08 Oct 2020
Given that digital and cyber risks are on the rise, it's time to change old cybersecurity paradigms and adopt operational resilience management.
Ransomware in Industrial Networks: Are Insurance Payouts Still Viable? 29 Sep 2020
The explosion of ransomware attacks against industrial networks demands a rethinking of cyber insurance ransomware response policy.
How to Define Industrial Security Systems Testing Criteria 23 Sep 2020
How to define industrial security systems testing criteria and choose an attack scenario tool.
Two Critical Configuration Issues Discovered in Siemens DCS System 17 Sep 2020
OTORIO Cybersecurity Research and OT incident response team recently discovered two critical issues in the way Siemens’ PCS 7 DCS systems are configured.
IT vs OT security: The Operational Technology Guide For Professionals 01 Sep 2020
As industrial systems (OT) continue to digitize, IT security teams should get to know the new OT environment and how it differs from IT.
How Cyber Criminals Collect Confidential Intelligence on Industrial Victims 26 Aug 2020
In this blog post, we present some of the ways cyber criminals collect information about their victims in order to initiate a harmful attack.
OT's Journey Towards Automation & Automated Risk Metrics 26 Jul 2020
The next generation of OT security solutions should fuse asset discovery with automated and operation context risk metrics.
Industrial Security Bulletin - Week 29 - July 21, 2020 21 Jul 2020
Ransomware attacks continue to make headlines in this week's edition of the Industrial Security Bulletin. 
Industrial Security Bulletin - Week 28 - July 14, 2020 14 Jul 2020
3 major industrial companies have been attacked by maze ransomware and 3 new ICS vulnerabilities were mitigated for week 28.
Understanding the Ransomware Victim Profile (Part Two) 02 Jul 2020
The earlier a company understands its ransomware "victim profile”, the better it can prepare for a potential attack.
Understanding the Ransomware Victim Profile (Part One) 29 Jun 2020
Understanding how ransomware attacks work is the key to dealing with them, and perhaps, preventing them altogether 
OTORIO Researchers Discover a Vulnerability in a Critical Operational Technology System 18 Jun 2020
In the advisory, OSIsoft reported a vulnerability that affects their PI System, a data management platform that accesses a broad range of core OT network assets in its sites. 
ICS Cyber Security - The Risk of Exposed ICS to Industrial Companies 10 May 2020
Internet connectivity allows manufacturers to improve efficiency and improve profitability. The flip-side is exposing ICS's to the internet - and to cybercriminals. 
Industrial Cyber-Security During COVID-19: From a Hackers’ Paradise to Resilient Remote Operations 04 May 2020
The increased remote work triggered by COVID-19 caught industrial security teams off guard. To continue production without compromising cyber-security, follow our experts’ recommendations.
Cyber Criminals Extend their Global Reach to More Industries 01 May 2020
Cyber-criminals are expanding their global reach and targeting more industries than ever before. Threat actors are creating new industrial victims.
Coronavirus: Time for Remote Connection Solutions for ICS 26 Mar 2020
The new reality imposed by Coronavirus has limited face-to-face interactions, forcing industrial companies to shift to remote operations.
Safe Digitalization Principles for Manufacturing SMBs in face of COVID-19 20 Mar 2020
COVID-19 is one of the greatest challenges of our time. Yet for manufacturing SMBs who are open to new digital strategies, it entails a unique opportunity (part 2 of 2).
COVID-19 is a Wake-up Call for Manufacturing SMBs 18 Mar 2020
COVID-19 is one of the greatest challenges of our time. Yet for manufacturing SMBs who are open to new digital strategies, it entails a unique opportunity (part 1 of 2).
Industrial Security Bulletin (Feb '20) 09 Mar 2020
Lemon Duck hits masses of machines running EoS Win7; US gas compression plant attack, OT disrupted;  Ransomware halts Canadian paper producer.
Ransomware Targeting Industry 4.0 27 Feb 2020
Clop ransomware evolved from targeting individual Windows users to enterprises and has now evolved further to target industrial companies.
OTORIO Identified a Vulnerability in Siemens Devices Used for Critical Infrastructure 11 Feb 2020
The newly-identified vulnerability lays in the implementation of the Profinet stack with implications for a variety of industrial verticals.
Industrial Security Bulletin (Jan '20) 10 Feb 2020
Snake ransomware targets ICS, Ryuk hits Oil & Gas facilities, Data breach in Mitsubishi Electric, a key player in EU energy hit by a trojan.
Snake: Industrial-focused Ransomware with Ties to Iran 28 Jan 2020
OTORIO researchers flag an Iranian connection in a new strain of ransomware aimed at disrupting the activity of Industrial Control Systems (ICS).
Why We Need to Prepare for an Iranian Attack on ICS 06 Jan 2020
Iran has proven capabilities to launch cyber-attacks on ICS, and with the tension rising, industrial companies would be wise to be prepared.
Industrial Security Bulletin (Dec '19) 06 Jan 2020
Ransomeware hit US Maritime facility, an attempt at BMW and Hyundai secrets, IoT malware targets ICS, Siemens scammer sent to jail.
Industrial Security Bulletin (Nov '19) 09 Dec 2019
India’s largest nuclear power plant hit by a cyber-attack, global oil & gas sector affected by botnets, FBI warns the US Automotive sector.
Industrial Security Bulletin (Oct '19) 04 Nov 2019
Pilz hit by a Ransomware attack, Massive IT disruption paralyzes Porsche production, Russian hackers cloak attacks using Iranian group.
Manufacturers Unknowingly Leak Classified Project Files 29 Oct 2019
New research by OTORIO discovers highly sensitive information publicly available online belonging to some of the largest industrial companies in the world.
Industrial Security Bulletin (Sep '19) 07 Oct 2019
First-ever DoS cyber-attack on A U.S. power grid, U.S. Utility is a target of LookBack malware, and Airbus suffered a series of cyberattacks.
DoS Attacks Used as Smoke Screens, and How to Prevent Them 10 Sep 2019
DoS attacks are known for disrupting systems by flooding them with traffic, but sometimes that is not the only objective. Here is what can be done about it.
Industrial Security Bulletin (Aug '19) 09 Sep 2019
Spear-fishing on US utilities companies; Ukrainian power systems utilized by employees to mine cryptocurrency.
Industrial Security Bulletin (July '19) 05 Aug 2019
Ransomeware at a Johannesburg-based Power company, WINNITI Group is targeting the German industry, and ISA introduces a new Cybersecurity Alliance.
The Five Essentials for Safe Digitalization 16 Jul 2019
In today’s competitive global market, traditional industries need a paradigm change in their cybersecurity approach to better support their ongoing digitalization.
5 Cyber Attack Motives Your Industry May Face 10 Jul 2019
Malware doesn’t shut down plants, people do. Learning about the people behind the industrial cyber-attacks will help to prevent the next cyber disaster.
Industrial Security Bulletin (June '19) 08 Jul 2019
TRISIS scans US power grid, Belgian aircraft parts manufacturer shutdowns because of ransomware, and the US launches Cyber-attack on Iranian weapon systems.
Industrial Security Bulletin (May '19) 10 Jun 2019
Only one significant event has been reported this month, ransomware called Robinhood.
Industrial Security Bulletin (April '19) 06 May 2019
Three days shut down at a Thai plant, two companies fall victim to the LockerGoga ransomware, and one European manufacturer hit by a paralyzing ransomware attack.
Industrial Security Bulletin (March '19) 07 Apr 2019
A $40m ICS ransomware attack, a massive personal information exposure of 3 million clients, and one of every two computers found to be affected by ICS malware.
Industrial Security Bulletin (Feb '19) 05 Mar 2019
A dramatic increase in cyber attacks on German OT networks the U.S. takes actions against cyber-threats on critical infrastructure, IoTSI releases a framework to safeguard connected cities.
Most Popular Posts
02 Mar 2021 OTORIO’s Pen-Testers discovered more than 20 vulnerabilities in a popular Industrial Remote Access Solution more
10 Feb 2021 Florida’s Water Poisoned by Hackers: A Warning Signal more
11 Dec 2020 Containing Risks by Leveraging Digital Twins: An Innovative Collaboration between Accenture Labs and OTORIO more
×

OTORIO website uses cookies. By continuing to browse the site you are agreeing to our use of cookies. For more details about cookies and how to manage them, see our cookie policy.

Continue