cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Shlomi_Feldman
inside SCADA Solutions Wednesday
views 64
Employee+

Vulnerabilities Remediation

Hi Checkmates, Almost on weekly bases we get notifications about new detected vulnerabilities related to OT/ICS equipment. In several cases these vulnerabilities make a huge buzz in the market, like we noticed with the VxWorks Urgent/11. In most cases it takes significant amount of time for the vendors to deliver patches to solve the vulnerabilities and on the same time we shouldn’t forget the fact that OT/ICS customers don’t patch their equipment.     Attached you can find the recently released notification by Schneider electric concerning a vulnerability at high-end PLC M580. The reason I share with you the info, is not because this vulnerability is special, but to show you how simple the vendor remediation instructions are and even more important how it correlate with our story.   Set up network segmentation and implement a firewall to block all unauthorized access to port 80/HTTP on the controllers. Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. All methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. should be scanned before use in the terminals or any node connected to these networks Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.   Next time you will need to address this issue with your customers, please don’t forget to show this example for the customer.
Shlomi_Feldman
inside SCADA Solutions Wednesday
views 94 3
Employee+

BLUEPRINT FOR SECURING INDUSTRIAL CONTROL SYSTEMS

Hi Checkmates, I want to share with you all the latest document we released concerning ICS security. This is by far one of the most detailed documents currently available in the market which can assist most of us when coming to design a solution for ICS environment. https://www.checkpoint.com/downloads/products/cp-industrial-control-ics-security-blueprint.pdf   Special thanks for Jeroen De Corel for the excellent work writing this paper.
Shlomi_Feldman
inside SCADA Solutions 2 weeks ago
views 204 1
Employee+

OT CYBER SECURITY INCIDENTS MATRIX

Hi to all SCADA/ICS followers I found a very interesting article by FireEye research team. I liked how they created categories and classes and what kind of equipment take part of these classes. Further I liked how they took major attacks which occurred, how sophisticated they were and how deep was it impact on OT network.  I hope you will find this information interesting    https://www.fireeye.com/blog/threat-research/2019/09/ontology-understand-assess-operational-technology-cyber-incidents.html      
Shlomi_Feldman
inside SCADA Solutions 2 weeks ago
views 273 4
Employee+

Urgent/11 - 11 Zero Day Vulnerabilities Impacting VxWorks, the Most Widely Used Real-Time Operating

In the last several days, we notice a large campaign advising about discovered vulnerabilities concerning VxWorks operating system. some publications claim that the vulnerabilities effect 200 million devices, while other claim it effect up to 2 billion devices. The danger of these vulnerabilities stand in the fact that this operating system is very common in use in s variety large and completely different sectors. in addition, there is no clear visibility which devices exactly uses this operating system. Even the researcher which found the vulnerabilities https://armis.com/urgent11/#/devices are unable to provide exact and detailed list about the effected devices. this lack of visibility pose real difficulty for the users attempting to mitigate this risks. I would be more than happy to get your comments and thoughts about the issue
Shlomi_Feldman
inside SCADA Solutions 3 weeks ago
views 206
Employee+

The Cyber Risk to Food Processing and Manufacturing

Every time when ICS/OT topic is discussed, we immediately think about critical infrastructure and utilities, running in our heads the most terrible apocalyptic scenarios.  however we never stop a second to think about the system that responsible to provide us the food we eat.  these system are less critical/important than utilities? what can be a possible effect on our lives and what might be the risks? ICS and IOT technologies are an important part of the food industry and these system should be protected as any other ICS/IOT system. I found this document which focus on the 
Shlomi_Feldman
inside SCADA Solutions 3 weeks ago
views 219
Employee+

ThreatCloud - Threatmap

I love to watch the threatmap for hours. however I didn't liked the fact that the most targeted industries are utilities. Understanding the effect of a possible cyber attack on utilities is just terrifying. 
Shlomi_Feldman
inside SCADA Solutions 4 weeks ago
views 213 1
Employee+

Rogue 7: Black hat full session

hi SCADA experts, finally released an uploaded to YouTube!!! the full session from Black hat concerning the rogue 7 Siemens S7-1500 vulnerabilities. it amazing to see how vulnerable the latest and most secured PLCs by Siemens are.
Shlomi_Feldman
inside SCADA Solutions 2019-09-08
views 94
Employee+

Developing Cyber Resilient Systems

Hi to you all OT/SCADA/IOT cyber experts I want to share with you the latest document released by the NIST organization. I highly recommend you to go directly to Appendix I and J which directly relate to OT systems and then to return and to read the relevant parts. enjoy
Shlomi_Feldman
inside SCADA Solutions 2019-08-28
views 114
Employee+

Oil and Gas Firms Targeted By New LYCEUM Threat Group

information recently published   https://threatpost.com/oil-and-gas-firms-targeted-by-new-lyceum-threat-group/147705/
Shlomi_Feldman
inside SCADA Solutions 2019-08-26
views 183 2
Employee+

short Quiz

anyone got a clue, what is the sever vulnerability of the PLC in the image?    
Valeri_Loukine
inside SCADA Solutions 2019-08-23
views 3272 5 2
Admin

White Paper - Securing Industrial Control Systems - Check Point AAD

Securing Industrial Control Systems Check Point AAD (Anomaly and Asset Detection) Mapped to NISTIR 8219 Behavioural Anomaly Author @Mark_Barnes  Abstract: The US National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence (NCCoE), in conjunction with NIST’s Engineering Laboratory (EL) recently released a draft paper, Interagency Report 8219 - named: “Securing Manufacturing Industrial Control Systems: Behavioural Anomaly Detection (BAD)”, putting forth the idea that anomaly detection is an essential tool for owners of Industrial Control Systems (ICS) to identify, mitigate and remediate Cyber threats to Operational Technology (OT) environments. The goal of this document is to raise awareness of a Check Point tool, Asset and Anomaly Detection (AAD), available to ICS owners, both government and commercial and to compare the Check Point solution to the ideas put forth in the NIST paper.   For the full list of White Papers, go here. 
Shlomi_Feldman
inside SCADA Solutions 2019-08-16
views 126 1
Employee+

Cybersecurity for Distributed Energy Resources

An interesting paper especially for our friends on the other side of the Atlantic ocean.  The National Cybersecurity Center of Excellence (NCCoE) is responding to a need within the energy sector to protect information exchanges between utilities and distributed energy resources (DERs) in their operating environments. As an increasing number of DERs are connected to the grid, this growth provides an opportunity to examine its impact on the cybersecurity of these connections. Although the paper was written by a US based organization, the paper point of view is important for all regions. as part of the green energy trend, we notice more and more energy resources connecting to the grid.   enjoy reading and let me know if you have any question
Shlomi_Feldman
inside SCADA Solutions 2019-08-12
views 166 1 1
Employee+

Rogue7: Rogue Engineering-Station attacks on S7 Simatic PLCs

during last week Black hat event, a team of Israelis university researches published their recent work. In the research they share with us to they managed to attack the latest generation Siemens S7 PLCs, which are considered the most secured in the industry. I hope you will find it interesting. if you have any question please don't hesitate to contact me
Shlomi_Feldman
inside SCADA Solutions 2019-07-13
views 441 1
Employee+

A funny approach what is PLC

Many times I think that the ICS/SCADA cyber security subject, is too serious based on doomsday imagination. this is why I like such comic publication, as it explain us the subject but still don't save us from all the fear aspects. small spoiler, I never thought that the first ICS cyber attack took place in the star-wars movies      
Shlomi_Feldman
inside SCADA Solutions 2019-07-04
views 427
Employee+

Schneider Electric Modicon Controllers

2 days ago the US ICS-CERT released a vulnerability notification related to Schneider electric Modicon Controllers. you can find the notification attached. While Schneider offer to M580 and M340 controllers owners, a firmware update which solves the vulnerability. Schneider don't offer any practical solution for Quantum and Premium controllers owners and the only solution is to replace these old controllers with the new models. as controllers upgrade is not a simple nor cheap process, most of the owners will not make it and will remain unprotected. Schneider recommend to mitigate risks associated with this  vulnerability, users should immediately set up network segmentation and implement a firewall to block all unauthorized access to Port 502/TCP. This is the first time we notice a vendor of Schneider scale, recommend about specific active Firewall policy to BLOCK  to block all unauthorized access to Port 502/TCP.