All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories.

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks

On April 13, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory to warn that certain industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices can be targeted by advanced persistent threat (APT) actors who have the capability to gain full system access, reports Dark Reading.

DYLAN D’SILVA | Security Researcher at Tripwire

For those in the CI (Critical Infrastructure) sectors, and more specifically, for those that are responsible for the security of their respective ICS and SCADA Systems, I hope you are paying attention to the news and advisories being published, for good reason.

Mid last week, CISA and a couple of the other lettered, federal agencies (DoE, NSA, FBI) released a new advisory warning that certain ICS and SCADA systems are being targeted by APT (Advanced Persistent Threat) actors to gain full system access and control.

Vulnerable products include:

  • Schneider Electric PLCs
  • OMRON Sysmac NEX PLCs
  • Open Platform Communications Unified Architecture Servers

Once compromised, the threat actors can then use custom-made tools to scan for additional vulnerable devices so they can take control of them too. Noted in the article is that there is a critical issue with Windows-based engineering workstations, whereby they leverage vulnerable motherboard drivers, whether they are in the OT or IT environment. From there, they could elevate their privileges and (Read more...)