Rockwell's New Advisory: Enhance ICS Security by Disconnecting Internet

-

 Source: Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats (thehackernews.com)


Rockwell Automation, a leading American provider of industrial automation technology, recently updated its customers via an urgent advisory, imploring all of them not to allow public internet access to their industrial control systems (ICS). The reasoning behind this advisory is the intent to safeguard such systems against the increasing threat of malicious cyber activities, such as those driven by APTs and nation-states. This comes at a time when geopolitical tensions have reached their highest levels in recent memory across the globe, and cyber is being seen by many as a relatively low-cost but high-reward tool to use against one's adversaries globally. 

Consequently, the advisory emphasizes that by nature, ICS systems should never be configured to connect directly to the public internet in the first place, as doing so significantly increases the attack surface of their users while exposing such systems to increasingly dangerous cyberspace. In this light, disconnecting such devices is a proactive measure to safeguard companies and organizations that continue utilizing them for various purposes. Furthermore, customers of Rockwell Automation are further encouraged to seek out and identify all possible server and internet connections to ICS devices that aren't meant to be publicly accessible and to terminate such connections, as doing so will significantly reduce the risk of successful cyberattacks from threat actors that exploit such devices and connections. 

Similarly, the US governmental agency known as the Cybersecurity and Infrastructure Security Agency, CISA, has also echoed the sentiments expressed by Rockwell, as they recommended that users and administrators follow previously released guidelines by the agency. These include instructions surrounding measures to enhance security in ICS and operational technology (OT) environments, which are vital to protecting critical infrastructure. As history has shown, critical infrastructure heavily depends on ICS and OT. As such, attacks that utilize them as vectors to attack such infrastructure can have especially deadly impacts, such as affecting a nation's power, water, or even manufacturing industries. 

Highlighting this threat is the fact that research conducted recently and presented at the NDSS Symposium in March of this year revealed that Stuxnet-style capabilities were present in the arsenals of cyber attackers. Web applications hosted by embedded web servers within programmable logic controllers (PLCs) were the main targets of such attacks. These PLCs would be exploited through their web-based interfaces, upon which attackers would then gain initial access and move on to manipulate legitimate APIs to sabotage the underlying machinery. Consequently, this worrying revelation means that threat groups could potentially launch malware with the sole purpose of causing destruction and wreaking havoc at targets of their choice, and with PLC devices being directly connected to the internet, the risk of such attacks rises even further. 

To mitigate the impact of such attacks, organizations are encouraged to limit direct internet access to their ICS systems as much as possible, along with conducting security-related audits of remote access points. Doing so, while also restricting legitimate users' access to control system tools and scripts, will go a long way to improving the security posture of organizations that utilize such systems, many of which are related to critical industries. Consequently, the risk of catastrophic failure due to cyberattacks can be significantly mitigated, which will be important in deterring such threats globally. 


For more details, check out The Hacker News

Comments

Post a Comment

Popular posts from this blog

Configuring Secure Cloud Networks with VPN and NAT on AWS: A Personal Project

-
Image
As a passionate and driven cybersecurity enthusiast, I embarked on a side project to enhance my knowledge of cloud security and networking using AWS. This project involved setting up a secure network across two AWS regions using custom VPNs and NAT on EC2 instances. The hands-on experience not only deepened my understanding of AWS but also set me on a path towards better understanding the principles of cloud security as a whole. Objectives and Requirements Objective: Demonstrate configuring a secure network across two AWS regions using custom VPNs and NAT on EC2 instances. Requirements: Select two AWS cloud regions. Create a VPC in each region with distinct CIDR blocks. Configure a public and private subnet in each VPC. Deploy a VPN Gateway VM in the public subnet and a Private VM in the private subnet of each region. Establish a secure tunnel using VPN software between the VPN Gateway VMs. Configure the VPN Gateway VM to provide NAT functionality for the Private VM. Update route table...
Read more

How Misconfigurations Outweigh CVEs in Cybersecurity Risks

-
  Source:  New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs (thehackernews.com) Research conducted by XM Cyber has uncovered that a whopping 80% of security exposures are due to misconfigurations, while a comparatively minuscule 1% are from Common Vulnerabilities and Exposures (CVEs). Their research, which has studied over 40 million exposures, underlines that more efforts should  be directed  toward properly configuring systems to reduce cyber risk.  Focusing solely on  CVEs  results is a flawed security posture, as misconfigured systems can pose a more substantial risk to critical assets than previously understood. They can create more challenging vulnerabilities, especially since they do not appear on typical vulnerability scans that target software versions rather than configurations. Furthermore, with traditional security measures typically  being  CVE-focused, the odds of misconfigurations slipping ...
Read more

30+ Tesla Cars Compromised Due to TeslaLogger Vulnerability

-
Source:  30+ Tesla Cars Hacked Globally Using Third-Party Software (cybersecuritynews.com) Following up on our most recent blog post regarding the threat posed by misconfigurations, a recent incident impacting Tesla places those findings under a brighter spotlight. Due to vulnerabilities caused by misconfigurations in TeslaLogger, a third-party software used for data logging, security researcher Harish SG uncovered that  its insecure default settings could be exploited  to gain unauthorized access. After Harish discovered the issue, it  was reported  to the platform's maintainer, who  is expected  to have taken actions to mitigate or resolve that risk.  It is essential to clarify that the vulnerability and potential remote access associated with it did not reside in Tesla's vehicles or in Tesla's infrastructure but rather stemmed from misconfigurations surrounding the use of default credentials and improper storage of API keys by TeslaLogger. Desp...
Read more