HackDig : Dig high-quality web security articles for hackers

Using “Update.exe” as a Case Study for Robust OT Cybersecurity

In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS/SCADA envi
Publish At:2020-07-07 00:04 | Read:87 | Comments:0 | Tags:Featured Articles ICS Security cyberattack ICS security malw

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above 150 days
Publish At:2020-07-06 00:55 | Read:123 | Comments:0 | Tags:Featured Articles ICS Security Center for Internet Security

How to Reduce the Risk of Misoperations in Your Bulk Electric Systems

Reliability is essential to the functionality of an electric power grid. This principle guarantees that a constant qualitative and quantitative supply of electric power is flowing from a provider to businesses, homes and more. It’s what enables electric power to drive life forward in modern society.As a result, there’s reason to be concerned about events tha
Publish At:2020-06-25 02:23 | Read:87 | Comments:0 | Tags:Featured Articles ICS Security Bulk Electric System NERC rel

Transportation Systems Sector Cybersecurity Framework Implementation Guide

As smart ticketing systems and technological solutions become more prevalent in the transportation industry, the issue of transportation systems’ cybersecurity becomes a greater concern.Transportation Systems Cybersecurity is a Major ConcernIn August 2019, Transport for London (TfL) was forced to temporarily close down the online facility for its Oyste
Publish At:2020-06-23 00:12 | Read:106 | Comments:0 | Tags:Featured Articles ICS Security NIST train underground

Podcast Episode 8: Industrial Cybersecurity – From HVAC Systems to Conveyor Belts

Tripwire’s General Manager of Industrial Cybersecurity, Kristen Poulos, discusses the risks that come with the increasing number of connected devices operating on the plant floor and throughout facilities. In this episode, Kristen shares how IT can partner with OT to protect the safety, productivity, and quality of operations.Spotify: https://open.spot
Publish At:2020-06-16 16:30 | Read:150 | Comments:0 | Tags:ICS Security Podcast Industrial Control Systems information

Final Version of NIST SP 1800-23 Guides Identification of Threats to OT Assets

In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guid
Publish At:2020-06-08 01:09 | Read:199 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST operat

A Look at Trump’s Executive Order to Secure the Bulk Power System

On May 1st President Trump signed an Executive Order on “Securing the United States Bulk-Power System.” The order cites foreign adversaries and their increased creation and usage of vulnerabilities against the power grid as the primary driver. In my opinion, perhaps more interesting is the inherent ties to the NERC standards, namely CIP-010 R4 and CIP-013, t
Publish At:2020-05-24 09:56 | Read:188 | Comments:0 | Tags:ICS Security Regulatory Compliance Critical Infrastrucutre P

Oil and Gas Sectors Targeted by AgentTesla Infostealer Campaigns

Digital attackers used spearphishing campaigns to target oil and gas companies with samples of the AgentTesla infostealer family.In the first campaign spotted by Bitdefender, malicious actors sent out emails that appeared to originate from Egyptian state oil company Engineering for Petroleum and Process Industries (Enppi). Those emails invited recipients to
Publish At:2020-04-21 10:27 | Read:535 | Comments:0 | Tags:ICS Security Latest Security News AgentTesla gas oil

Realizing Hybrid Asset Discovery with Tripwire Industrial Appliance

Digital attacks continue to weigh on the minds of industrial cybersecurity (ICS) professionals. In a 2019 survey, 88% of ICS experts told Tripwire they were worried about what a digital attack could mean for their industrial organization. The rate was even higher for those working in the manufacturing and oil & gas sectors at 89% and 97%, respectively.Su
Publish At:2020-04-15 00:01 | Read:537 | Comments:0 | Tags:ICS Security asset discovery Devices ics

Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools

Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness.Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a teenager, but I was instantly hooked once I started. Why? Because the clock didn’t lie. The tape measure didn’t lie. The fast
Publish At:2020-04-06 16:53 | Read:570 | Comments:0 | Tags:ICS Security ICS security Security Tools

Industrial Entities in Middle East Targeted by WildPressure APT Operation

A newly detected advanced persistent threat (APT) operation called “WildPressure” targeted industrial organizations and other entities in the Middle East.Researchers at Kaspersky Lab observed WildPressue distributing samples of a fully operation trojan written in C++ called “Milum.” With timestamps dating back to March 2019, these sam
Publish At:2020-03-26 10:40 | Read:374 | Comments:0 | Tags:ICS Security Latest Security News Middle East Milum WildPres

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used as if they are interchangeable, this is not the case. Most are confused
Publish At:2020-03-19 00:24 | Read:536 | Comments:0 | Tags:ICS Security ICS Systems Patch Management

Navigating ICS Security: Having your Action Plan Ready

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice, it is
Publish At:2020-02-09 10:22 | Read:321 | Comments:0 | Tags:ICS Security CMA ics OT

Why Asset Visibility Is Essential to the Security of Your Industrial Environment

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year.These digital threats confronting ICS systems com
Publish At:2020-02-09 10:21 | Read:589 | Comments:0 | Tags:ICS Security asset discovery Industrial Passive Asset Discov

So You Want to Achieve NERC CIP-013-1 Compliance…

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a backdoor in third-party accounting software. To safeguard North America’s electricity supply, the North
Publish At:2020-02-09 10:21 | Read:882 | Comments:0 | Tags:ICS Security CIP-013-1 compliance _NERC

Announce

Share high-quality web security related articles with you:)

Tools