Articles about ics

Power plant + electricity pylons at sunset

Legacy kit, no antivirus, weak crypto. Yep. They're talking critical industrial networks

Traffic analysis on 375 industrial networks worldwide has confirmed the extent to which hackers target industrial control systems (ICS). The study by CyberX also found that industrial networks are both connected to the internet and rife with vulnerabilities including legacy Windows boxes, plain-text passwords and a lack of …
John Leyden, 24 Oct 2017

North Korean hackers allegedly probing US utilities for weaknesses

Hackers believed to be from North Korea are casing out US electric companies in preparation for a possible cyber attack – so says security firm FireEye. "FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to US electric companies by known cyber threat actors likely affiliated with the North …
John Leyden, 11 Oct 2017

Should you stay awake at night worrying about hackers on the grid?

Analysis The energy sector across multiple Western countries is under intensified assault by hackers. Security experts warn that industrial systems are wide open to potential exploit once hackers secure a foothold, the most difficult part of the hacking process, using targeted phishing or similar tactics. The UK's government lead cyber …
John Leyden, 28 Jul 2017

Move over, Stuxnet: Industroyer malware linked to Kiev blackouts

Security researchers have discovered malware capable of disrupting industrial control processes. Industroyer can cause the same sort of damage as BlackEnergy, a malware strain blamed for attacks on energy firms that caused blackouts in Ukraine in December 2015. The malware may have featured in follow-up attacks last December …
John Leyden, 12 Jun 2017
Building Dounreay Fast Reactor copyright Dounrea Site Restoration Ltd and Nuclear Decommissioning Authority

Power plant cyber threat: Lock up your ICSs and SCADAs

Nuclear power stations have been told to tighten their defences after government officials warned of a "credible" cyber threat. Intel agencies are warning that terrorists, foreign spies and hacktivists are all looking to exploit "vulnerabilities" in the nuclear industry's internet defences, The Telegraph reports. Security bugs …
John Leyden, 3 Apr 2017

Malware 'disguised as Siemens software drills into 10 industrial plants'

Malware posing as legitimate software for Siemens control gear has apparently infected industrial equipment worldwide over the past four years. The cyber-nasty is packaged as software to be installed on Siemens programmable logic controllers (PLC), we're told. At least 10 industrial plants – seven in the US – were found …
John Leyden, 22 Mar 2017
milk production line. Photo by SHutterstock

Schneider Electric plugs gaping hole in industrial control kit

A vulnerability in Schneider Electric’s industrial controller management software created a possible mechanism for hackers to plant malicious code on industrial networks. Industrial cybersecurity firm Indegy discovered the recently resolved flaw in Schneider Electric’s flagship industrial controller management software, Unity …
John Leyden, 27 Oct 2016

'Irongate' attack looks like Stuxnet, quacks like Stuxnet ...

FireEye threat researchers have found a complex malware instance that borrows tricks from Stuxnet and is specifically designed to work on Siemens industrial control systems. Josh Homan, Sean McBride, and Rob Caldwell named the malware "Irongate" and say it is probably a proof-of-concept that is likely not used in wild. …
Darren Pauli, 3 Jun 2016
Water Treatment Centre pipe sluices off water. Photo by Joe Jungmann, released into the public domain

Water treatment plant hacked, chemical mix changed for tap supplies

Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water, we're told. The cyber-attack is documented in this month’s IT security breach report (available here, registration required) from Verizon Security Solutions. The utility in question is referred to using a …
John Leyden, 24 Mar 2016
London Overground and a Southeastern train near Bermondsey. Pic: Matt Buck

Irked train hackers talk derailment flaws, drop SCADA password list

32c3 A trio of Russian hackers say core flaws in rail networks are opening trains to hijacking and derailment and have published dozens of hardcoded industrial control system credentials to kick vendors into action. description Sergey Gordeychik (right), Gleb Gritsai, and Aleksandr Timorin (rear). Industrial control specialist …
Darren Pauli, 4 Jan 2016
Switch

Crumbs! Stricken Kiev blames Russian hackers for Xmas eve outages

The Ukrainian government is blaming power outages in the Western Ukraine on “hacker attacks by Russia[n] special services”. Malware has been found in the networks of some utilities, according to the Security Service of Ukraine (SBU). Moreover, these malware intrusions coincided with a “non-stop telephone flood at utility …
John Leyden, 29 Dec 2015
Oil Pump Jack by https://www.flickr.com/photos/paul_lowry/  cc 2.0 attribution

Mixing ERP and production systems: Oil industry at risk, say infosec bods

Black Hat Europe Hackers might be able to bridge the gap between supposedly air-gapped systems in oil and gas production by pivoting from enterprise planning onto production systems. Vulnerabilities and insecure installations in SAP business software and other enterprise systems might be used to interfere with loosely-couple but nonetheless …
John Leyden, 18 Nov 2015
china_future_648

GCHQ to pore over blueprints of Chinese built Brit nuke plants

UK spies will go through the blueprints of computer systems of nuclear plants due to be built by Chinese firms in the UK in a bid to allay security concerns, The Times reports. GCHQ’s role in the assessment was confirmed on the eve of Chinese President Xi Jinping's four-day state visit to the UK. Security chiefs have …
John Leyden, 19 Oct 2015

Ruskie ICS hacker drops nine holes in popular Siemens power plant kit

Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider. The holes, now patched, also include two for Schneider Electric kit and cover a mix of …
Darren Pauli, 31 Aug 2015
Siemens GSM-R train cab radio. Pic: Joshua Brown

UK rail comms are safer than mobes – for now – say infosec bods

Analysis Last week's warning that Britain's railway systems could be susceptible to hacking has triggered a debate among security experts. Prof David Stupples of City University London made headlines last week with a warning that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management …
John Leyden, 30 Apr 2015

Hackers pop German steel mill, wreck furnace

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces. The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email. Hackers then pivoted to the …
Darren Pauli, 22 Dec 2014

BlackEnergy crimeware coursing through US control systems

Industrial control systems in the United States have been compromised by the BlackEnergy malware toolkit for at least three years in a campaign the US Computer Emergency Response Team has dubbed "ongoing" and sophisticated. Attackers had compromised unnamed industrial control system operators and implanted BlackEnergy on …
Darren Pauli, 29 Oct 2014

Mandiant to probe gaps in rusty unpatchable utility systems

Mandiant has launched a managed gap assessment for industrial control systems (ICS) it says will help administrators deal with temperamental systems. It was a "light touch" for legacy or leviathan systems that could fall over in the event of tinkering or patching. Mandiant SCADA bod Dan Scali said the system was geared to …
Darren Pauli, 8 Oct 2014

Create a news alert about ics, or find more stories about ics.

Biting the hand that feeds IT © 1998–2017