Articles about scada

milk production line. Photo by SHutterstock

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

BSides London Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week's BSides London conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop …
John Leyden, 18 Jun 2018

Now that's taking the p... Sewage plant 'hacked' to craft crypto-coins

Updated Infosec bods say they have uncovered what's thought to be the first case of a major industrial control system network infected with cryptocurrency-mining malware. SCADA security outfit Radiflow claimed today it found the software nasty lurking in computer systems at a water treatment facility. Several operational servers used …
Iain Thomson, 8 Feb 2018

Hey, you know what the internet needs? Yup, more industrial control systems for kids to hack

The number of industrial control systems (ICS) connected to the internet has increased year on year – meaning more and more infrastructure is sitting on the 'net potentially open to attack. Of the 175,632 internet-accessible ICS equipment detected, approximately 42 per cent were in the US, marking a 10 per cent increase over …
John Leyden, 2 Feb 2018
Man holds mobile phone against backdrop of factory/industrial plant

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research. A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the most popular Android …
John Leyden, 11 Jan 2018
Kids car snow, image via Shutterstock

Brrr! It's a snow day and someone has pwned the chuffin' school heating

Britain's freezing weather has reanimated the issue of insecure building control systems. Security researchers at Pen Test Partners have discovered that the web interfaces of heating controllers in many schools are accessible on the public internet and fundamentally insecure. The problem largely stems from lax installers who …
John Leyden, 12 Dec 2017
Power plant + electricity pylons at sunset

Why bother cracking PCs? Spot o' malware on PLCs... Done. Industrial control network pwned

Security researchers have demonstrated a new technique for hacking air-gapped industrial control system networks, and hope their work will encourage the development of more robust defences for SCADA-based systems. Air-gapped industrial networks are thought to be difficult if not impossible to hack partly because they are …
John Leyden, 12 Dec 2017
Power plant + electricity pylons at sunset

Legacy kit, no antivirus, weak crypto. Yep. They're talking critical industrial networks

Traffic analysis on 375 industrial networks worldwide has confirmed the extent to which hackers target industrial control systems (ICS). The study by CyberX also found that industrial networks are both connected to the internet and rife with vulnerabilities including legacy Windows boxes, plain-text passwords and a lack of …
John Leyden, 24 Oct 2017
Radiation symbol on keyboard

US energy, nuke and aviation sectors under sustained attack

The United States' Department of Homeland Security has issued an alert that warns of “advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.” The alert says an unknown actor has been at it since May 2017 and has …
Simon Sharwood, 22 Oct 2017
High voltage power grid, in the sunset. Photo by SHutterstock

Energy sector biz hackers are back and badder than ever before

Symantec is warning of a resurgence in cyber-attacks against firms in the energy sector by a group of hackers it calls Dragonfly. Dragonfly maintained a low profile for more than a year following exposure by Symantec and other researchers back in 2014 before a series of attacks over the last two years since December 2015. The …
John Leyden, 6 Sep 2017

Should you stay awake at night worrying about hackers on the grid?

Analysis The energy sector across multiple Western countries is under intensified assault by hackers. Security experts warn that industrial systems are wide open to potential exploit once hackers secure a foothold, the most difficult part of the hacking process, using targeted phishing or similar tactics. The UK's government lead cyber …
John Leyden, 28 Jul 2017
Poison pill

Intel AMT bug bit Siemens industrial PCs

You don't need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week. The bug in Intel's Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in …

Move over, Stuxnet: Industroyer malware linked to Kiev blackouts

Security researchers have discovered malware capable of disrupting industrial control processes. Industroyer can cause the same sort of damage as BlackEnergy, a malware strain blamed for attacks on energy firms that caused blackouts in Ukraine in December 2015. The malware may have featured in follow-up attacks last December …
John Leyden, 12 Jun 2017

Schneider Electric still shipping passwords in firmware

That “don't use hard-coded passwords” infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electric's developers' eyes so they don't forget it. Yes, it's happened again, this time on the SCADA vendor's Schneider Modicon TM221CE16R, Firmware – and without new firmware, users are stuck, …
Building Dounreay Fast Reactor copyright Dounrea Site Restoration Ltd and Nuclear Decommissioning Authority

Power plant cyber threat: Lock up your ICSs and SCADAs

Nuclear power stations have been told to tighten their defences after government officials warned of a "credible" cyber threat. Intel agencies are warning that terrorists, foreign spies and hacktivists are all looking to exploit "vulnerabilities" in the nuclear industry's internet defences, The Telegraph reports. Security bugs …
John Leyden, 3 Apr 2017

Malware 'disguised as Siemens software drills into 10 industrial plants'

Malware posing as legitimate software for Siemens control gear has apparently infected industrial equipment worldwide over the past four years. The cyber-nasty is packaged as software to be installed on Siemens programmable logic controllers (PLC), we're told. At least 10 industrial plants – seven in the US – were found …
John Leyden, 22 Mar 2017
Zombies photo via Shutterstock

Zombie webcams? Pah! It's the really BIG 'Things' that scare me

I have a new name for the abundance of widgets springing up around the world: the Internet of Little Things. I’m playing with an IoLT starter kit in my office right now, and it lets me do things like sense when doors open or close, turn sockets on and off and fiddle with the mood lighting. I can spend a couple of hundred quid …
Dave Cartwright, 15 Mar 2017
Robot looks into magnifying glass, human eye displayed. Photo by Shutterstock

Meet LogicLocker: Boffin-built SCADA ransomware

Let's start with the “calm down” part of the article: yes, LogicLocker is ransomware designed for programmable logic controllers, but no, the cyber-geddon isn't upon us. LogicLocker is a proof-of-concept written by David Formby, Srikar Durbha and Raheem Beyah of Georgia Tech (Formby and Beyah also disclose an affiliation with …
Image by Maksim Kabakou

Another Schneider vuln: Plaintext passwords on client-side RAM resolved

Schneider Electric has issued a patch for its StruxureWare Data Center Expert industrial control kit following the discovery of a flaw that could allow remote access to unencrypted passwords. The product is designed to monitor physical infrastructure at data centres handling everything from cooling to backup generators. The …
John Leyden, 2 Feb 2017

Create a news alert about scada, or find more stories about scada.

Biting the hand that feeds IT © 1998–2018