Tag Archive for: ICS

NPM compromises. ICS advisories. Free ransomware decryptors. Update on cyber phases of Russia’s hybrid war. Disneyland hack.


Dateline

Ukraine at D+134: Preparing for an end to Russia’s operational pause. (The CyberWire) Mr. Putin says no one should count on Ukrainian battlefield victory, because Russia’s hardly gotten started.

Russia-Ukraine war: List of key events, day 135 (Al Jazeera) As the Russia-Ukraine war enters its 135th day, we take a look at the main developments.

Ukraine Says Western Weapons Begin to Help as It Raises Flag on Snake Island (Wall Street Journal) President Volodymyr Zelensky said that Western heavy weapons are starting to have an effect on the battlefield but urged speedier deliveries, particularly of antiaircraft systems, as Russia continued lobbing missiles into Ukrainian cities.

Zelensky says Ukraine will not give up territory for peace with Russia: ‘This is our land’ | CNN Politics (CNN) Ukrainian President Volodymyr Zelensky told CNN’s Wolf Blitzer on Thursday that Ukraine is unwilling to cede any of its land to Russia, standing firm that a concession of Ukrainian territory won’t be part of any diplomatic negotiations to end the war.

Russia-Ukraine war: Putin warns Moscow has ‘barely started’ its campaign (The Telegraph) Vladimir Putin has issued a defiant warning to the west claiming that Moscow has barely started its military campaign in Ukraine

Ukraine’s Implausible Theories of Victory (Foreign Affairs) The fantasy of Russian defeat and the case for diplomacy.

G-20 diplomats fail on unity over Ukraine, war’s impact (AP NEWS) Deeply divided top diplomats from the world’s richest and largest developing nations failed to find common ground Friday over Russia’s war in Ukraine and how to deal with its global impacts, leaving prospects for future cooperation in the forum uncertain.

Germany refuses to ‘plunder its own military’ for the sake of Ukraine (The Telegraph) Pressure on Olaf Scholz to provide armoured vehicles, as German MPs prepare to set an example by limiting their own use of hot water

Army leaders convene with allies to review Ukraine war lessons (Stars and Stripes) The implications of drones and long-range artillery were among the Ukraine war topics discussed by U.S. Army leaders and other allied commanders Thursday, as they assessed the path forward for an…

Source…

ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami 2022


ICS Pwn2Own 2022

Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), has come to an end, with contestants earning a total of $400,000 for their exploits.

The contest, organized by Trend Micro’s Zero Day Initiative (ZDI), saw 11 contestants demonstrating their exploits in the OPC UA Server, Control Server, Human Machine Interface, and Data Gateway categories.

Participants targeted products from Unified Automation, Iconics, Inductive Automation, Prosys, Aveva, Triangle MicroWorks, OPC Foundation, Kepware, and Softing.

A majority of the 32 hacking attempts were successful — two failed and eight involved previously known bugs. These “bug collisions” still earned participants $5,000 for each attempt.

The white hat hackers who attended the event earned either $20,000, typically for remote code execution vulnerabilities, or $5,000, for DoS vulnerabilities. There was only one exception. The Computest Sector 7 team earned $40,000 for successfully bypassing the trusted application check on the OPC UA .NET standard.

This was the maximum amount that Pwn2Own participants could earn for a single exploit, and Computest’s attempt involved what ZDI described as one of the most interesting bugs ever seen at Pwn2Own. In fact, the Computest team earned the most points and a total of $90,000.

In 2020, at the first edition of the ICS-themed Pwn2Own, participants earned a total of $280,000. This event was not held in 2021 due to the COVID-19 pandemic.

Pwn2Own Miami 2022 took place between April 19 and April 21 alongside the S4x22 ICS security conference.

Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Related: Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021

Related: $1.9 Million Paid Out for Exploits at China’s Tianfu Cup Hacking Contest

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by…

Source…

Sandworm targets Ukrainian power grid. CISA warns of ICS malware. Updates on Hafnium activity.


Sandworm targets Ukrainian power grid.

Sandworm, also known as Voodoo Bear, and in the org charts Unit 74455 of Russia’s GRU, has deployed CaddyWiper destructive malware and an Industroyer variant being called, simply, “Industroyer2.” ESET tweeted the results of its findings early Tuesday morning, and provided additional details in a report also published Tuesday. “ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company. The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks. The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems. We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine. We assess with high confidence that the APT group Sandworm is responsible for this new attack.”

The incident seems, at first look, an attempted repetition of the 2016 Russian cyberattacks against the Ukrainian grid that ESET mentioned in its report. CERT-UA offered a further description of the attack. It intended to use Industroyer2 against “high-voltage electrical substations” in a fashion tailored to the individual substations. CaddyWiper was used against Windows systems (including automated workstations), and other “destructive scripts” (OrcShred, SoloShred, and AwfulShred) were deployed against Linux systems.

The GRU’s attempt against the Ukrainian power grid appears to be the cyberattack most people were expecting back in February, especially because of the way it tracked earlier GRU takedowns of sections of Ukraine’s power grid. It also appears to have failed, and that failure may be attributed in part to successful Ukrainian defenses as well as to the methods Russia chose to use. In cyberspace as well as on the ground, Ukraine appears to have proved a tougher opponent than Russia expected.

CISA warns of ICS malware.

Late Wednesday the US Cybersecurity and Infrastructure Security Agency (CISA) announced that, with its partners in “the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of…

Source…

Watering-hole in Hong Kong. US, EU join Paris Call. NSO C-suite turnover. ICS advisories. Rising tensions in Eastern Europe.


Attacks, Threats, and Vulnerabilities

COVID-19: North Korean hackers detected searching for vaccine manufacturing secrets (Sky News) The cyber campaign comes despite the regime in Pyongyang claiming that there are no COVID-19 cases in the country and declining three million vaccine doses from UNICEF.

North Korean hackers target the South’s think tanks through blog posts (ZDNet) Responsibility for new attacks has been laid at the feet of the Kimsuky threat group.

Lazarus hackers target researchers with trojanized IDA Pro (BleepingComputer) A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.

South Korean Users Targeted with Android Spyware ‘PhoneSpy’ (SecurityWeek) Researchers find Android malware with extensive spyware capabilities, including data theft, GPS monitoring, and audio and video recording.

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens (Zimperium Mobile Security Blog) Zimperium has discovered the active malware campaign PhoneSpy, a spyware aimed at South Korean residents with Android devices.

macOS zero-day deployed via Hong Kong pro-democracy news sites (The Record by Recorded Future) A suspected state-sponsored threat actor has used Hong Kong pro-democracy news sites to deploy a macOS zero-day exploit chain that installed a backdoor on visitors’ computers.

Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users (Vice) “The nature of the activity and targeting is consistent with a government backed actor,” the Google researchers say.

This new Android spyware masquerades as legitimate apps (TechCrunch) The spyware has already ensnared over a thousand victims.

FBI: Iranian threat actor trying to acquire leaked data on US organizations (The Record by Recorded Future) The US Federal Bureau of Investigation says that a threat actor known to be associated with Iran is currently seeking to acquire data from organizations across the globe, including US targets.

PA alleges: NSO Group spyware used to hack foreign ministry workers’ phones (Times of Israel) Palestinian Authority asserts it has proof of…

Source…