Every Tuesday, Cybelius will share its weekly news review about the industrial cybersecurity throughout a selection of surveys, tweets, briefs…. Find this new heading on our blog and social medias Linkedin / Twitter . Do not longer miss out the right place to find the latest hot news !
#1 : Energy Industry – Top 6 biggest cyberattacks
Spared until 2010, industrial energy systems are no longer immune to infiltration attempts like Stuxnet, which has made these systems a prime target for hackers. Companies and infrastructures in this sector, listed as critical infrastructures for most, provide essential services and goods for the proper functioning of the Nation. These sensitive industries must have fool proof security plans. Even if zero risk does not exist and many vulnerabilities persist, some recommendations can prevent a cyber-attack or reduce its impact. Cybelius will analyse the 6 biggest cyberattacks on energy systems around the world and will offer its expertise on the measures to be implemented.
Hackers have infiltrated the critical safety systems for industrial control units used in nuclear, oil and gas plants, halting operations at at least one facility. The attackers, who are believed to be state-sponsored, targeted the Triconex industrial safety technology made by Schneider Electric SE, according to security firm FireEye and Schneider, who disclosed the incident on Thursday. The plant might be in the Middle East, possibly Saudi Arabia.
A Vietnamese hacker broke into Perth Airport’s computer files and obtained sensitive security information and building plans. Le Duc Hoang Hai masqueraded as a third-party contractor in March last year to hack into IT systems. He was last week convicted in a Vietnamese military court and sentenced to four years behind bars. However, he was unable to access radars, computer data related to air traffic or the personal details of customers, which meant travellers were not put in danger.
Severe flaws in most popular programming languages could expose to hack any secure application built on top of them. Python contains undocumented methods and local environment variables that canbe used for OS command execution. Perl contains a typemaps function that can execute code like eval(). NodeJS outputs error messages that can disclose partial file contents. JRuby loads and executes remote code on a function not designed for remote code execution. PHP constant’s names can be used to perform remote command execution.
#5 : Honeywell Research – Cybersecurity at the top of the CEO agenda
La majorité des entreprises industrielles ne parviennent pas à protéger leurs systèmes selon une récente enquête Honeywell. Les dirigeants doivent prendre la sécurité beaucoup plus au sérieux s’ils veulent réduire les risques de cyberattaques. Pour se faire, la sensibilisation du personnel (adoption des règles d’hygiène cyber), la sécurité by design et à chaque étape du cycle de production ou encore la collaboration entre équipes IT et OT sont autant de mesures très importantes à implémenter.
Microsoft has quietly fixed a serious bug in its Windows Defender antivirus software that allowed hackers to hijack infected PCs. The vulnerability was found in the software’s malware protection engine, which is designed to regularly scan files for computer viruses. More information in the article.