

Major US East Coast Pipeline suffers Cyber attack
Ransomware effects spilling over into the real world.
A press release from Colonial Pipeline: “On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware… In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems”


NSA: How to stop Malicious Cyber Activity
NSA issued Advisory: Guidance to Stop Malicious Cyber Activity Against Connected Operational Technology
“While there are very real needs for connectivity and automating processes, operational technologies and control systems are inherently at risk when connected to enterprise IT systems”
In essence, recommendation are as follows:
- Manage, encrypt and authenticate all remote access connections
- Add sensors and actively monitor all remote connections. Disconnect remote access until this is in place!
- Create an OT map, validate unknown assets and create baseline configurations
- Create a known OT communication baseline
- Create short, medium and long term improvement plans
- Maintain offline “gold copy” baselines for OT networks and devices to enable recovery from a known good source.
PDF available here.


Ethernet/IP vulnerabilities in EIPStackGroup OpENer
OpENer is an EtherNet/IP stack for I/O adapter devices, frequently embedded into control systems.
Various Denial of Service and Remote Code Execution vulnerabilities have been disclosed for this ENIP implementation.
Patches are available which can be incorporated into internally developed systems, however vendors may take some time to cover components relying on this stack.
US CISA recommends the following mitigations:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Splice provides all above mitigations as well as vulnerability shielding and behavioural profiling.


Critical authentication bypass flaw across multiple Rockwell Logix products
US CISA released an advisory for easy to exploit, remote authentication bypass (with a CVSS score of 10) for multiple Rockwell Logix controllers. No patches seem to be forthcoming. Rockwell recommends mitigations in the form of configuration hardening and isolation.


Utility providers affected by a ransomware attack
Posted on 13 February, 2021 by Editor
Two major Brazilian utility providers operations were affected by ransomware attack.


Florida Water Treatment attack
Weak identities, vulnerable code and insecure remote connection allowed hackers to take control of the facility.


More Israeli water facilities targeted
First targeted in April , authorities raised alert following latest attacks.


Ripple20 said to impact 100’s millions IoT devices
Ripple20, a series of vulnerbilities in the widely deployed Treck TCP/IP stack will have far reaching implications.


Honda plants halt production after cyber attack
Ransomware attack causes shut down of some of Honda’s production lines. Could this be collateral damage collateral damage or a targeted attack?