Cyber Defense eMagazine June 2020 Edition
Cyber Defense eMagazine June Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine June Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
malware had major impacts on manufacturing companies like Merck, causing hundreds of millions of<br />
dollars in quarterly losses due to production downtime, in addition to loss of customer satisfaction due to<br />
missed shipments. After suffering a WannaCry attack across its worldwide network, A.P. Moller - Maersk,<br />
one of the world’s largest shipping conglomerates, lost communication with its OT network, shutting down<br />
entire ports.<br />
In another example, the digital systems at the smelting plants of Norsk Hydro, one of the world’s largest<br />
aluminum producers, were shut down after the firm was attacked by LockerGoga. Norsk Hydro reportedly<br />
lost $40 million because of the incident, and aluminum prices were driven to a three-month high.<br />
In order to mitigate these new threats, organizations must understand two major challenges to securing<br />
these environments and evolve their security strategies to secure and manage connected devices across<br />
both industrial and IT environments.<br />
Connected OT Devices are Un-Agentable<br />
The growing trend in manufacturing and industrial<br />
plants is to connect OT devices directly to the<br />
enterprise network. But one of the main challenges is<br />
that these devices often have no built-in security and<br />
cannot be protected with traditional security tools like<br />
agents used by enterprise security teams. These<br />
devices were not initially designed to be installed on<br />
the enterprise network, however, the convergence of<br />
IT and OT networks has made this a reality. Because<br />
these devices can’t run agent software, security<br />
teams have no visibility into whether device behavior<br />
is abnormal or malicious and could indicate a risk.<br />
OT Device Vulnerabilities Are Increasing<br />
While OT devices become more accessible to cyber attackers, they’re also increasingly vulnerable to<br />
attack. Based on ICS-CERT’s advisory page, which lists a large number of vendors that have disclosed<br />
vulnerabilities, public vulnerability advisories continue to increase year over year. There were 204<br />
advisories in 2018, an increase of 25% compared to 2017. Over half of the ICS-related vulnerabilities<br />
reported in 2018 rated high in terms of severity level. These vulnerabilities exist in field devices, humanmachine<br />
interface systems, and engineering workstation software.<br />
In 2019, a set of 11 zero-day vulnerabilities was discovered, dubbed Urgent11, that impact seven<br />
common real-time operating systems, including VxWorks® by Wind River. These systems are widely<br />
used by SCADA systems, industrial controllers, firewalls, routers, satellite modems, VoIP phones,<br />
printers, and many other devices. Urgent11 could allow attackers to remotely exploit and take over<br />
mission-critical industrial devices, resulting in costly disruption of essential processes.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>June</strong> <strong>2020</strong> <strong>Edition</strong> 110<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.