

Our research team has put together all of the most relevant news topics in the Ransomware and IoT security fields, as well as their impacts and their expert recommendations:
On April 27, the Cybersecurity and Infrastructure Security Agency (CISA), published a joint advisory in collaboration with CSA/NSA/FBI/ACSC and other cybersecurity authorities, providing details on the top 15 vulnerabilities routinely exploited by threat actors in 2021,and other CVEs frequently exploited.
Russian-backed Group Attempts to Compromise Ukrainian Power Grid Using Industroyer2 Malware
As part of their ongoing military assault against neighboring Ukraine, Russian-backed hacker group Sandworm launched a series of cyber attacks that threaten the critical infrastructure of the beleaguered country.
Russian-backed Group Attempts to Compromise Ukrainian Power Grid Using Industroyer2 Malware
As part of their ongoing military assault against neighboring Ukraine, Russian-backed hacker group Sandworm launched a series of cyber attacks that threaten the critical infrastructure of the beleaguered country.
Our research team has put together all of the most relevant news topics in the ICS, IT, Ransomware & OT security fields, as well as their impacts and their expert recommendations:
Our research team has put together all of the most relevant news topics in the ICS, IT, Ransomware & OT security fields, as well as their impacts and their expert recommendations:
ICS:
Attack Parameters: These vulnerabilities can be exploited by command injection, buffer overflow, and directory traversal.
Impact: Up to full compromise (RCE, DoS, sensitive data exposure, configuration modification, and specific services shut down)
SCADAfence Coverage: The SCADAfence Platform detects OS command injection and path traversal.
Recommendations: PTC has released patches for these vulnerabilities3.
Attack Parameters: These vulnerabilities can be exploited remotely. Two zero-click vulnerabilities are in the implementation of the TLS protocol that connects the devices to the Schneider Electric management cloud.
Impact: Up to full compromise (information theft, configuration modification, RCE).
This could allow attackers to disrupt business services or cause physical damage by taking down critical infrastructure.
Recommendations: Schneider Electric released patches for these vulnerabilities.
Additional mitigations include:
IT:
Description: Microsoft fixed 71 vulnerabilities, three of these critical, as they allow remote code execution. This Patch Tuesday also included fixes for three zero-day vulnerabilities5.
While these vulnerabilities haven’t been used in attacks, there are public PoC exploits for two of the zero-day vulnerabilities, one of them allowing remote code execution.
The remote code execution flaws which are more likely to be targeted are CVE-2022-23277 (Microsoft Exchange Server), CVE-2022-21990 (Remote Desktop Client), and CVE-2022- 24508 (Windows SMBv3 Client/Server)6.
Attack Parameters: Different for each vulnerability, though many can be exploited remotely. Impact: Up to full compromise (privilege escalation, information disclosure, DoS, RCE) SCADAfence Coverage:
SCADAfence Recommendations:
Ransomware:
Impact: The source code provides insight into how the malware works. However, the availability of the source code could lead to the attempt of other threat actors to launch their own operations using the leaked code.
It is unclear yet how this data breach will affect Conti’s operation.
SCADAfence Coverage: The SCADAfence Platform detects the use of Cobalt Strike and Mimikatz. Further investigation is pending the publication of additional technical information. Recommendations: Following are additional best practices recommendations:
Attack Parameters: RagnarLocker frequently change obfuscation techniques to avoid detection and prevention. IOCs associated with RagnarLocker activity include information on attack infrastructure, Bitcoin addresses used to collect ransom demands, and email addresses used by the gang’s operators, were released.
Impact: Unknown due to limited information published.
SCADAfence Coverage: The SCADAfence Platform detects the use of CMD to execute commands and the attempt to stop services, both techniques used by the gang.
Recommendations: The FBI advised against paying a ransom, and encouraged businesses to report any ransomware attacks to help prevent future incidents. An advisory was published providing IOCs that can be used to detect and defend against this ransomware.
Following are additional best practices recommendations:
Impact: The expected impact is a 5% drop in Toyota’s monthly production in Japan, which translates to roughly 13,000 units.
Recommendations: Unknown due to limited information published.
Additional Resources:
1 https://www.bleepingcomputer.com/news/security/access-7-vulnerabilities-impact-medical-and-iot-devices/, https://www.ptc.com/en/support/article/CS363561
4 https://threatpost.com/zero-click-flaws-ups-critical-infratructure/178810/, https://info.armis.com/rs/645-PDC-047/images/Armis-TLStorm-WP%20%281%29.pdf
5 https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/, https://threatpost.com/microsoft- zero-days-critical-bugsmarch-patch-tuesday/178817/
6 https://www.darkreading.com/vulnerabilities-threats/microsoft-patches-critical-exchange-server-flaw
8 https://thehackernews.com/2022/03/hackers-who-broke-into-nvidias-network.html, https://www.bleepingcomputer.com/news/security/hackers-to-nvidia- remove-mining-cap-or-we-leak-hardware-data/,
9 https://www.securityweek.com/credentials-71000-nvidia-employees-leaked-following-cyberattack, https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
10 https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html , https://www.bleepingcomputer.com/news/security/samsung-confirms-hackers-stole-galaxy-devices-source-code/
11 https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/
13 https://www.bleepingcomputer.com/news/security/toyota-halts-production-after-reported-cyberattack-on-supplier/ , https://threatpost.com/toyota-to-close-japan-plants-after-suspected-cyberattack/178686/
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
In recent weeks, Ukraine has been hit with numerous cyberattacks targeting its government and banking sector as a part of the Russo-Ukrainian crisis. Several Ukrainian government departments and banks were knocked offline by a DDoS attack, and multiple wiper malwares have been observed targeting Ukrainian organizations.
For its part, Russia claimed it has never conducted and does not conduct any malicious operations in cyberspace.
These attacks resulted in fear of a wider cyber conflict, with western governments bracing for Russian cyberthreats and considering their response.
In January, about 70 government websites were taken offline by a DDoS attack. Shortly after, a destructive malware infected government, non-profit, and IT organization devices in Ukraine. This malware, dubbed WhisperGate, was designed to look like ransomware, but lacks a recovery feature, indicating that their goal was to destroy files rather than to encrypt them for ransom.
Hours prior to the beginning of the Russian invasion of Ukraine, a new wiper malware was discovered. This attack leveraged at least three components: HermeticWiper for data wiping, HermeticWizard for spreading in the network, and HermeticRansom acting as a decoy ransomware. HermeticWiper was seen conducting malicious activity as early as November 2021, indicating that the attack was prepared months in advance.
As the invasion began, the second wiper malware, IsaacWiper, surfaced. IsaacWiper and HermeticWiper have no code similarities, the former is less sophisticated than the latter.
While it cannot be confirmed whether Russia is behind these attacks, it is believed they are part of Russia’s “hybrid warfare”, which consists of a combination of conventional and advanced methods.
Ukraine’s cyber activity has not been solely defensive, with the Ukrainian government forming an “IT Army”. Since the crisis began, several Russian government and media websites have been intermittently offline. Some of these attacks were carried out by the Anonymous hacktivist movement, which has pledged allegiance to Ukraine. The group and its affiliates also claimed to have compromised the Russian Nuclear Institute and the Control Center of the Russian Space Agency ‘Roscosmos’.
There are a number of APT groups affiliated with Russian organizations:
APT28
APT29
Sandworm Team
Wizard Spider
Dragonfly 2.0
Additional Russian APT groups include ALLANITE, Indrik Spider, Nomadic Octopus, TEMP.Veles, and Turla.
These APT groups use various tools and malwares in their attacks, ranging from commercial, open-source software, to custom software designed for malicious purposes.
Tools:
ICS Malwares:
Additional Malwares and Ransomwares:
We provide a comprehensive solution – The SCADAfence platform which was built to protect industrial organizations like yours from industrial cyber attacks (including ransomware). It also helps you implement better security practices amongst its built-in features. Some of these include:
The platform, which is also the highest-rated OT & IoT security platform, also monitors the network traffic for any threats, including ones that are found in typical ransomware attacks; such as:
SCADAfence’s security research team is constantly tracking events and incidents, analyzing them, and implementing different ways to detect those events.
SCADAfence team recommends following the best practices:
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
NEW YORK and TEL AVIV, Israel, Jan. 18, 2022 /PRNewswire/ — SCADAfence, the global leader in cybersecurity for Operational Technology (OT) and Internet of Things (IoT) environments, announced today that they were named a market leader in the new ISG Provider Lens™ – Manufacturing Industry Services 2021 report which was published by ISG, a leading global technology research and advisory firm.
Analyst firm ISG has recognized SCADAfence as the market leader in portfolio attractiveness & competitive strength in their latest ISG Provider Lens report
In this quadrant report, ISG lays out the current market positioning of providers of OT security solutions and how they address the key challenges that industrial organizations face. ISG observes that the traditional OT security market is niche and mature, with focused products that address legacy industrial platforms and networks. As these legacy systems evolve into cyber-physical systems, their security becomes strategically important for both OT and IT stakeholders. ISG’s 2021 report is relevant to enterprises across all industries that are evaluating solution providers of OT security solutions.
The ISG report commends SCADAfence for its unique approach to governance and compliance in OT security. SCADAfence’s industry-leading IT/OT governance and compliance portal takes the passive data existing in their networks and enables customers to find out their degree of compliance with their industry standards. The portal covers industrial compliance frameworks such as IEC62443, ISO27001, NERC, NIST, CMMC, and other important compliance regulations. ISG analysts view the governance portal as a true differentiator for SCADAfence in the OT security market.
ISG highlighted the different product strengths of SCADAfence in the OT security landscape such as the new multi-site portal and 100% deep packet inspection. The analysts noted SCADAfence’s multisite portal benefits their customers with central configuration, management, licensing, and centralized software updates all in one platform. The full report can be accessed here.
“We are pleased to recognize SCADAfence as a leader in our quadrant report,” said Avimanyu Basu, Senior Lead Analyst at ISG.
“SCADAfence’s OT security platform DNA is integrated with a product-led growth approach around IT/OT governance and compliance and proprietary DPI-based technology. With their advanced OT security capabilities, we expect SCADAfence to dominate the OT security market.”
“We’re honored to be recognized as a leader by ISG in their Provider Lens report for Manufacturing Industry Services 2021, OT security solutions,” said Elad Ben-Meir, CEO of SCADAfence. “This acknowledgment and industry recognition for our ongoing efforts in the OT & IoT security space is an affirmation of our hard work and the strength of our unique product vision in the OT security market.”
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.