OT & IoT
Security Blog
Learn More About OT & IoT Security and Visibility
OT & IoT Security Blog
Learn More About OT & IoT Security and Visibility
How to Analyze Malware for Technical Writing
In the ever-changing world of cybersecurity, new threats appear and evolve on a regular basis. To efficiently conduct an analysis and publish new findings on emerging malware, it’s important to be prepared. We share tips on how researchers can conduct the analysis, and a suggested workflow.
Methods for Extracting Firmware from OT Devices for Vulnerability Research
This second part of our hardware hacking series focuses on how to dump the memory contents for two different kinds of memory packages, WSON and SOP/SOIC.
The Year of the Defender – 2022 Predictions for OT/IoT Security
2021 was an unprecedented year for OT, IoT and ICS security, with news-making attacks like Colonial Pipeline, JBS, Oldsmar Water and Kaseya – and coming to a close with the Log4j vulnerability. As we enter the new year, ransomware and threats to OT/ICS environments...
Web Interface Flaw Threatens Reliability of Cyber-Physical Systems
Today Nozomi Networks Labs announced the discovery & disclosure of a vulnerability in the web interface of the Schneider Electric Power Distribution Unit (PDU)-the APC AP7920B. Based on the flaw, about 10% of all desktop browsers worldwide could have been successfully leveraged to execute an attack.
Critical Log4Shell (Apache Log4j) Zero-Day Attack Analysis
An analysis of the Apache Log4j vulnerability and the architecture of zero-day exploits (CVE-2021-44228) from Nozomi Networks Labs.
An Open Source Approach for Cybersecurity Information Sharing
In our previous blog about the need for an open intelligence sharing platform with the government (or any other coordinating bodies), we illustrated the reason an open solution is the best possible approach to guaranteeing the highest degree of cybersecurity and...
Security for IoT Networks Needs to Reflect an OT Mindset
The Convergence of OT, IoT and IT Nozomi Networks was founded to address the particular cybersecurity requirements of industrial control systems and operational technology (OT) networks. OT networks are complicated by unique and proprietary network protocols and...
U.S. v. Cyber Criminals: Critical Infrastructure Edition
With all of the high-profile cyberattacks on critical infrastructure and subsequent press coverage, it’s great to see the U.S. government step in and help identify some key guidelines and recommendations. The sharing of threat intelligence is a key government action...
Five New Vulnerabilities Disclosed in Patient Monitoring Systems
Nozomi Networks Labs discloses five vulnerabilities affecting attack surfaces on a Philips patient monitoring solution. Solutions from other vendors may have similar vulnerabilities.
IBM Security Expands its MSSP for OT and IIoT with Nozomi Networks
Many industrial organizations with critical infrastructure—including those in transportation and manufacturing verticals—find that after obtaining a budget for OT monitoring and cybersecurity, their problem is not solved. They’re now faced with managing the...
The Long-range Disruption of Industrial IoT LoRaWAN Networks
The Nozomi Networks Labs team used drones to investigate attacks against a low-power radio frequency WAN technology widely used in industrial IoT networks.
Enhancing Threat Intelligence with the MITRE ATT&CK Framework
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
The Year of the Defender – 2022 Predictions for OT/IoT Security
2021 was an unprecedented year for OT, IoT and ICS security, with news-making attacks like Colonial Pipeline, JBS, Oldsmar Water and Kaseya – and coming to a close with the Log4j vulnerability. As we enter the new year, ransomware and threats to OT/ICS environments...
An Open Source Approach for Cybersecurity Information Sharing
In our previous blog about the need for an open intelligence sharing platform with the government (or any other coordinating bodies), we illustrated the reason an open solution is the best possible approach to guaranteeing the highest degree of cybersecurity and...
U.S. v. Cyber Criminals: Critical Infrastructure Edition
With all of the high-profile cyberattacks on critical infrastructure and subsequent press coverage, it’s great to see the U.S. government step in and help identify some key guidelines and recommendations. The sharing of threat intelligence is a key government action...
The Sprint to Secure U.S. Utilities – Nozomi Networks and the DOE Plan
Earlier this year the White House launched an ICS Cybersecurity Initiative designed to strengthen the cybersecurity of our nation’s critical infrastructure. The initiative began with a 100-Day Action Plan for the U.S. electricity subsector and has recently extended to oil and gas pipelines.
IEC 61850 Meets IEC 62351: Securing GOOSE Power Grid Weaknesses
Nozomi Networks CTO Moreno Carullo explains how IEC 62351-6 can be used to secure IEC 61850 GOOSE protocol defects & increase ICS security for substations.
Advances in Cyber Security for Electric Utilities: WG15 & Black Hat
As a passionate champion for secure-by-design power grid systems, I’ve been part of WG15, the group defining IEC 62351 standards to enable such systems, for years.
If you’d like to learn about the future of cyber security for electric utilities, I urge you to read this article. It also provides a sneak peek into our related (and groundbreaking!) talk about power system security at Black Hat USA 2019.
GreyEnergy Malware Targets Industrial Critical Infrastructure
Recently a new advanced threat targeting the energy sector was disclosed. Called GreyEnergy, this malware is the successor to BlackEnergy, which brought down part of the Ukraine power grid in 2015.
Because of the significance of the malware, our Nozomi Networks Security Research team is evaluating it. Find out what is known about the malware to date.
Electric Grid Cyber Security: Ten Actions Utilities Can Do Now
Concerns about cyber attacks on the U.S. critical infrastructure have reached a new level with The Wall Street Journal reporting “an evolution in the U.S. government’s thinking about how to deter malicious cyberactors”.
Find out ten actions that can be done quickly to monitor and secure the electrical grid against determined threat actors.
Russian Cyber Attacks on Critical Infrastructure: The “New Normal”
Concerns about Russian cyber attacks on U.S. electric utilities have increased again this week. The Wall Street Journal is reporting that such attacks have impacted hundreds of victims, not just the dozens reported earlier.
This news brings a new wave of concern about cyber attacks across the U.S. and beyond. If you are involved in this discussion, following is a recap of what is known about the Russian cyber attacks and my thoughts on its significance and repercussions.
Thwarting a Power Grid Control Center Cyberattack
Based on recent reports of Russian involvement in a multistage intrusion of the US power grid, it’s no longer a question of “if” threat actors will gain access to critical infrastructure control systems – it’s when it will happen again, and for what purpose.
What can be done to thwart these potentially disruptive assaults?
Russian Cyberattacks on Critical Infrastructure – What You Need to Know
The U.S. government has just released an important cyber security alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors.
The cyber campaign described is not new however, rather it is likely an expanded version of the Dragonfly 2.0 playbook. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly.
Advancing ICS Cyber Security for Low-Impact Electricity Carriers
Cyber security threats to the power grid are a continuous danger nowadays, and because of this, regulation in North America may expand from covering bulk electricity carriers to low-impact carriers. Last month FERC, the U.S. Federal Energy Regulatory Commission, proposed a new rule for low-impact carriers, covering transient electronic devices such as USBs and laptops, and incident response policies.
While the regulation is still in the review stage, some low-impact utilities are not waiting to improve their cyber security posture and get a head start on compliance. They are taking advantage of the latest innovation for cyber threat monitoring and detection systems. Vermont Electric Coop is one such entity, and they have realized multiple benefits from their proactive approach.
How to Analyze Malware for Technical Writing
In the ever-changing world of cybersecurity, new threats appear and evolve on a regular basis. To efficiently conduct an analysis and publish new findings on emerging malware, it’s important to be prepared. We share tips on how researchers can conduct the analysis, and a suggested workflow.
Methods for Extracting Firmware from OT Devices for Vulnerability Research
This second part of our hardware hacking series focuses on how to dump the memory contents for two different kinds of memory packages, WSON and SOP/SOIC.
Web Interface Flaw Threatens Reliability of Cyber-Physical Systems
Today Nozomi Networks Labs announced the discovery & disclosure of a vulnerability in the web interface of the Schneider Electric Power Distribution Unit (PDU)-the APC AP7920B. Based on the flaw, about 10% of all desktop browsers worldwide could have been successfully leveraged to execute an attack.
Critical Log4Shell (Apache Log4j) Zero-Day Attack Analysis
An analysis of the Apache Log4j vulnerability and the architecture of zero-day exploits (CVE-2021-44228) from Nozomi Networks Labs.
Five New Vulnerabilities Disclosed in Patient Monitoring Systems
Nozomi Networks Labs discloses five vulnerabilities affecting attack surfaces on a Philips patient monitoring solution. Solutions from other vendors may have similar vulnerabilities.
The Long-range Disruption of Industrial IoT LoRaWAN Networks
The Nozomi Networks Labs team used drones to investigate attacks against a low-power radio frequency WAN technology widely used in industrial IoT networks.
Enhancing Threat Intelligence with the MITRE ATT&CK Framework
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
Firmware Security Research: Dahua Facial Recognition Station
To illustrate how we tackle the issue of firmware inspection, Nozomi Networks Labs selected a popular facial/thermal recognition camera and describes how to analyze the firmware in detail.
New Axis OS Security Research Aided by Transparent Design
Nozomi Networks Labs published three new vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) affecting multiple Axis devices. The transparent approach applied by Axis into security review allowed Labs to perform an immediate static analysis and verification of the vulnerabilities.
Extract Firmware from OT Devices for Vulnerability Research
One of the most challenging tasks for a cybersecurity researcher is getting access to the underlying file system in OT devices to do a full analysis of potential attack vectors. This blog describes techniques for extracting firmware directly from the hardware and reading the flash content, a critical skill in a structured research team.
BlackMatter Ransomware Technical Analysis and Tools from Nozomi Networks Labs
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
New Annke Vulnerability Shows Risks of IoT Security Camera Systems
Nozomi Networks Labs has discovered a remote code execution vulnerability in the Annke N48PBB network video recorder. We urge network defenders to check their systems for the device, and apply the available patch immediately.
Web Interface Flaw Threatens Reliability of Cyber-Physical Systems
Today Nozomi Networks Labs announced the discovery & disclosure of a vulnerability in the web interface of the Schneider Electric Power Distribution Unit (PDU)-the APC AP7920B. Based on the flaw, about 10% of all desktop browsers worldwide could have been successfully leveraged to execute an attack.
New IoT Security Risk: ThroughTek P2P Supply Chain Vulnerability
Nozomi Networks Labs announces the discovery and disclosure of a new security camera vulnerability. It affects an embedded P2P software component from ThroughTek. This component is part of the supply chain for many original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.
Colonial Pipeline Ransomware Attack: Revealing How DarkSide Works
The Colonial Pipeline ransomware attack is one of the most notable critical infrastructure breaches of recent years. Learn the encryption, anti-detection and other techniques used by DarkSide’s main executable so you can evaluate your own defenses. Includes IoCs and a decryption script for detection.
Responding to the Colonial Pipeline Breach & CISA Ransomware Alert
The Colonial Pipeline breach has made ransomware attacks a top concern. Besides following CISA’s Darkside alert advice, governments need to act to improve cybersecurity and hold threat actors accountable. Just as important, asset owners need to adopt a post-breach mindset.
OT and IoT Security: Adopt a Post-Breach Mindset Today
Every time there’s a cyberattack like the recent ransomware targeting Colonial Pipeline, industry experts scramble to share thoughts on what could have been done to thwart it, or what the impact of a breach could be. Organizations need to reset themselves to have a post-breach mindset, pre-breach.
Black Hat: The Future of Securing Power Grid Intelligent Devices
Today at Black Hat USA we’re presenting an innovative power grid cyber security solution that greatly improves monitoring of intelligent electronic devices (IEDs).
Using the IEC 62351 standard for monitoring industrial networks, we demonstrate how four types of hard-to-detect attacks are readily identified.
Operational Visibility Boosts Cyber Security for Midstream Operators
Companies operating in the midstream oil and gas market face significant challenges in securing their infrastructure. The first step to reducing risk is knowing what devices and networks are running on your system.
Find out how an industrial cyber security and visibility solution addresses the real-world challenges of pipeline operators.
Oil & Gas Cybersecurity and Process Safety Converge Thanks to TRITON
Thanks to TRITON, the Oil and Gas industry became ground zero for the convergence of SIS process safety and ICS cybersecurity.
Read on to learn why a unified approach to monitoring control system and process safety assets is now mission critical, and what steps you can take to strengthen security.
Improving Pipeline Operational Visibility Avoids Costly Downtime
Operators in the midstream oil and gas industry know their main priority is to keep product flowing through the pipeline. With that focus, its hard to notice subtle changes that may cause a costly problem in the future.
Find out how one operator experienced $1.9 million in lost revenue due to unscheduled downtime – and how real-time industrial network monitoring can help.
Black Hat: Understanding TRITON, The First SIS Cyber Attack
Today at Black Hat USA I am part of a team speaking about the landmark TRITON malware attack. We are presenting new research on TRITON, releasing two tools to help defend against it and publishing a white paper summarizing our findings.
The TRITON malware attack went beyond other industrial cyber attacks by directly interacting with a Safety Instrumented System (SIS). Asset owners should act immediately to secure their SIS — and the information in our white paper will help.
SCADA Cyber Security for an Industry 4.0 Oil and Gas Application
If you’re boots-on-the-ground dealing with the daily oil and gas challenges of control and automation, you’ve likely heard lots about Industry 4.0, the fourth wave of industrial revolution. Given the inter-connection between more and more devices and commercially marketed systems, the cyber security challenges of this phase of automation are daunting.
To overcome these hurdles, let’s examine how an application that’s been around for a long time – hosted SCADA, can be monitored for cyber security, data integrity and reliability.
Improving ICS Cyber Security for Pipeline Systems
In the last decade market and cost pressures have driven significant technological advances in automation and industrial connectivity across all aspects of petroleum extraction, pipeline transport and refining. While technological advances are delivering business benefits, systems are now exposed to more cyber risks than ever before.
Yet, according to a 2017 survey by the Ponemon Institute, the deployment of cyber security measures in the oil and gas industry isn’t keeping pace with the growth of digitalization in operations.
One way to overcome the ICS cyber security gap is to utilize next generation technology that leverages machine learning and artificial intelligence (AI) to deal with system complexity and deliver immediate benefits. Let’s take a look at two examples of how a passive ICS anomaly detection and monitoring solution secures pipeline networks.
Deep IBM Collaboration Delivers Unified IT and OT Cyber Security
Senior executives at industrial and OT organizations increasingly need to understand the full scope of their cyber risks. However, their confidence with current monitoring for OT/IoT systems is typically low.
To help tackle this challenge, IBM and Nozomi Networks are expanding the capabilities and solutions we offer together to deliver unified IT, IoT, and OT cyber security.
Speeding IT Visibility into OT: New Integrations with Fortinet
Fortinet and Nozomi Networks achieve another partnership milestone with two new integrations that help eliminate the gap between IT and OT. Now Nozomi Networks Guardian is now comprehensively integrated with FortiGate, FortiNAC, and FortiSIEM.
Learn how these integrations deliver full visibility across IT and OT environments, improve access control and speed incident response.
Nozomi Networks Cyber Security Solution Embedded in RUGGEDCOM
Nozomi Networks is bundling its real-time ICS cyber security and visibility solution on the new RUGGEDCOM RX15xx Multi-Service Platform from Siemens AG.
Read on to learn how this industrial networking platform with embedded security improves operational resiliency with minimal rackspace and streamlined deployment.
Nozomi Networks Helps Build ISA Global Cybersecurity Alliance
The International Society of Automation (ISA) announced that Nozomi Networks is a Founding Member of the new Global Cybersecurity Alliance (GCA).
See how GCA will advance cyber security education, readiness and knowledge-sharing in manufacturing and critical infrastructure facilities and processes, strengthening industrial cyber security worldwide.
Nozomi Networks Embeds SCADAguardian Advanced on RUGGEDCOM Platform
Nozomi Networks is proud to debut our flagship industrial security and visibility solution as part of the RUGGEDCOM Multi-Service Platforms from Siemens AG.
Our integrated offering delivers multiple advantages, including an industrially hardened, comprehensive cyber security solution with a low Total Cost of Ownership (TCO). Let’s take a closer look at this innovative and useful development.
Nozomi Networks, Schneider Electric Work Together to Secure Critical Infrastructure
I’m excited to let you know that Schneider Electric has teamed up with Nozomi Networks to help secure industrial facilities as they face escalating cyber threats and rapid digital transformation in the age of IIoT.
Our global partnership agreement provides Schneider Electric customers with easy access to our ICS cyber security and visibility solution, security-enhanced industrial internet of things solutions, and a global network of trained consultants.
Nozomi Networks, Accenture Secure Global Industrial Infrastructures
Oil & gas, energy and manufacturing operators around the world just got a big security boost thanks to the Nozomi Networks / Accenture partnership. Accenture Security Services will now bundle our deep network visibility and real-time OT cyber security products with their threat-hunting services to create a comprehensive security solution. And the collaboration doesn’t stop there.
GE Power Selects Nozomi Networks for Advanced ICS Cyber Security
We’re excited to tell you that GE and Nozomi Networks have joined forces to provide our advanced cyber security solution to power utilities and critical infrastructure operations around the world.
Our global agreement gives GE Power customers immediate access to our leading real-time ICS visibility, network monitoring and cyber security solutions.
Integration with Cisco Technologies Delivers IT / ICS Security
Nozomi Networks has integrated its ICS security solution with Cisco Security technologies to deliver comprehensive operational visibility and cyber security across IT/OT networks.
Together, we provide real-time monitoring and threat detection that streamlines security policy management & enforcement, and speeds incident response.
How ICS Data Analytics & Cyber Security Deliver True Business Value
Last month we launched our partnership with digital transformation heavyweight Atos. Combining Atos analytics on data from industrial devices, with our cyber security processes, takes operational visibility and OT security to new levels.
But the real value goes way beyond cyber security – to include lower total cost of ownership and business resilience. Read on to learn more.
Nozomi Networks and IBM Team Up to Answer Demand for Integrated IT/OT Cyber Security
We’re excited to tell you that Nozomi Networks and IBM Security have teamed up to address the exploding demand for effective, integrated IT/OT cyber security services and solutions. Read on to see how industrial organizations around the world now get easy access to deep OT network visibility and continuous threat detection.
Comprehensive OT Cyber Security from Nozomi Networks & Fortinet
At the RSA Conference in San Francisco, many CISOs and IT leaders shared that OT risk management, defense and resiliency topped their must-have list.
Nozomi Networks and Fortinet deliver one ‘knock-out’ IT/OT cyber security solution for network and operational visibility, risk assessment, and proactive defense. Read on to see how it tackles two of the most common OT use cases.
THE LATEST LABS BLOGS
How to Analyze Malware for Technical Writing
In the ever-changing world of cybersecurity, new threats appear and evolve on a regular basis. To efficiently conduct an analysis and publish new findings on emerging malware, it’s important to be prepared. We share tips on how researchers can conduct the analysis, and a suggested workflow.
Methods for Extracting Firmware from OT Devices for Vulnerability Research
This second part of our hardware hacking series focuses on how to dump the memory contents for two different kinds of memory packages, WSON and SOP/SOIC.
APC by Schneider Electric Network Management Cards (NMC) Exposure of Sensitive Information to an Unauthorized Actor – CVE-2021-22825
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token.